Date Added: Oct 2010
Network intruders try to hide their identity by relaying their traffic through a number of intermediate hosts, called stepping stones. Network flow watermarks have been used to detect such attacks by inserting a special timing pattern into one flow by means of artificial delays and detecting relayed flows by searching for the same pattern. The authors study the application of coding schemes to improve the efficiency of network flow watermarks. In particular, they use the Repeat-Accumulate codes, a class of low complexity, high performance error-correcting codes, to improve the detection performance of a recent flow watermark, the RAINBOW. They show the effectiveness of the improved scheme, CRAINBOW, through simulation and discuss design tradeoffs.