Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

DeMarking: A Defense for Network Flow Watermarking in Real-Time

Yali Yuan, Jian Ge, Guang Cheng

TL;DR

DeMarking tackles privacy risks from time-based network flow watermarking in anonymized networks like Tor by transforming IPD sequences with a GAN-based converter trained against an adversarial detector. A remapping function keeps generated IPDs within acceptable traffic bounds, while cosine-similarity–guided optimization enables efficient defense even under black-box adversaries. The approach demonstrates strong protection against DNN-based flow fingerprinting and conventional watermarking schemes, with near-zero extraction rates and ~0.5 BER when defense is active, and real-time performance (~0.6 ms per IPD). This work advances practical privacy safeguards for encrypted traffic by neutralizing watermark signals without compromising throughput. The results suggest DeMarking could be deployed at Tor entry nodes to bolster anonymity in real-time against active watermarking threats.

Abstract

The network flow watermarking technique associates the two communicating parties by actively modifying certain characteristics of the stream generated by the sender so that it covertly carries some special marking information. Some curious users communicating with the hidden server as a Tor client may attempt de-anonymization attacks to uncover the real identity of the hidden server by using this technique. This compromises the privacy of the anonymized communication system. Therefore, we propose a defense scheme against flow watermarking. The scheme is based on deep neural networks and utilizes generative adversarial networks to convert the original Inter-Packet Delays (IPD) into new IPDs generated by the model. We also adopt the concept of adversarial attacks to ensure that the detector will produce an incorrect classification when detecting these new IPDs. This approach ensures that these IPDs are considered "clean", effectively covering the potential watermarks. This scheme is effective against time-based flow watermarking techniques.

DeMarking: A Defense for Network Flow Watermarking in Real-Time

TL;DR

DeMarking tackles privacy risks from time-based network flow watermarking in anonymized networks like Tor by transforming IPD sequences with a GAN-based converter trained against an adversarial detector. A remapping function keeps generated IPDs within acceptable traffic bounds, while cosine-similarity–guided optimization enables efficient defense even under black-box adversaries. The approach demonstrates strong protection against DNN-based flow fingerprinting and conventional watermarking schemes, with near-zero extraction rates and ~0.5 BER when defense is active, and real-time performance (~0.6 ms per IPD). This work advances practical privacy safeguards for encrypted traffic by neutralizing watermark signals without compromising throughput. The results suggest DeMarking could be deployed at Tor entry nodes to bolster anonymity in real-time against active watermarking threats.

Abstract

The network flow watermarking technique associates the two communicating parties by actively modifying certain characteristics of the stream generated by the sender so that it covertly carries some special marking information. Some curious users communicating with the hidden server as a Tor client may attempt de-anonymization attacks to uncover the real identity of the hidden server by using this technique. This compromises the privacy of the anonymized communication system. Therefore, we propose a defense scheme against flow watermarking. The scheme is based on deep neural networks and utilizes generative adversarial networks to convert the original Inter-Packet Delays (IPD) into new IPDs generated by the model. We also adopt the concept of adversarial attacks to ensure that the detector will produce an incorrect classification when detecting these new IPDs. This approach ensures that these IPDs are considered "clean", effectively covering the potential watermarks. This scheme is effective against time-based flow watermarking techniques.
Paper Structure (20 sections, 6 equations, 6 figures, 6 tables, 1 algorithm)

This paper contains 20 sections, 6 equations, 6 figures, 6 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Scenario
  4. Preliminaries
  5. Flow Watermarking Techniques
  6. DNN-based Watermarking
  7. Adversarial Attacks
  8. Cosine Similarity
  9. Design of DeMarking
  10. Experimental Setup
  11. Metrics
  12. Adversary Setup and Models
  13. Datasets
  14. Experimental Results
  15. White Box
  16. ...and 5 more sections

Figures (6)

  • Figure 1: Tor network topology.
  • Figure 2: Flow watermarking and its defense.
  • Figure 3: The architecture of DNN-based flow watermarking.
  • Figure 4: Training architecture.
  • Figure 5: Experimental results of RAINBOW.
  • ...and 1 more figures