Abstract

Recently, the direct sequence spread spectrum (DSSS)-based technique has been proposed to trace anonymous network flows. In this technique, homogeneous pseudo-noise (PN) codes are used to modulate multiple bit signals that are embedded into the target flow as watermarks. This technique could be maliciously used to degrade an anonymous communication network. In this paper, we propose an effective single flow-based scheme to detect the existence of these watermarks. Our investigation shows that, even if we have no knowledge of the applied PN code, we are still able to detect malicious DSSS watermarks via mean-square autocorrelation (MSAC) of a single modulated flow's traffic rate time series. MSAC shows periodic peaks because of self-similarity in the modulated traffic caused by homogeneous PN codes that are used in modulating multiple bit signals. Our scheme has low complexity and does not require any PN code synchronization. We evaluate this detection scheme's effectiveness via simulations. Our results demonstrate a high detection rate with a low false positive rate. Real-world experiments on Tor also validate the feasibility of the detection scheme. Our scheme is more flexible and accurate than the existing multiflow-based approach in DSSS watermark detection. We also present a theory for reconstructing the DSSS code once the DSSS code length is known and simulations validate the feasibility.