{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,16]],"date-time":"2026-01-16T13:09:47Z","timestamp":1768568987196,"version":"3.49.0"},"reference-count":23,"publisher":"Wiley","issue":"3","license":[{"start":{"date-parts":[[2012,5,17]],"date-time":"2012-05-17T00:00:00Z","timestamp":1337212800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"name":"SAR Hong Kong RGC Competitive Earmarked Research Grant","award":["114908"],"award-info":[{"award-number":["114908"]}]},{"name":"CityU Applied R & D Funding","award":["9678002"],"award-info":[{"award-number":["9678002"]}]},{"name":"US National Science Foundation","award":["0943479"],"award-info":[{"award-number":["0943479"]}]},{"name":"US National Science Foundation","award":["0907964"],"award-info":[{"award-number":["0907964"]}]},{"name":"US National Science Foundation","award":["CNS-1117175"],"award-info":[{"award-number":["CNS-1117175"]}]},{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"crossref","award":["AMSRD-ACC-R50521-CI"],"award-info":[{"award-number":["AMSRD-ACC-R50521-CI"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security Comm Networks"],"published-print":{"date-parts":[[2013,3]]},"abstract":"ABSTRACT<\/jats:title>Recently, the direct sequence spread spectrum (DSSS)\u2010based technique has been proposed to trace anonymous network flows. In this technique, homogeneous pseudo\u2010noise (PN) codes are used to modulate multiple bit signals that are embedded into the target flow as watermarks. This technique could be maliciously used to degrade an anonymous communication network. In this paper, we propose an effective single flow\u2010based scheme to detect the existence of these watermarks. Our investigation shows that, even if we have no knowledge of the applied PN code, we are still able to detect malicious DSSS watermarks via mean\u2010square autocorrelation (MSAC) of a single modulated flow's traffic rate time series. MSAC shows periodic peaks because of self\u2010similarity in the modulated traffic caused by homogeneous PN codes that are used in modulating multiple bit signals. Our scheme has low complexity and does not require any PN code synchronization. We evaluate this detection scheme's effectiveness via simulations. Our results demonstrate a high detection rate with a low false positive rate. Real\u2010world experiments on Tor also validate the feasibility of the detection scheme. Our scheme is more flexible and accurate than the existing multiflow\u2010based approach in DSSS watermark detection. We also present a theory for reconstructing the DSSS code once the DSSS code length is known and simulations validate the feasibility. Copyright \u00a9 2012 John Wiley & Sons, Ltd.<\/jats:p>","DOI":"10.1002\/sec.540","type":"journal-article","created":{"date-parts":[[2012,5,17]],"date-time":"2012-05-17T17:54:27Z","timestamp":1337277267000},"page":"257-274","source":"Crossref","is-referenced-by-count":13,"title":["Blind detection of spread spectrum flow watermarks"],"prefix":"10.1002","volume":"6","author":[{"given":"Weijia","family":"Jia","sequence":"first","affiliation":[{"name":"City University of Hong Kong Tat Chee Avenue Kowloon Hong Kong"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Fung Po","family":"Tso","sequence":"additional","affiliation":[{"name":"City University of Hong Kong Tat Chee Avenue Kowloon Hong Kong"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhen","family":"Ling","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering Southeast University Liwenzheng Building (North) #241 Nanjing 210096 China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinwen","family":"Fu","sequence":"additional","affiliation":[{"name":"Department of Computer Science University of Massachusetts Lowell Lowell MA 01854 U.S.A."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dong","family":"Xuan","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Engineering The Ohio State University Columbus OH 43210 U.S.A."}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei","family":"Yu","sequence":"additional","affiliation":[{"name":"Department of Computer and Information Sciences Towson University Towson MD U.S.A"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","published-online":{"date-parts":[[2012,5,17]]},"reference":[{"key":"e_1_2_15_2_1","doi-asserted-by":"crossref","unstructured":"LingZ LuoJ YuW FuX XuanD JiaW.A new cell counter based attack against tor. InProceedings of 16th ACM Conference on Computer and Communications Security (CCS) 2009.","DOI":"10.1145\/1653662.1653732"},{"key":"e_1_2_15_3_1","doi-asserted-by":"crossref","unstructured":"WangX ChenS JajodiaS.Network flow watermarking attack on low\u2010latency anonymous communication systems. InProceedings of the 2007 IEEE Symposium on Security and Privacy (S&P) May2007.","DOI":"10.1109\/SP.2007.30"},{"key":"e_1_2_15_4_1","doi-asserted-by":"crossref","unstructured":"HopperN VassermanE Chan\u2010TinD.How much anonymity does network latency leak?. InProceedings of the 14th ACM Conference on Computer and Communications Security (CCS) 2007.","DOI":"10.1145\/1315245.1315257"},{"key":"e_1_2_15_5_1","unstructured":"MurdochSJ DanezisG.Low\u2010cost traffic analysis of tor. InProceedings of the IEEE Security and Privacy Symposium (S&P) May2006."},{"key":"e_1_2_15_6_1","doi-asserted-by":"crossref","unstructured":"OverlierL SyversonP.Locating hidden servers. InProceedings of the IEEE Security and Privacy Symposium (S&P) May2006.","DOI":"10.1109\/SP.2006.24"},{"key":"e_1_2_15_7_1","doi-asserted-by":"crossref","unstructured":"MurdochSJ.Hot or not: revealing hidden services by their clock skew. InProceedings of the 13th ACM Conference on Computer and Communications Security (CCS) 2006.","DOI":"10.1145\/1180405.1180410"},{"key":"e_1_2_15_8_1","doi-asserted-by":"crossref","unstructured":"YuW FuX GrahamS XuanD ZhaoW.DSSS\u2010based flow marking technique for invisible traceback. InProceedings of the 2007 IEEE Symposium on Security and Privacy (S&P) May2007.","DOI":"10.1109\/SP.2007.14"},{"key":"e_1_2_15_9_1","unstructured":"KiyavashN HoumansadrA BorisovN.Multi\u2010flow attacks against network flow watermarking schemes. InProceedings of USENIX Security 2008."},{"issue":"2","key":"e_1_2_15_10_1","doi-asserted-by":"crossref","DOI":"10.1145\/358549.358563","article-title":"Untraceable electronic mail, return addresses, and digital pseudonyms","volume":"4","author":"Chaum D","year":"1981","journal-title":"Communications of the ACM"},{"key":"e_1_2_15_11_1","doi-asserted-by":"crossref","unstructured":"DingledineR MathewsonN SyversonP.Tor: the second\u2010generation onion router. InProceedings of the 13th USENIX Security Symposium August2004.","DOI":"10.21236\/ADA465464"},{"key":"e_1_2_15_12_1","unstructured":"DanezisG DingledineR MathewsonN.Mixminion: design of a type III anonymous remailer protocol. InProceedings of the 2003 IEEE Symposium on Security and Privacy (S&P) May2003."},{"key":"e_1_2_15_13_1","doi-asserted-by":"crossref","unstructured":"ZhuY FuX GrahamB BettatiR ZhaoW.On flow correlation attacks and countermeasures in mix networks. InProceedings of Workshop on Privacy Enhancing Technologies (PET) May2004.","DOI":"10.1007\/11423409_13"},{"key":"e_1_2_15_14_1","doi-asserted-by":"crossref","unstructured":"LevineBN ReiterMK WangC WrightM.Timing attacks in low\u2010latency mix\u2010based systems. InProceedings of Financial Cryptography (FC) February2004.","DOI":"10.1007\/978-3-540-27809-2_25"},{"key":"e_1_2_15_15_1","unstructured":"FuX ZhuY GrahamB BettatiR ZhaoW.On flow marking attacks in wireless anonymous communication networks. InProceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS) April2005."},{"key":"e_1_2_15_16_1","doi-asserted-by":"crossref","unstructured":"WangX ReevesDS WuSF YuillJ.Sleepy watermark tracing: an active network\u2010based intrusion response framework. InProceedings of 16th International Conference on Information Security (IFIP\/Sec) June2001.","DOI":"10.1007\/0-306-46998-7_26"},{"key":"e_1_2_15_17_1","doi-asserted-by":"crossref","unstructured":"WangX ReevesDS.Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter\u2010packet delays. InProceedings of the 2003 ACM Conference on Computer and Communications Security (CCS) November2003.","DOI":"10.1145\/948109.948115"},{"key":"e_1_2_15_18_1","doi-asserted-by":"crossref","unstructured":"WangX ChenS JajodiaS.Tracking anonymous peer\u2010to\u2010peer voip calls on the internet. InProceedings of the 12th ACM Conference on Computer Communications Security (CCS) November2005.","DOI":"10.1145\/1102120.1102133"},{"key":"e_1_2_15_19_1","unstructured":"PengP NingP ReevesDS.On the secrecy of timing\u2010based active watermarking trace\u2010back techniques. InProceedings of the IEEE Security and Privacy Symposium (S&P) May2006."},{"key":"e_1_2_15_20_1","doi-asserted-by":"crossref","unstructured":"June PyunY Hee ParkY WangX ReevesDS NingP.Tracing traffic through intermediate hosts that repacketize flows. InProceedings of IEEE INFOCOM May2007.","DOI":"10.1109\/INFCOM.2007.80"},{"key":"e_1_2_15_21_1","unstructured":"WongTF.Spread spectrum and code division multiple access.http:\/\/wireless.ece.ufl.edu\/twong\/notes1.html August2000."},{"key":"e_1_2_15_22_1","unstructured":"ir.MeelJ.Spread spectrum (SS)\u2014introduction http:\/\/www.sss\u2010mag.com\/pdf\/Ss_jme_denayer_intro_print.pdf 1999."},{"key":"e_1_2_15_23_1","unstructured":"OppenheimAV WillskyAS NawabSH.Signals and systems Prentice\u2010Hall Upper Saddle River NJ 07458 USA second edition 1997."},{"issue":"5","key":"e_1_2_15_24_1","article-title":"Tcp performance in flow\u2010based mix networks: modeling and analysis","volume":"20","author":"Fu X","year":"2009","journal-title":"IEEE Transactions on Parallel and Distributed Systems (TPDS)"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.540","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsec.540","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/sec.540","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,10,28]],"date-time":"2023-10-28T13:31:52Z","timestamp":1698499912000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/sec.540"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,5,17]]},"references-count":23,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,3]]}},"alternative-id":["10.1002\/sec.540"],"URL":"https:\/\/doi.org\/10.1002\/sec.540","archive":["Portico"],"relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,5,17]]}}}