Network flow watermark technology is a traffic marking technique that embeds watermark information into the characteristics of network flows to mark and trace attack flows generated by network attackers. However, with the development of network attack techniques, the time and number of packets required for network attacks have decreased. Existing network flow watermark technologies fail to balance watermark robustness and efficiency, resulting in poor practicality. To address this issue, this paper proposes an efficient hexadecimal network flow watermark method. The method introduces an efficient interval watermark algorithm and utilizes an interval synchronization algorithm to self-learn watermark parameters, thereby improving the encoding efficiency of the watermark. The design of watermark start and end markers ensures the practicality of network watermarks, enabling traceability and source attribution of attack flows in real network environments. The proposed method is experimentally tested using real network traffic, and the results demonstrate that even in the presence of a network jitter, the watermark detection success rate of this scheme remains above 95%. Compared to other network flow watermark schemes, the hexadecimal network flow watermark proposed in this paper achieves a 50% improvement in encoding and decoding efficiency while ensuring robustness. It also exhibits excellent resistance to network jitter, packet loss, and false packet insertion.
© 2023. The Author(s).