包填充相关

最近看了一些文章，关于数据包填充的一些知识。数据包填充的目的是降低网络数据包流量分析准确性，大致分为以下三种类型，介绍几个相关方法。

Type-1：SSH/TLS/IPSec-Motivated Countermeasures:  

   The main idea is allow up to 255 bytes padding.

a. Session Random 255 Padding:

A uniform value r∈{0,8,16,....248} is sampled and stored for the session(assume that the underlying encryption block size is 8 bytes).

Each packet in the trace has its length field increased by r, up to a maximum of the MTU.

说白了，就是一次会话过程只有一个r值，在整个会话过程中，都用这个r值来填充，如果超过MTU，就直接填充成MTU。

b.Packet Random 255 Padding:

Same as Session Random 255 Padding, except that a new random padding length r is sampled for each input packet.

一个包选择一个r值，如果超过就直接填充成MTU。

Type-2: Other Padding-based Countermeasures:

a.Linear Padding:

All packets lengths are increased to nearest Multiple of 128,or the MTU,which is smaller.

b.Exponential Padding:

All packets lengths are increased to nearest power of 2,or the MTU,which is smaller.

c.Mice-Elephants Padding:

If the packet length <128,then the packet is increased to 128 bytes,otherwise it is padded to the MTU.

d.Pad to MTU:

All packet lengths are increased to the MTU.

e.Packet Random MTU Padding:

Let M be the MTU and L be the input packet length. For each packet , a value r∈{0,8,16,...M-L} is sampled uniformly at random and packet length is increased by r.

这样做的结果就是有一些包被填充成了MTU，而有一些包没有。

Type-3:Distribution-based Countermeasures:

a.Direct Target Sampling：

Given a pair of web pages A and B,where A is the source and B is the target, when a packet of length i is produced for web page A,we sample from the packet length distribution B to get a new length i'. If i'>i,we pad the packet ,otherwise,we send i' bytes of the original packet and continue sampling from B until all bytes of the original packet have been sent.

如果采样到的网页的数据包大于原始数据包，则填充，否则只传送采样到的数据的长度的数据包。

b.Traffic Morphing:

It is similarly to direct target sampling except that instead of sampling from the target distribution directly, we use convex optimization methods to produce a morphing matrix that ensures we make the source distribution look like target while simultaneously minimizing the overhead.