The need for flow fingerprints to link correlated network flows

Amir Houmansadr, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Linking network flows is an important problem in the detection of stepping stone attacks as well as in compromising anonymity systems. Traffic analysis is an effective tool for linking flows, which works by correlating their communication patterns, e.g., their packet timings. To improve scalability and performance of this process, recent proposals suggest to perform traffic analysis in an active manner by injecting invisible tags into the traffic patterns of network flows; this approach is commonly known as flow watermarking. In this paper, we study an under-explored type of active traffic analysis that we call it flow fingerprinting. Information theoretically, flow watermarking aims at conveying a single bit of information whereas flow fingerprinting tries to reliably send multiple bits of information, hence it is a more challenging problem. Such additional bits help a fingerprinter deliver extra information in addition to the existence of the tag, such as the network origin of the flow and the identity of the fingerprinting entity. In this paper, we introduce and formulate the flow fingerprinting problem and contrast its application scenarios from that of the well-studied flow watermarking. We suggest the use of coding theory to build fingerprinting schemes based on the existing watermarks. In particular, we design a non-blind fingerprint, Fancy, and evaluate its performance. We show that Fancy can reliably fingerprint millions of network flows by tagging only as few as tens of packets from each flow.

Original languageEnglish (US)
Title of host publicationPrivacy Enhancing Technologies - 13th International Symposium, PETS 2013, Proceedings
Number of pages20
StatePublished - 2013
Event13th International Symposium on Privacy Enhancing Technologies, PETS 2013 - Bloomington, IN, United States
Duration: Jul 10 2013Jul 12 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7981 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other13th International Symposium on Privacy Enhancing Technologies, PETS 2013
Country/TerritoryUnited States
CityBloomington, IN


  • Flow fingerprinting
  • linear codes
  • network security
  • traffic analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'The need for flow fingerprints to link correlated network flows'. Together they form a unique fingerprint.

Cite this