Skip to Main Content
Intruders often want to analyze traffic pattern to get information for his some malicious activities in ultra-secure network. This work presents a general approach to prevent traffic pattern of IP-based network from being analyzed. It is an isolated scheme which can be used to prevent traffic analysis in overall network by achieving the same goal in each network segment independently. On each network segment, complementary traffic is generated according to its real traffic, and the combination of these two kinds of traffic constitutes the normalized traffic on each link. Main advantages of our approach are, from the performance viewpoint, 1) complementary traffic does not compete on the bandwidth with real traffic actively, and 2) complementary traffic does not consume the bandwidth of other network segment at all. In addition, by encrypting source and destination IP addresses of each packet, anonymous communication can be achieved and anonymous normalized traffic loses its value for the analysis of eavesdropped traffic by intruders.