Research On The Key Technologies Of Network Tracing In The Anonymous Network

In recent years,with the growing popularity of anonymous network(AN)technologies,the trend of using ANs to protect communication privacy has been on the rise.However,when engaging in illegal activities,criminals usually take advantage of the anonymity and hidden services provided by the anonymous communication(AC)system to evade network traceback and this poses a severe challenge to the cybercrime investigation.Traditional network traceback techniques,such as link testing methods etc.,could not be applied to ANs because of their complexity and other limitations.To prevent the abuse of ANs,to ensure the national information security,and at the same time to combat the cybercrime,this dissertation takes the network traceback in AN as the research topic.This dissertation focuses on investigating current traceback techniques in ANs and their using conditions,how to trace anonymous message sender via traffic identification algorithm,how to track the anonymous message receiver by using website fingerprint identification algorithm and how to associate anonymous message sender with the receiver.The main content of this dissertation includes the following four parts.The first part of this dissertation presents a systematic study for current traceback methods,ANs,technical problems and existing solutions.To begin with,this part investigates the current research status and main techniques of traditional IP network traceback methods as well as anonymous network traceback methods.Then it summarizes the existing anonymous networks and their characteristics,as well as the traceback technologies and their corresponding using conditions.Afterwards,this research analyzes the reason why traditional IP network traceback techniques cannot be applied to ANs.Finally,this dissertation lists the corresponding defense methods according to different traceback techniques in ANs,which shows that many vulnerabilities still exist in the AN's protocol design and implementation.An attacker can exploit one or more vulnerabilities to break users' anonymity;In addition,the traditional IP network traceback methods are not suitable for ANs due to technical limitations and high demand for network resources.This part of research provides a theoretical basis and an important reference for follow-up study.The second part proposes a new traffic identification algorithm to trace the sender of anonymous messages.Focusing on the problems that the traditional flow-based traffic identification method has a higher false alarm rate in anonymous network traffic identification and is limited to only extract feature from one granularity of network traffic,so as to ignore the available information such as the interrelation between flows,this research implements the multi-granularity heuristic combining traffic identification algorithm.This research tests the proposed algorithm based on Freegate in a real network environment.Compared with the traditional flow-based traffic identification methods,the experimental results show that under the same conditions,the proposed method can effectively reduce the false alarm rate of traditional traffic identification methods from60% to 0.72%.The third part proposes a website fingerprint recognition algorithm based on Profile HMM to trace the receiver of anonymous messages so as to break the receiver's anonymity.Targeting on the problems that traditional website fingerprint attack can only identify a single web page and not be able to model the user hyper-link transition,this research innovatively utilizes the biomedical genetic sequence detection algorithm,and proposes a Profile HMM based website fingerprint recognition algorithm as well as its corresponding defense methods.According to the proposed method,firstly,this research conducts experiments for closed-world,open-world respectively,and they successfully demonstrate the validity of this method.Secondly,experiments show the proposed method could effectively identify the website fingerprint under user hyper-link transition situation,and it solves the hard problem that the traditional method cannot break through.The results further demonstrate that the proposed method is more applicable to the actual network environment than the traditional website fingerprint method.Thirdly,this research designs and implements two measures to defend the proposed algorithm,and uses experiment to illustrate the effectiveness of these measures.The last part in this dissertation proposes a circuit control based anonymous messages association method.Targeting on the problem that the node selection in Tor AN cannot be controlled and the low success rate in associating the sender with the receiver,this research proposes a Tor circuit control method based on node failure,and further realizes a traffic correlation traceback method through log analysis.This part of experiment makes use of the constructed secure and verifiable private Tor anonymous network experiment platform,and successfully illustrates that this method can increase the chance that a user selects a controlled Tor node.Finally,this research realizes a traffic correlation technique based on log analysis,the experiment in the private Tor network successfully proves that this method could accurately associate the anonymous message sender with the receiver.