Research On Fingerprinting-based User Identification In Cyberspace

In an era where cyberspace is inextricably interwoven with social life,the study of network user identification technology is increasingly significant for cyberspace governance.However,limited by attack models,some traditional explicit-identifier-based network entity identification technologies cannot be applied to network supervision,while other technologies are easily invalidated,for the identifier information is hidden or tampered with.Therefore,this dissertation aims to study the fingerprinting-based network entity identification technology.A network user will be identified by analyzing the device he uses,the operation he performs,and the behavior patterns and habits he shows,which provides theoretical and technical support for network supervision,access control and other applications.In terms of the fingerprinting-based identification of network devices,fingerprint identification at the physical-layer is effective but cannot be applied to network supervision.Thus,it is urgent to study traffic-analysis-based device identification technology at the application-layer.In the aspect of user behavior recognition based on traffic classification,the application of encryption technology,especially anonymous communication technology,has posed an obstacle for traffic analysis.Meanwhile,some common problems exist in the existing network user fingerprinting technology,such as identification jittering caused by limited attributes,and overlong identification period.In view of the above problems,the major work of this dissertation mainly include three aspects.Firstly,a device identification technology based on non-interactive traffic analysis is proposed.The background DNS traffic identification algorithm named PABDNSIdentification based on periodicity analysis is designed,and the device fingerprint is formed by taking the domain names extracted from DNS queries as the features.Then typical algorithms such as k-nearest neighbor and BP neural network are applied to implement fingerprint matching.The experimental results show that efficient device fingerprinting can be achieved in a time period from 24 hours to 30 minutes.Secondly,an anonymous communication traffic classification method based on hybrid deep learning model is designed.Based on the detailed analysis of the communication and traffic encapsulation mechanism of Tor,traffic classification is realized based on manual feature selection and deep learning with raw Tor traffic as input,respectively.Then an anonymous communication traffic classification method based on hybrid deep learning is proposed.The effectiveness of the method is proved by the public dataset,which means it can be used to realize network user behavior recognition for anonymous traffic.Thirdly,a network user fingerprint identification method based on traffic analysis is proposed.By extracting information covering user devices,applications the user uses,and domain names the user accesses,the problem of limited attributes caused by the sole dependence on DNS domain names is solved.The method proposed in this dissertation can reach an accuracy rate of more than 90% in quite a short period of time.In addition,the introduction of high-speed traffic capture modules,distributed storage/computing frameworks,and distributed machine learning algorithms can meet the need of online identification of network users in high-speed network environments.In this dissertation,the network user identification technology based on fingerprint analysis is studied in an in-depth way.The proposed methods can effectively analyze and identify the users,the devices they use and their network behaviors.Compared with the existing research,these methods are more accurate and practicable,and can provide effective technical support for cyberspace governance.