Research And Implementation Of Identification For Tor Anonymous Communication Based On Meek

With rapidly developing of the Internet technology, the network security is becoming more important. The invention of Anonymous Communication technology makes up the shortage of traditional network security. It hides the identity and relationship of the communication on both sides. Based on that, it provides privacy for users. However, at the same time, it may be exploited by malicious users to conduct illegal network activity. Therefore, how to identify anonymous traffic and have effective supervision on it has great significance.Tor is currently the most widely used anonymous communication system. In order to resist traffic analysis and network monitoring, Tor introduces multiple pluggable transports to obfuscate its traffic. Meek is one kind of the pluggable transport in Tor, it disguised Tor’s traffic as cloud services’traffic. On one hand, Meek uses domain fronting technology, forwarding traffic through third-party server, so that the transmission content appears to be accessing another site. On the other hand, Meek uses encryption based on browser proxy. It establishes HTTPS tunnel traffic flows through the browser, thus hiding the TLS fingerprint of Tor.The main content of this paper is the analysis and detection of Tor’s anonymous communication traffic based on Meek. Around this topic, specifically expands in the following four areas:(1) Detailed introduction of the mechanism in Tor anonymous communication system, including cell format, the establishment of circuit and data transmission method. Systematical elaboration of the Meek’s technology to obfuscate traffic, including domain fronting, the encryption based on bowser proxy and so on.(2) Capture Meek’s traffic in a lab environment and analyse its features, including the analysis on the feature of the connection, the static data packet, the statistic of the data traffic and the dynamic data traffic. Then summarize the feature of Meek’s traffic based on aforementioned analysis, combine the existing traffic identification technology to propose the method to identify Tor’s anonymous traffic based on traffic feature.(3) Propose a fragment model of Meek’s traffic according to its feature, and then propose an identification and classification method for Tor’s anonymous traffic based on SVM with SVM technology. The identification method could distinguish Tor and non-Tor traffic thus identifies Tor’s anonymous communication traffic. The classification method could classify the different behavior of Tor’s traffic based on identified traffic.(4) Design and implement the above two identification and classification method, then optimize the algorithm based on lab result. The result shows that the above two methods with high accuracy and performance could identify Tor’s anonymous communication traffic based on Meek effectively.