Research On Tor Content Classification Based On Traffic Analysis

With the frequent occurrence of network security problem,network security has become more important and the issues have also been referred to the strategic position.The anonymous communication technologis can hide communication entities and communication relationship to enhance the network security.But malicious users can use the technology to illegal activities and crimes,and this kind of behavior threats the network security and increase the difficulty of network forensics.Tor is the most typical application of anonymous communication,through the integration of bridges to achieve traffic confusion,to avoid the filtering attacks.In this paper,we takes advantage of traffic segment based on the Tor-Meek traffic identification to classify the traffic content which the experiments are carried out with machine learning method from two classification and multi classification,the experiments show that the method we proposed is efficient for the classification of anonymous communication content,and this is important for the network security protection.This paper from the following four aspects based on Tor-Meek traffic classification:(1)First of all,make introduction of the Tor anonymous communication technology,covers three aspects:the development of anonymous communication,Tor anonymous communication technology and Tor bridge technology.We focus on the obfuscation technology of Meek,and extract the key technology of Meek,including domain-fronting?server name indication and content distribution network.(2)Put forward the method for Tor-Meek traffic indentification,which is based on the combination of static characteristics and dynamic characteristics,first is for the TLS packet identification,then use the static characteristics for the another recognition,finally use the Polling dynamic features for the key recognition,then label the identified Tor-Meek traffic.(3)From the point of flow analysis for content classification,according to the statistical analysis,we select 19classification feature parameters.Use the data slice model to segment the labeled Tor-Meek,and then the classification model is used to classify the segment.Using libsvm as the classification tool,the paper puts forward two kinds of methods:multi classification and the two classification.Finally,the classification experiment is designed for evaluation with variable penalty parameter and segment size,the accuracy,recall and precision are used as the evalution parameter for the method proposed in this paper.(4)At the end of this paper gives a summary of the study and put forward the future prospect,one is the improvement and optimization of the multi classification experiment method to improve the accuracy of classification,the second is to give out user behavior portrait through user behavior modeling.