Research And Implementation Of Key Technologies In Tor Anonymous Traffic Analysis

In order to prevent third parties from intercepting the user's personal information and Internet behavior,the anonymous communication system aiming at protecting the personal information security of the users arises at the historic moment.Anonymous communication system protects the privacy of Internet users,but also caused a lot of new network security issues: Many online users use anonymous networks to buy murder,extortion,spread rumors and other illegal acts.Therefore,it is necessary to detect and analyze anonymous traffic.Through anonymous traffic detection,users of anonymous network can be locked,and analysis of anonymous traffic can further infer possible access content.So as to realize the supervision of anonymous traffic and control anonymous network crime.Tor(The Onion Router)is currently the largest anonymous communication system.The traffic analysis work in this paper is mainly for Tor anonymous network,including Tor traffic behavior detection and Tor traffic application classification,the specific work is as follows:Firstly,for the problem of low accuracy of Tor flow detection,this paper analyzes the characteristics of Tor anonymous traffic,extracts four statistical features with strong detection efficiency,and proposes a Tor flow behavior detection method based on decision tree algorithm.The purpose is to control the anonymous traffic.Through the analysis of the 50 thousand samples for the algorithm experiment,the method in the Tor flow detection,the calculation of small amount,high detection efficiency,Tor traffic recall rate of more than 97%.Then,for the problem that the labeled Tor flow sample set is small and the cost of manual marking is high.The Tri-Training semi-supervised machine learning method is used to improve the efficiency of the sample.Tor traffic is divided into fine-grained categories according to the type of application that is divided into four application categories: Web pages,incoming mail,post mail,and audio and video.Experimental results show that the algorithm can make full use of the obtained samples to train and classify Tor traffic.Its classification accuracy can reach 94%,compared with the traditional supervised learning method increase d by an average of 10%.Finally,according to the above two aspects of Tor traffic behavior detection and Tor traffic application classification,a prototype system of Tor traffic analysis is designed and implemented.The prototype system is deployed in the real network environment,and the system test and the result analysis are carried out from the two aspects of function and performance.The system test results show that the system has good performance and can meet the demand of Tor flow analysis,but it needs to be further improved in the classification time.