| In recent years,different kinds of anonymous communication systems are gradually put into use due to the improvement of people's awareness of network security.However,various anonymous abuse issues pose a great threat to the cyberspace security.In order to strengthen the surveillance of anonymous communication traffic,website fingerprinting attack has gained widely attention from many researchers.This type of attacks makes use of the differences between websites in object number and size,etc.,and identifies the websites that users are anonymously visiting by extracting and comparing the features of encrypted HTTP traffic.Traditional website fingerprinting attacks are conducted by local attackers through recording the traffic on the wire passively.However,because of the persistent connections and pipelining technology introduced in HTTP/1.1,the traffic of different objects tends to overlap,which will reduce the detection rate.To address this issue for the widely used Tor network,this thesis proposes the active website fingerprinting attack techniques by leveraging features of Tor link layer and Tor protocol layer respectively.Specifically,the main work includes the following three aspects:1.The thesis proposes an active website fingerprinting attack technique on link layer.Firstly,an algorithm is studied to identify the Tor flow control packets,and then the non-flow control packets are delayed on the wire between client and Tor entry node.Finally,machine learning algorithms are used to classify the recorded traffic targeting at defferent websites.The experiment is conducted in Tor private network deployed on PlanetLab platform,and the sites from Alexa Top list are used to evaluate the performance of this attack regarding both closed-world and open-world scenarios.2.The thesis proposes an active website fingerprinting attack technique on Tor protocol layer,and a new attack model is proposed,where the Tor entry node is compromised by the attacker.Firstly,packet delay positions are determined by using the statistical analysis method and designing objective optimization algorithm as well,then the delay scheduling algorithm is designed to delay the HTTP request packets and record Tor application traffic data.Finally,the traffic is classified using machine learning algorithms.The experiment is conducted in Tor private network on PlanetLab platform,and the attack performance is tested using Alexa Top list sites for both closed-world and open-world scenarios.3.Integrating the link-layer and protocol-layer active website fingerprinting attack techniques,a prototype active website fingerprinting attack system is designed and implemented to monitor and analyze Tor anonymous communication traffic online.In summary,this thesis studies the active website fingerprinting attack techniques on Tor anonymous traffic,which are launched on the Tor link layer and the Tor protocol layer respectively.These techniques can separate the responding traffic containing different web objects by delaying HTTP requests.Based on this,a prototype active website fingerprinting attack system is implemented to effectively monitor the encrypted HTTP traffic. |
PDF Full Text Request