Research On Tor Anonymous Communication Traceback Based On Network Flow Watermarking

Nowadays,the Internet has become an inseparable part of people's daily life.However,security issues such as leakage of personal information have become increasingly serious,and personal privacy has become more and more concerned.Users are constantly trying to access the Internet anonymously.Tor as an anonymous communication mechanism for hidden traffic sources,which can effectively hide the identity of users through rerouting technology.Currently,its number of users has exceeded 4.5 million.However,Tor not only provides services for ordinary users,but also provides a good living environment for its Bidirectional anonymity mechanism and for the platform of illegal transactions and other criminal activities,the dark network.Due to the negative effects of the dark network and the defect that the Tor inlet traffic characteristics are clearly identifiable,its use is greatly limited.Tor Bridge came into being to solve this problem,it can carry a variety of obfuscation protocols to disguise Tor's traffic unobtrusive.As the most widely used obfuscation protocol,obfs4 can interfere with the special treatment of its native traffic,and the new challenges have not yet been overcome.The main content of this paper is to track the Tor traffic carrying the obfs4 protocol bridge.The following aspects have been done around this topic:First of all,this paper introduces Tor's mechanism,including composition,connection process and bridge,and elaborates the working principle of obfs4,and analyzes the current situation of Tor.In addition,a summary of common traffic analysis methods,including a summary of traffic identification and tracking techniques.Secondly,an SVM algorithm based on sample dimension weights is proposed to identify the Tor traffic of obfs4.For the existing 16 eigenvalues of obfs4,the weight combinations of various methods are used,and the improved Gaussian kernel function SVM algorithm is used for the experiment.The results show that this method has significantly improved performance compared with the existing methods,and can accurately identify the traffic of obfs4.Thirdly,this paper proposes an IPD interval scheme,which uses the clustering characteristics of k-means to improve the original scheme,so that the added flow watermark can be detected efficiently in the three modes of obfs4 bridges.The results of experiments show that the improved algorithm has higher detection rate and recognition rate,and has good adaptability to variable net flow traffic.Finally,three usage scenarios are proposed to rationally apply the watermarking scheme to the dark network environment using Tor two-way anonymous mechanism.The scenario includes a confirmation for the user to communicate with a particular service,an access user for discovering a particular service,and a real identity for tracking the dark web service.The advantages and disadvantages of the three usage scenarios and the difficulty of implementation were evaluated.