I2P Anonymous Communication Network Traffic Identification And Classification

I2P is a commonly used anonymous communication mechanism,which hides the identity information and communication relationship of both parties through multi-level encrypted tunneling mechanism.While providing anonymous protection for users'network access,I2P is also abused by malicious users to engage in illegal activities.Therefore,the research on I2P anonymous network traffic identification and classification is helpful to effectively identify the malicious ACTS of attackers,and has important theoretical significance and application value to protect network security.Based on P2P architecture,I2P uses garlic router mechanism to realize user information hiding.On the one hand,due to the short life cycle and fast update speed of I2P nodes,the internal resource collection scheme of I2P was designed and two node collection algorithms were proposed.On the other hand,in view of the challenges of low anonymous traffic in the network,dynamic port mechanism and difficulty in detection and recognition after encryption,this paper proposes a two-stage method to realize I2P traffic identification by using message length feature and NTCP protocol and a method to classify I2P traffic based on flow characteristics.The main work and contribution of this paper are as follows:(1)In the data acquisition stage,by studying the release and update mechanism of nodes in the anonymous I2P network,the collection scheme of internal resource nodes in the I2P network was designed,and the method to realize the discovery and collection of I2P nodes through the real-time monitoring function module of the network database NetDB and the regular crawling function module of the seeding website was proposed.Based on the analysis of node RouterInfo structure,a node information database was constructed to provide data calibration basis for subsequent experimental research on traffic identification and classification.(2)Because I2P dynamic port mechanism,aimed at the limitation of the port identification method for anonymous traffic identification and anonymous traffic is less,hard to detect problems in the network,this paper proposes a characteristics and NTCP communication protocol based on packet length I2P flow detection method,the analysis of the implementation of a large number of common traffic I2P traffic detection and recognition.This method is mainly divided into two stages for I2P traffic recognition:first,analyze and filter non-i2p traffic based on the entropy value of message lengthy and then accurately identify I2P anonymous network traffic based on the matching of message load length sequence.The experimental study on the collected data set proves that this method can effectively and quickly identify I2P anonymous network traffic.(3)Aiming at the problems of numerous anonymous services and mixed anonymous network traffic,this paper proposes a method of classifying I2P anonymous traffic based on stream characteristics,and classifies I2P traffic into anonymous file sharing,anonymous chat and anonymous website.According to the number of statistical characteristics of selected traffic,three comparative experiments were designed.Based on the four classification algorithms(NaiveBayes,BayesNet,SVM and RandomForest),the performance of the classification model was evaluated by the indexes of accuracy,precision and recall.The experiment shows that the RandomForest classification performance is the best,and the classification performance of the classification model also improves with the decrease of feature number.Compared with traditional methods,the I2P traffic recognition and classification algorithm proposed in this paper has better performance.