Research On Traffic Characteristic Analysis Technology Of Malicious Behavior Based On Anonymous Communication

At present,many botnet malicious code attacks are carried out through anonymous access,which makes the vast number of netizens face the threat of virus intrusion,data security and increasingly complex malicious code.Botnet,filled with viruses,worms,Trojans and other malicious acts,has become a stubborn attack platform.Malicious code acts maliciously through Tor anonymous network.In order to effectively distinguish the suspicious malicious attacks in Tor network traffic,it is necessary to analyze the Tor anonymous traffic characteristic database in order to carry out targeted network security precautions and ensure the stability of the network environment and data security.The main work of this paper is as follows:(1)This paper summarizes the research status of malicious behavior traffic characteristic analysis technology in anonymous communication and analyses the principle of malicious code attack in anonymous communication and related Tor network communication security defense technology.(2)This paper studies the malicious code analysis technology of Tor network,experiment the attack simulation of Tor anonymous network.The experimental results show that although Tor network has basically blocked all vulnerabilities that may be attacked by malicious code,malicious attackers can still implement illegal intrusion and malicious attack by analyzing and monitoring the changes of network traffic.(3)This paper studies the malicious code recognition and analysis technology of network behavior characteristics.The network traffic of malicious code is classified and compared,and the network behavior characteristics of host infected by malicious software are summarized.The classifier is trained by machine learning to effectively identify malicious code traffic.A framework of malicious code recognition system based on anonymous communication network malicious behavior is built.Through malicious code traffic acquisition experiment deployment,Tor traffic is distinguished from normal encrypted data traffic,so as to accurately screen suspicious data in anonymous communication network traffic.The main innovations are as follows:(1)Design the simulation attack scenario of anonymous network Tor through the research on the analysis technology of malicious behavior traffic characteristics based on anonymous communication.The whole process of Tor anonymous attack is described in detail and malicious code is analyzed.(2)Propose a malicious code recognition framework based on anonymous network behavior characteristics.Tor traffic is separated from normal encrypted data traffic.The experimental result shows that the suspicious data in anonymous communication network traffic can be accurately filtered to effectively identify malicious code traffic.