Darknet Resource Detection Based On Node Injection

The darknet is a network space built on the Internet and providing anonymous protection for clients and content servers.Users cannot retrieve and access the network services through conventional search engines and browsers.The darknet protects the identity and privacy of websites and users because of its hidden nature.However,it has also become a place for illegal activities such as drug and gun transactions,terrorist activities.Therefore,research on darknet resource detection is of great significance for maintaining cyberspace security and fighting against crimes.Tor is the most widely used anonymous communication tool,and many hidden services are published on the Tor network.There are many challenges in achieving darknet domain name collection:(1)Hidden characteristics: There is no search engines that can search the entire network.(2)Distributed security mechanism: Hidden service descriptors are published on multiple consecutive hidden service directories selected randomly,which increases the difficulty of injecting hidden service directories to collect hidden services.(3)Short life cycle: The darknet domain name address is often changed and short survival time.To meet the challenge,this paper proposes a flexible and efficient method for collecting darknet resource based on node injection with the goal of increasing coverage of resource collection.The paper's contributions can be summarized as follows:(1)We inject tor relays in tor network by deploying Tor relays on virtual private servers(VPS)and make them become a hidden service directory server.Then we obtain the hidden service descriptor from the hidden service directory and finally resolve the onion address.Through this method,we achieve a comprehensive collection of darknet domain name.(2)We research the influencing factors of Tor nodes being marked as hidden service directories and make them evenly distribute on the distributed hash ring of the hidden service directory by controlling the generation of the identity public key of the Tor relay.(3)We establish resource coverage estimation model based on domain name lifetime distribution probability to estimate the coverage rate of darknet domain name in the situation of given the number of injected nodes.Using Docker's lightweight container technology,we design a flexible and effective node deployment and management solution.We perform real-time discovery,analysis and verification of the collected hidden service descriptors.Based on the tor source code,this paper implements the hidden service descriptor collection and domain name address resolution modules,and stores the collected descriptors in real-time through a remote database.The prototype system was deployed on 30 VPS,and collected 22,2752 unique darknet domain name in 3 months,daily average collection volume is up to 3600.According to the access to darknet domain name,we analyze the activity and life cycle of darknet domain name,and estimate the coverage.Experiments show that the method proposed in this paper can achieve higher resource coverage with less investment,and achieve the characteristics of efficient system management and easy deployment at the same time.