Access Detection Technology For Encrypted Hosting Pages Based On Traffic Fingerprints

With the continuous development of China's network opening process,foreign Internet service providers such as Amazon aws cloud service,Github server,Akamai CDN,etc.,deployed a large number of servers in China's domain to facilitate the localization of information services.These cloud servers running in the country can also be used as service containers to provide tenants with web applications.These web applications serve as a subset of a resource pool and provide services externally through a unified server and HTTPS.Since the communication content cannot be probed and perceived,this poses a great challenge to the network space governance within the domain.This paper studies the above problems,and the main contents of the thesis are as follows:1)The paper systematically analyzes the factors affecting webpage access traffic,and analyzes the impacts of client,server and link.The analysis of these influencing factors lays the foundation for the subsequent extraction of fingerprint features.2)A method for establishing and extracting feature fingerprints based on web resource traffic is proposed.The method uses the DNS domain name corresponding to the resource as the boot fingerprint,and uses the maximum resource length and hash value as the fingerprint information for the non-encrypted HTTP traffic,and the encrypted HTTPS.Traffic,using the number of resources and the sequence of resource lengths as fingerprint information.3)A web page traffic matching detection method based on the fingerprint similarity of the primary/secondary traffic is proposed.The method uses the mainstream detection,the auxiliary plaintext detection,and the auxiliary ciphertext detection to comprehensively calculate the similarity.The similarity is determined by the reference value of the matching degree coefficient.The auxiliary plaintext compensation coefficient and the auxiliary ciphertext compensation coefficient are jointly calculated;the related example analysis verifies the effectiveness of the detection method.4)A set of detection software for encrypted hosted page access detection for small-scale networks is designed.The functions and processes of each module are described in detail.The actual test experiments show the effectiveness of the software.Finally,the paper summarizes the full text and looks forward to the future issues worthy of further study.