| Nowadays,while people are enjoying a new lifestyle on the Internet,they begin to pay more attention to hiding their network behavior.The Onion Router(Tor),as an anonymous communication tool that can effectively hide network behavior,is favored by many network users.Although the entry guard is used to reduce the impact of various attacks,more and more studies show that the entry guard has not achieved the theoretical defensive effect.In addition,due to the defects of the entry guard design,new attacks have emerged.On the other hand,the existing security reinforce schemes also have some problems,for example,it is difficult to guarantee the quality of guard set generation,and guard with abnormal bandwidth lack effective management.Moreover,it is difficult to resist traffic analysis attacks initiated by attackers with the ability to monitor the Autonomous System(AS)network.Aiming at above problems,this thesis focuses on solving deficiencies of the original guard set scheme and enhancing the Tor's defense against AS-level traffic analysis attacks by making use of K-Medoids clustering algorithm,standard deviation-based guard set quality evaluation method,and data padding transmission method.Specifically,three schemes are mainly proposed by this thesis as follows:(1)In order to solve the problem that the original generation algorithm of the guard set is difficult to generate effective guard sets when back guards' bandwidths have a large difference,an improved guard set generation scheme based on the K-Medoids algorithm is proposed by this thesis.The scheme can dynamically formulate the generation strategy of the guard set based on bandwidth statistics of back guards and evaluate generated results to ensure that generated guard sets meet system's requirements.By programming a guard set generation management system,a simulation comparison test between the improved scheme and the original scheme is conducted by this thesis.Results show that this scheme can effectively improve the quality of guard sets when back guards' bandwidths have a large difference.(2)In order to solve security problems caused by the lack of monitoring and management mechanism for guard's bandwidth abnormal changes in the original guard set scheme,a guard's bandwidth anomaly monitoring management scheme is proposed by this thesis.By dynamically monitoring guard's bandwidth changes,the scheme can perform security management on abnormal guards which can enhance the security of the Tor and increase the attack overhead as well as difficulty of attackers.By programming a guard bandwidth anomaly monitoring and management system,experimental comparison tests between the improved scheme and the original scheme are conductd by this thesis.Results show that this scheme can not only effectively increase the attack overhead,but also effectively defend attacks on guard set.(3)In order to improve Tor's defense against traffic analysis attacks which are launched by AS-level attackers,a scheme on data padding transmission from the guard to the onion proxy is proposed by this thesis,which makes use of the guard's remaining bandwidth resource.According to the number of users who are currently using the guard,the scheme can dynamically generate padding strategies which can eliminate users' data transmission characteristics.By programming a guard data transmission system with padding strategies from guard to onion proxy,the thesis evaluates the effectiveness of the scheme and the ability of bandwidth control.Results show that the scheme can effectively improve the system's defense against traffic analysis attacks launched by AS-level attackers and effectively control the bandwidth costs. |
PDF Full Text Request