| Anonymous communication systems provide good protection for users' network activities,but due to its serious abuse problems,making network criminal activities are more concealed.Tor anonymous communication system is one of the major anonymous communication systems at present.It is easy to install and deploy,and has gathered a large number of users.The identification and analysis technology for Tor anonymous communication traffic has become a research hotspot in recent years,in order to realize the effective supervision of the Tor anonymous communication system.At present,the identification and analysis technology of tor anonymous traffic mainly aims at some fixed-size network traffic datasets for model training and evaluation,but not for the online identification and analysis of tor anonymous traffic in the actual network environment.Secondly,the online identification and analysis technology of tor anonymous traffic needs to consider the problem of packet processing in the high-speed network environment to ensure the reliability and scalability of the system.In this paper,a prototype system for online identification and analysis of tor anonymous traffic is implemented.The main work includes the following five aspects:1.A high-speed network traffic capture and processing technology is proposed.Firstly,Intel DPDK is used to capture the high-speed traffic in the network,and then Kafka distributed message queue is used to cache the network traffic.Finally,Flink,a data streams processing framework,consumes the data in Kafka to further complete a series of online tasks such as network traffic analysis and calculation.2.The technology of tor anonymous traffic identification is developed.For the network traffic,the first n packets are divided into identification window.On this basis,five kinds of identification features are extracted,including length feature,time feature,traffic count feature,protocol stack feature and synthesis feature.The effectiveness of the features is verified by using a variety of machine learning algorithms,and offline and online experiments are carried out respectively.3.The application classification technology of tor anonymous traffic is developed.For the traffic of tor anonymous communication,the differences of various application types in the burst segment are analyzed,the relevant features of the burst segment are added,and the sliding identification window is divided according to the number of packets.The effectiveness of the features is verified by the random forest and convolutional neural network model,and the offline and online experiments are carried out respectively.4.The website fingerprinting technology of tor anonymous traffic is developed.For the website traffic in Tor traffic,the processing method of anonymous website traffic is analyzed,Tor traffic packets are converted into Tor cell sequences,deep learning method are used to automatically extract features and train model,and offline and online experiments are conducted respectively.5.Integrate high-speed network traffic capture processing technology and Tor anonymous communication traffic identification and analysis technology,on this basis,design and implement the online identification and analysis prototype system of Tor anonymous communication traffic,which can complete the task of tor traffic identification and analysis in network traffic.In summary,this thesis researches and implements the online identification and analysis technology of Tor anonymous communication traffic under high-speed network environment.Through Intel DPDK to achieve high-speed traffic capture,using Flink to complete data streams processing.On this basis,tor anonymous traffic identification and analysis technology is developed.Finally,a prototype system of identification and analysis for tor anonymous traffic is implemented,which can identify and analyze tor traffic in the network. |
PDF Full Text Request