| Anonymous communication networks are becoming a hidden space for criminals and criminals,posing severe challenges to network supervision.In order to effectively supervise the anonymous network headed by Tor,and crack down on the various network black production and gray production crimes lurking in it,technical means such as anonymous user discovery,communication confirmation,and website fingerprint attacks have emerged as the dark web.Supervision provided technical support.Aiming at the actual situation of the use of the domestic Tor anonymous network,this thesis uses the identification and discovery of Tor anonymous network users,the classification of Tor anonymous traffic application types,and the identification of the types of Web-based Tor anonymous traffic access sites as the entry point.Hierarchical identification and classification,a series of research work has been carried out,the main contents of which are as follows:(1)Conduct an in-depth analysis of the characteristics of Tor anonymous access traffic in the domestic environment,and propose a Tor anonymous traffic identification classification model for Tor anonymous user discovery and application type classification.This model can identify the two-category pattern or traffic discovered by users The multi-classification mode of application type classification works.The model calculates and obtains the time correlation characteristics of the flow at the flow granularity,and uses the Histogram to perform class segmentation labeling on these characteristics to improve the robustness of the features.Finally,combined with the idea of integrated learning,XGBoost is used in a smaller feature dimension.Realize the identification and classification of Tor anonymous access traffic.(2)Analyze the performance characteristics of domestic Tor web traffic,propose a traffic sequence division method under the meek plug-in,and design a website fingerprint feature extraction model based on the seq2 seq model;aiming at the concept drift problem common to existing website fingerprint attack models,A dynamic website fingerprint recognition model based on adaptive random forest algorithm is proposed.The model uses an adaptive random forest algorithm as the data stream classifier,supports manual feature and automatic feature input,and can dynamically update the classifier model according to the feature stream to realize online classification and recognition of website fingerprints.(3)According to the proposed model,a prototype system for Tor anonymous network supervision was implemented.The third level of Tor anonymous traffic was realized through Tor anonymous network user identification and discovery,Tor anonymous traffic application type classification,and website fingerprint recognition of web type traffic.Filtering and identifying,providing multi-dimensional Tor anonymous network user behavior information. |
PDF Full Text Request