Research On Traffic Obfuscation Technology Oriented To Secure Link Channel

With the rapid development of the Internet,the transmission of information between people has become more convenient and efficient.In the meantime,cyber security issues are emerging in endlessly.Advanced technologies of traffic analysis have brought a great challenge to information hiding and privacy protection.Common Deep Packet Inspection(DPI)identifies traffic types and user behaviors by monitoring and analyzing incoming and outgoing data packets from intermediate nodes.Powerful deep learning technology enables man-in-the-middle of network to identify target information from huge network traffic.Traffic obfuscation is one of the commonly used technologies to resist traffic analysis.Traditional traffic obfuscation technology can protect computers from traffic analysis attacks to a certain extent,but high-performance machine learning classifiers pose a huge challenge to traffic obfuscation.Adversarial machine learning provides a novel way for anti-traffic analysis.This paper mainly researches the traffic obfuscation technology oriented to secure link channel.Traffic obfuscation technology based on adversarial machine learning is used to limit the recognition of anonymous traffic by the machine learning model,and reduces the recognition accuracy of the model by adding specific disturbances to the input data.First,a network traffic classification and recognition model based on machine learning and deep learning was established to simulate the attack of the man-in-the-middle on the link.We choose the Tor as a typical secure link channel.Based on experiments on the ISCXTor2016 public data set,the best performing LSTM model achieved a recognition accuracy of 97.68%.In order to resist the attack of man-in-the-middle,a method of generating adversarial traffic samples was adopted to deceive the machine learning model so that it cannot accurately identify anonymous traffic.Experimental results show that the MIM algorithm has the best performance,and the obfuscation success rate of the MIM algorithm can reach 90% when faced with DNN and LSTM models.In addition,in order to meet the monotonic non-decreasing rule of data packet size,this paper proposes two improvements to the gradient iteration method.The test results show that performing a correction of the adversarial sample after a fixed number of iterations can meet the realistic strategy,at the cost of reducing the very small success rate of obfuscation.Finally,we designed and tested a black box attack that is accomplished by training an alternative model,which uses SMOTE technology for data enhancement.The black box attack strategy has the best effect on the obfuscation of the LSTM model,and the CNN model shows strong robustness in the face of such black box attacks.