Research On Traffic Camouflaging In Tor Anonymous Communication System

Tor,as the most mature anonymous communication system with the largest number of users,provides anonymity guarantees for users' network services through traffic encryption and authentication,traffic obfuscation,onion routing,and other technologies using strategies such as multi-hop transmission and layered encryption.However,in recent years,with the development of traffic analysis techniques,traffic identification studies for Tor networks have emerged,making Tor networks under serious threat in terms of anonymity.Attackers train traffic classification by extracting features of Tor traffic to achieve accurate identification of Tor traffic,which can then be intercepted and traced.In order to defend against traffic identification attacks,this thesis focuses on Tor-based traffic camouflaging techniques and introduces the current mainstream traffic camouflaging strategies.Based on the comparative analysis of the performance and usage scenarios of each camouflaging strategy,this thesis conducts an in-depth study of the traffic morphing algorithm based on the transition matrix,proposes an optimization strategy to address the shortcomings of the original algorithm in terms of model export time and morphing efficiency,and implements the optimized algorithm into the ground,combines the traffic filling strategy,changes the characteristics of the original Tor traffic packet size distribution and sending rate,and designs and implements the applied to the traffic camouflaging system between the onion agent and its own bridge nodes,and the details of the research are as follows.(1)In this thesis,the traffic morphing algorithm based on the transition matrix is analyzed and studied.The original algorithm is optimized for the slow export time of the transition matrix in large sample space,and a strategy of hierarchical sampling based on the set of tree-like deformation matrices is proposed,and it is experimentally verified that the strategy can significantly reduce the export time of the model in large sample space and improve the iterability of the algorithm.To address the impact of packet slicing on the artifact efficiency in the morphing process not considered by the original algorithm,this thesis introduces the slicing overhead in measuring the extra overhead of the algorithm and introduces two strategies to reduce the slicing overhead: the slicing avoidance strategy based on multilevel planning and the slicing reduction strategy based on penalty function.Finally,it is experimentally demonstrated that these two strategies can significantly reduce the number of slices in the morphing process with little impact on the extra padding byte overhead,thus improving the traffic morphing efficiency of the algorithm.(2)In order to resist Tor traffic identification attacks,this thesis designs and implements a traffic masquerading system applied between the onion proxy and its own bridge nodes to camouflage the raw Tor traffic as normal We Chat video call traffic.The system implements the optimized traffic morphing algorithm on the ground using the Netfilter framework and the self-fitting protocol,and successfully changes the characteristics of the original traffic packet size distribution.To further improve the artifactuality of the system,the packet delivery interval is modified using a random sampling strategy in the traffic outgoing buffer to fit the delivery rate of the target traffic.Finally,the system's connectivity,artifacts and performance are experimentally tested to prove the effectiveness of this system.