Research And Implementation Of Flow Correlation Attacks On Tor Using Deep Learning

The Tor anonymous communication system has increasingly been exploited by malicious actors seeking to obfuscate their identities during cyberattacks.To effectively mitigate these threats,it is imperative to determine the true IP addresses of the perpetrators.However,Tor’s employment of onion routing technology substantially anonymizes users,rendering the discovery of their actual addresses a formidable task.The flow correlation attack,a de-anonymization technique,has garnered significant interest among researchers in recent years.Despite numerous proposed methods,several limitations persist:1)the need for a reduced false positive rate;2)extensive training times;and 3)existing flow correlation systems still need to be improved in real-time,automation,and usability.To address these challenges,this thesis presents an innovative flow correlation attack model and details the design and implementation of a Tor flow correlation analysis system.The main contributions of this thesis are:(1)Introduce Tor2Vec,a Tor flow correlation attack model.To reduce the false-positive rate,this paper proposes a deep learning model based on convolutional neural networks and long short-term memory networks,called Tor2Vec.This model can better extract global features and feature sequences,thus achieving a lower false-positive rate.The strategies used in model training are also discussed,including triplet mining strategies,optimizers,etc.,to further reduce the false-positive rate and accelerate training speed.Experiments show that Tor2Vec reduces the false-positive rate compared to the existing method and shortens the training time.(2)Introduce the design and implementation of TorCorr,a flow correlation analysis system.To better accomplish the correlation of Tor flow,this paper designs and implements the TorCorr system.Built upon the Tor2Vec model,the system utilizes Zeek and Milvus for real-time capture and efficient retrieval of correlated Tor flow.Compared to previous systems,TorCorr can efficiently perform Tor flow correlation analysis and holds practical significance in the supervision of the Tor network.