Security Study Of Tor Routing Nodes Based On Correlation Analysis

The Second Generation Onion Router(Tor)system is the most popular instant messaging anonymous system at present,with a wide range of users and huge access traffic.However,the defects of Tor system allow attackers to engage in illegal activities by controlling route nodes,which seriously threatens the anonymity and privacy of users.In this article,the security of Tor routing nodes is studied to cope with malicious routing node collusion attacks,so as to improve the security of Tor system.Specific work is as follows:1.This article establish a correlation between the online time patterns and the actual behavioral characteristics of Tor routing nodes,and investigate a method for classifying routing nodes based on their online time.Traditional K-means algorithm is inefficient when dealing with highdimensional binary data like node online time.To address this issue,this article proposes the BK-means clustering algorithm,which utilizes a B-tree as an indexing structure to reduce the algorithm’s time complexity to O(mlogmn).Experimental results demonstrate that this algorithm achieves faster processing speed and better time efficiency when handling high-dimensional binary data.The clustering results reveal that routing nodes controlled by the same organization or attacker exhibit similar behavioral patterns.2.This article investigates methods for identifying malicious Tor routing nodes associated with security incidents and proposes a malicious Tor routing node identification model(MSCNN-LSTM-Attention)based on an attention mechanism,which combines a hybrid multiscale convolutional neural network(MSCNN)and long short-term memory network(LSTM).Firstly,the MSCNN layer captures complex multiscale local features using convolutional neural network(CNN)with different kernel sizes and fuses them.Secondly,the LSTM layer leverages memory cells and gate mechanisms to extract temporal correlation information from time series data.Next,the attention mechanism automatically learns the importance of features and strengthens the weights of parameters that have a stronger impact on the results.Finally,the data is classified using the sigmoid function.Experimental results demonstrate that the proposed model achieves higher accuracy in identifying malicious Tor routing nodes compared to other baseline models.3.This article investigates the discovery of suspicious colluding groups of routing nodes and proposes a method for calculating the correlation of Tor routing nodes based on configuration information.The feasibility of the formula is verified,but this method is not suitable for calculating the correlation of multiple routing nodes.Based on this,an improved Louvain algorithm(SEW-Louvain)is proposed for the discovery of suspicious colluding groups of routing nodes.This algorithm incorporates the node correlation as a weight parameter into the modularity gain calculation and sets a threshold to avoid overfitting.Experimental results demonstrate that this improved algorithm can improve the accuracy and reliability of group discovery.Based on the research findings mentioned above,starting from the perspective of defending against collusive attacks by malicious routing nodes,this study first utilizes a routing node clustering algorithm to group nodes with similar behavioral patterns.Then,for each group of nodes,a malicious node identification model is used to identify malicious nodes,which are then inputted into the suspicious colluding node group discovery algorithm,resulting in multiple colluding groups of malicious nodes.By configuring the extracted colluding groups as "families," it ensures that nodes from the same colluding group do not appear on the same route,thereby reducing the risk of collusive attacks for users.