| With the development of network communication technology,the issue of communication privacy protection began to be gradually concerned by people.As a result,anonymous communication networks called dark networks have emerged.As a kind of network hidden under the surface network,the dark network has a hidden nature that the surface network does not have,which makes it difficult to be regulated by conventional methods.As a result,the dark web has become an ideal gathering place for criminals and a breeding ground for criminal activities,giving rise to notorious dark sites such as the Silk Road,and posing a serious challenge to national security.It is a new type of distributed anonymity network that has grown rapidly but received little attention from researchers.As an emerging dark network,Zero Net has attracted a large number of criminals to open sites and publish various illegal information in the Zero Net network because of its anonymity and censorship resistance.In addition,its distributed network architecture and network of nodes in many countries around the world prevent sites from going offline due to a single point of failure compared to traditional dark networks.All these factors indicate that effective technical solutions are urgently needed to strengthen the governance and control of Zero Net dark network.In this regard,this paper conducts research on Zero Net detection and identification technologies,and the main research contents are as follows.In terms of resource detection and analysis:(1)To address the problem of poor classification effect of traditional text classification algorithm,this paper improves the text weight calculation algorithm by combining the location and structural distribution characteristics of text in the page,and optimizes the fast Text text classification algorithm in this way.(2)To address the problem that the existing research has a coarse granularity for content extraction,which leads to the classification results not accurately reflecting the actual content distribution,this paper proposes a fine-grained content extraction scheme based on the local storage mode and structural characteristics of Zero Net site resources.Combined with the structural categories of the site,the fine-grained content extraction of the site avoids the problem of inaccurate classification because the site contains multiple categories of content in the process of content classification.In terms of topology detection and analysis:(1)using the content data obtained in resource detection and analysis,the site network is constructed,while the site network characteristics are analyzed using complex network theory,and the Zero Net site structure network has the characteristics of scale-free and small world;(2)comparing multiple node importance assessment algorithms to obtain the core site nodes in the site network,so as to obtain the Zero Net important site ranking,and through R-indicator assessment,conclude that the degree centrality assessment algorithm better reflects the node importance;(3)study the principle of Zero Net networking,propose a node detection method based on Tracker and based on PEX,obtain 1368 valid network nodes in the experiment,and conduct statistics on the global distribution of nodes based on the pure database.In terms of traffic identification: for the problem that Zero Net traffic consists of multiple protocols and some of the traffic is based on TLS encryption,which is difficult to distinguish from benign TLS traffic,a hybrid feature-based Zero Net traffic identification method is proposed.The method identifies two types of traffic that exist in Zero Net: Tracker communication traffic and node communication traffic.For the former,this paper uses the message request header and load features to identify.For the latter,we combine TLS fingerprint information and message statistics features into a hybrid feature with a library of active nodes for identification.According to the experimental verification,the recognition accuracy of both can reach more than 99%.Combining the above results,this paper designs a Zero Net-oriented detection and identification prototype system,which encapsulates the above three parts and provides a visual interface based on Web implementation to display the analysis results of content and topology,and implements the traffic offline identification function,which has good usability after practical testing. |
