| Tor anonymous system is an overlay network composed of multi-hop encrypted proxy service nodes.On the one hand,it can provide ordinary users with anonymous Internet access to cover up their network communication sources and targets,and on the other hand,it can provide service providers with anonymous deployment.One of the main properties of Tor network is the strong anonymity,which boost a large number of illegal activities such as private data trasactions,killer hire,drug transactions,weapon transactions and so on.At the same time,some organizations also use Tor to carry out large-scale cyber attacks.Therefore,it is important to strengthen the detection and analysis of the darknet.At present,the research on the Tor darknet is mainly based on the discovery of hidden service,and darknet data is obtained and analyzed through crawler and other methods.Existing research work utilizes only single means of obtaining hidden service domains and Tor protocol have upgraded.It has resulted in a lack of a complete view of the darknet space.In addition,since different hidden services have different information value,the research on the core Tor dark webs is of great importance.In response to the above problems,this thesis studies the discovery and analysis technology of Tor dark webs.The specific work includes the following aspects:Firstly,in terms of detection of hidden services,by analyzing registration mechanism of the Tor hidden service directory server on the DHT,this thesis designs a scheme to optimize deployment of the Tor hidden service directory server which can obtain more hidden service domains at a lower resource cost.On this basis this thesis designs a hidden service detection method combining the protocol layer and the network layer to statistics the survival rate and opening port of the hidden services,and a measurement method of Tor hidden services which covers Tor v2 and v3 versions is further proposed.Secondly,in terms of hidden service analysis,this thesis designs a hidden service association algorithm based on page structure and content to associate the same or similar sites.On this basis,with the survival rate,the visits,the number of similar pages,in degree and out degree of the onion domains as attributes,we use the machine learning algorithm to realize the core Tor dark-web discovery and analyze the core Tor darkweb category and language distribution.This thesis also proposes a new hidden serviceoriented Guard node discovery technology which completes the Guard node discovery by constructing rend-cookie with the onion domain information,and actively injecting HS-RPO circuit anomalies.Thirdly,based on the above achievements,this thesis designs and implements a prototype system of core Tor dark-web discovery and analysis.This system consists of seven parts: storage module,hidden service detection module,hidden service visit statistics measurement module,hidden service content acquisition module,hidden service clustering module and core dark-web discovery module.This system is verified by deployment in real network environment.In summary,this thesis studies and implements the core Tor dark-web discovery and analysis technology.Through the research of the above work,the effective supervision of the Tor darknet can be better achieved and technical support can be provided for cyberspace governance. |
PDF Full Text Request