基于流量分析的信息溯源关键技术研究

发布时间：2018-04-11 17:15

本文选题：匿名网络 + 流量分析　；参考：《北京邮电大学》2014年硕士论文

【摘要】：信息溯源是指采用一系列的方法和技术手段将内容、网络行为以及应用行为等追溯到其发起者。一般情况下可以通过数据连接的四元组判断信息的来源或者发起者,但是当信息发送者采用一定的手段隐藏这种关系时,如何发现信息的来源变成了一项富有挑战性的工作。匿名通信服务隐藏通信实体的地址、通信关系等,保护用户隐私。但与此同时,匿名网络也被用于掩盖网络罪犯的行踪,如何针对匿名网络的流量进行信息溯源,具有非常重要的实际意义。已有的针对匿名网络流量的信息溯源方法,在实际的应用中大都具有一定的局限性。本文针对匿名通信网络,提出一种在获取匿名网络的入口流量和出口流量的情况下,对匿名网络用户间的通信关系进行去匿名化分析,达到追踪溯源的效果的方法。本文选取匿名网络Tor做为研究对象,针对Tor的流量开展了一系列的基于流量的分析溯源工作。、首先,为了了解匿名网络流量的特征,我们针对Tor的流量进行了深入的分析与测量,通过提取并对比入口流量和对应出口的流量,分析Tor流量的特征。我们同时测量了Tor网络目的节点的国家分布以及流量长度分布等,为后续量化实验验证提供了依据。二、考虑到Tor数据采用SSL进行加密,而基于SSL的网络应用逐渐增多,从背景数据流中识别出Tor流量可以提高溯源的准确性,并且减少系统的计算量。在对Tor协议和流量进行深入研究的基础上,选取了数据包长度作为特征,以SVM分类算法作为Tor流量识别的算法。在离线环境下,使用该方法实现了对Tor流量进行分类识别,分类的准确率与召回率均可以到达90%以上。三、在以上工作的基础上设计并实现基于流量分析的信息溯源系统。选用k-means算法,对于匿名网络的入口流量和出口流量,按照选取的特征向量进行多元关联分析,以获取两部分流量之间的对应关系。并在真实网络环境下,对系统的准确性进行了评估和验证。当数据流的字节数大于200K1B时,信息溯源的准确率可以达到90%以上。
[Abstract]:Information traceability refers to the use of a series of methods and techniques to trace the content, network behavior and application behavior to its initiators.In general, the information source or initiator can be judged by the quaternion of data connection, but how to find the source of information becomes a challenging task when the sender uses certain means to hide the relationship.Anonymous communication service hides the address of communication entity, communication relation and so on, protects user's privacy.But at the same time, anonymous network is also used to cover up the whereabouts of network criminals. How to trace the traffic of anonymous network is of great practical significance.Most of the existing information traceability methods for anonymous network traffic have some limitations in practical applications.In this paper, we propose a method to analyze the communication relationship between anonymous network users by means of de-anonymity analysis under the condition of obtaining the inlet and outlet traffic of anonymous network, so as to achieve the effect of tracing the source.In this paper, anonymous network Tor is selected as the research object, and a series of traceability based on traffic analysis for Tor traffic are carried out.Firstly, in order to understand the characteristics of anonymous network traffic, we analyze and measure the traffic of Tor in depth, and analyze the characteristics of Tor traffic by extracting and comparing the incoming traffic and the corresponding flow.At the same time, we measure the national distribution and the flow length distribution of the destination nodes in Tor network, which provides the basis for the subsequent quantization experiments.Secondly, considering that the Tor data is encrypted by SSL, and the network application based on SSL is increasing, identifying the Tor traffic from the background data stream can improve the accuracy of traceability and reduce the calculation of the system.Based on the in-depth study of Tor protocol and traffic, the packet length is selected as the feature, and the SVM classification algorithm is used as the Tor traffic recognition algorithm.In the off-line environment, the method is used to classify and identify the Tor traffic. The classification accuracy and recall rate can reach more than 90%.Thirdly, the information traceability system based on traffic analysis is designed and implemented based on the above work.In order to obtain the corresponding relationship between the two parts of traffic, the k-means algorithm is used to analyze the inlet and outlet traffic of anonymous network according to the selected eigenvector.In the real network environment, the accuracy of the system is evaluated and verified.When the number of bytes in the data stream is greater than 200K1B, the accuracy of traceability can reach more than 90%.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.06

【共引文献】