基于网站指纹的shadowsocks匿名流量识别技术的研究
发布时间:2018-11-20 17:05
【摘要】:随着通信数据隐私保护需求的不断增加,各种匿名通信技术也得到了快速发展,但是,在这项技术保护通信双方个人信息的同时,也使得利用简单数据包检测进行的网络监管变得更加困难。Shadowsocks作为新兴的匿名通信软件,因其速度快,易部署等优点,在国内得到了广泛了使用。现有的匿名流量识别的研究成果大多具有很强的针对性,在流量特征提取,方法建模等软件识别技术方面具有很强的依赖性,而shadowsocks因为使用其自身所带的独特协议,现有的方法很难对其进行识别;同时,当前的大部分学术分析成果还停留在实验阶段,并且高速网络环境下匿名流量的数据集收集与构造、大量混合流下网站指纹的分割等问题仍没有提出很好的解决办法。因此,如何对shadowsocks流量进行建模,如何解决高速网络环境下匿名流量识别,是当前国内网络安全领域亟待解决的问题。本文在对以往相关研究成果进行分析的基础上,针对上述问题,深入分析了shadowsocks匿名软件的运行机制,将其运行过程和HTTP协议相结合,提出了多粒度启发式流量识别方法和基于混合流分割的网站指纹识别算法。多粒度启发式流量识别算法是从主机行为、数据流、隐藏信息等多方面检测shadowsocks流量,达到过滤的目的。该方法可以解决因匿名流量占总数据流量比例小而导致数据集不平衡而带来识别准确性低的问题。基于混合流分割的网站指纹识别算法是在多粒度启发式流量识别方法的基础上,选择区分度高的网站指纹特征,将可疑混合流进行聚类分割,解决混合流中单站点、多站点识别问题,达到降低误报率的目的。接着,本文分析了高速网络环境下匿名流量识别所面临的难点,确定新系统要达到的目标,结合多粒度启发式流量识别算法和基于混合流分割的网站指纹识别算法,设计并实现了高速网络环境下shadowsocks匿名流量识别系统,并详细阐述了识别系统总体设计与详细模块设计。最后,本文利用多组不同的真实数据集,对多粒度启发式流量识别算法和基于混合流分割的网站指纹识别算法分别进行评估,通过和现有的方法,以及系统适应性等方面对运行结果进行分析,验证了该算法的高准确性;同时,在高速网络下,针对具体的模块设计对高速网络下shadowsocks匿名流量识别系统进行测试,证明了该系统具有很高的识别准确率。
[Abstract]:With the increasing demand for privacy protection of communication data, various anonymous communication technologies have been developed rapidly. However, while this technology protects the personal information of both sides of the communication, As a new anonymous communication software, Shadowsocks has been widely used in China because of its advantages of high speed and easy deployment. Most of the existing research results of anonymous traffic identification have strong pertinence, and have strong dependence on software recognition technology, such as traffic feature extraction, method modeling and so on. However, shadowsocks uses its own unique protocol. The existing methods are difficult to identify. At the same time, most of the current academic analysis results are still in the experimental stage, and the collection and construction of anonymous traffic data set in high-speed network environment, a large number of mixed flow website fingerprint segmentation and other problems have not been put forward a good solution. Therefore, how to model shadowsocks traffic and how to solve anonymous traffic identification in high-speed network environment is an urgent problem in the field of domestic network security. Based on the analysis of previous related research results, this paper analyzes the running mechanism of shadowsocks anonymous software, and combines its running process with HTTP protocol, aiming at the above problems. A multi-granularity heuristic traffic identification method and a web site fingerprint recognition algorithm based on mixed stream segmentation are proposed. Multi-granularity heuristic traffic recognition algorithm detects shadowsocks traffic from many aspects such as host behavior, data flow, hidden information and so on, to achieve the purpose of filtering. This method can solve the problem of low recognition accuracy caused by the imbalance of data set caused by the small proportion of anonymous traffic to total data traffic. The website fingerprint recognition algorithm based on mixed flow segmentation is based on the multi-granularity heuristic traffic identification method, selects the website fingerprint feature with high degree of distinction, and clusters the suspicious mixed flow to solve the problem of single site in the mixed flow. Multi-site identification problem to achieve the purpose of reducing false alarm rate. Then, this paper analyzes the difficulties faced by anonymous traffic identification in high-speed network environment, determines the objectives to be achieved by the new system, and combines multi-granularity heuristic traffic identification algorithm and website fingerprint identification algorithm based on mixed flow segmentation. The anonymous traffic identification system of shadowsocks in high-speed network environment is designed and implemented, and the overall design and detailed module design of the identification system are described in detail. Finally, this paper evaluates the multi-granularity heuristic traffic identification algorithm and the website fingerprint recognition algorithm based on mixed flow segmentation by using different sets of real data sets. The running results are analyzed from the aspects of system adaptability and so on, and the high accuracy of the algorithm is verified. At the same time, the anonymous traffic identification system of shadowsocks in high-speed network is tested according to the specific module design, which proves that the system has a high recognition accuracy.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.0
本文编号:2345480
[Abstract]:With the increasing demand for privacy protection of communication data, various anonymous communication technologies have been developed rapidly. However, while this technology protects the personal information of both sides of the communication, As a new anonymous communication software, Shadowsocks has been widely used in China because of its advantages of high speed and easy deployment. Most of the existing research results of anonymous traffic identification have strong pertinence, and have strong dependence on software recognition technology, such as traffic feature extraction, method modeling and so on. However, shadowsocks uses its own unique protocol. The existing methods are difficult to identify. At the same time, most of the current academic analysis results are still in the experimental stage, and the collection and construction of anonymous traffic data set in high-speed network environment, a large number of mixed flow website fingerprint segmentation and other problems have not been put forward a good solution. Therefore, how to model shadowsocks traffic and how to solve anonymous traffic identification in high-speed network environment is an urgent problem in the field of domestic network security. Based on the analysis of previous related research results, this paper analyzes the running mechanism of shadowsocks anonymous software, and combines its running process with HTTP protocol, aiming at the above problems. A multi-granularity heuristic traffic identification method and a web site fingerprint recognition algorithm based on mixed stream segmentation are proposed. Multi-granularity heuristic traffic recognition algorithm detects shadowsocks traffic from many aspects such as host behavior, data flow, hidden information and so on, to achieve the purpose of filtering. This method can solve the problem of low recognition accuracy caused by the imbalance of data set caused by the small proportion of anonymous traffic to total data traffic. The website fingerprint recognition algorithm based on mixed flow segmentation is based on the multi-granularity heuristic traffic identification method, selects the website fingerprint feature with high degree of distinction, and clusters the suspicious mixed flow to solve the problem of single site in the mixed flow. Multi-site identification problem to achieve the purpose of reducing false alarm rate. Then, this paper analyzes the difficulties faced by anonymous traffic identification in high-speed network environment, determines the objectives to be achieved by the new system, and combines multi-granularity heuristic traffic identification algorithm and website fingerprint identification algorithm based on mixed flow segmentation. The anonymous traffic identification system of shadowsocks in high-speed network environment is designed and implemented, and the overall design and detailed module design of the identification system are described in detail. Finally, this paper evaluates the multi-granularity heuristic traffic identification algorithm and the website fingerprint recognition algorithm based on mixed flow segmentation by using different sets of real data sets. The running results are analyzed from the aspects of system adaptability and so on, and the high accuracy of the algorithm is verified. At the same time, the anonymous traffic identification system of shadowsocks in high-speed network is tested according to the specific module design, which proves that the system has a high recognition accuracy.
【学位授予单位】:电子科技大学
【学位级别】:硕士
【学位授予年份】:2017
【分类号】:TP393.0
【参考文献】
相关期刊论文 前10条
1 朱亚玲;张睿敏;;基于SSH框架的用户信息管理的设计与实现[J];电脑知识与技术;2016年09期
2 王玉雷;李玲娟;;一种密度和划分结合的聚类算法[J];计算机技术与发展;2015年09期
3 顾晓丹;杨明;罗军舟;蒋平;;针对SSH匿名流量的网站指纹攻击方法[J];计算机学报;2015年04期
4 龚建华;;JSON格式数据在Web开发中的应用[J];办公自动化;2013年20期
5 陈周国;蒲石;祝世雄;;匿名网络追踪溯源综述[J];计算机研究与发展;2012年S2期
6 张连成;王振兴;苗甫;;网络流量伪装技术研究[J];计算机应用研究;2011年07期
7 刘鑫;王能;;匿名通信综述[J];计算机应用;2010年03期
8 张勇;;基于ReliefF算法的模糊聚类新算法[J];华南金融电脑;2009年01期
9 时雷;虎晓红;席磊;;朴素贝叶斯分类算法及其应用研究[J];光盘技术;2008年11期
10 邓蕊;马永军;刘尧猛;;基于改进交叉验证算法的支持向量机多类识别[J];天津科技大学学报;2007年02期
相关博士学位论文 前1条
1 刘鑫;基于Tor网络的匿名通信研究[D];华东师范大学;2011年
相关硕士学位论文 前1条
1 吴家顺;Website指纹识别攻击与防护技术研究[D];南京理工大学;2013年
,本文编号:2345480
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2345480.html
