基于云流量混淆的Tor匿名通信识别方法

发布时间：2018-05-09 13:01

本文选题：匿名通信 + Tor　；参考：《工程科学与技术》2017年02期

【摘要】：针对采用云流量混淆Meek机制的Tor匿名通信流量与其他普通云流量难于区分识别的问题,提出了基于流静态特征的Tor匿名通信识别方法和基于支持向量机SVM分类算法的Tor匿名通信识别方法。本文首先从连接特征分析、数据包静态特征分析以及数据流动态特征分析出发,通过对大量Tor-Meek通信流量以及非Tor-Meek通信流量的对比实验研究,确定了7个具有特异性和较强区分度的Tor-Meek通信流量的静态和动态流量征,然后在此基础之上提出了基于特征匹配算法的Tor-Meek匿名通信识别方法,该方法能够快速识别Tor-Meek通信流量,对于包含大于200个包的流识别准确率大于90%。为了进一步适应Tor的版本变化带来的特征改变,基于Meek流分片机制的数据流统计特征分析,分别从长度及个数、长度方差、长度熵、接收发送序列等4个方面,提出了识别Tor-Meek流的16种Tor-Meek流量统计特征,采用SVM分类算法对Tor-Meek流量进行识别,通过系统的实验研究不同特征组合、不同算法参数选择的算法识别准确率和召回率,筛选出最优的特征组合和参数。在实验室环境中搭建实验数据采集平台并采集Tor-Meek通信和其他通信数据进行实验,该算法对长度大于40个包Tor-Meek流的识别准确率大于97%,召回率大于99%,且具有较高的识别效率。实验结果表明,采用特征匹配可以实现对云流量混淆Tor匿名通信的快速识别,而基于流分片统计特征的分类算法对不同Tor通信软件版本的变化具有更高的稳定性和识别准确率。
[Abstract]:In view of the problem that Tor anonymous communication traffic with cloud traffic confusion Meek mechanism is difficult to distinguish between other common cloud traffic and other common cloud traffic, this paper proposes a Tor anonymous communication recognition method based on flow static characteristics and Tor anonymous communication recognition method based on support vector machine SVM classification algorithm. Based on the analysis and dynamic feature analysis of data flow, 7 static and dynamic traffic signs of Tor-Meek traffic with specific and strong segmentation are determined by comparing a large number of Tor-Meek traffic and non Tor-Meek traffic flow, and then a Tor-Meek based on feature matching algorithm is proposed. The method of anonymous communication recognition, which can quickly identify Tor-Meek traffic, is based on the statistical feature analysis of the data flow based on the Meek stream partition mechanism, based on the length and number, length variance, length entropy, and the length entropy, for the feature changes brought about by the flow recognition accuracy of more than 200 packets greater than 90%. in order to further adapt to the Tor. In 4 aspects, such as receiving and sending sequence, the statistical characteristics of 16 kinds of Tor-Meek traffic identification for Tor-Meek flow are proposed. The SVM classification algorithm is used to identify the flow of Tor-Meek. The accuracy rate and recall rate are identified by the experiment of the system, and the optimal feature combination and parameters are selected. In the room environment, experimental data acquisition platform is set up and Tor-Meek communication and other communication data are collected. The recognition accuracy of the algorithm is more than 97%, the recall rate is greater than 99%, and the recognition efficiency is higher than 40 packets Tor-Meek flow. The experimental results show that the use of feature matching can realize the cloud traffic confusion Tor anonymous pass. Fast identification of letters, and classification algorithm based on statistical characteristics of streaming slices has higher stability and accuracy of identification for different Tor communication software versions.

【作者单位】：北京交通大学智能交通数据安全与隐私保护技术北京市重点实验室;北京交通大学计算机与信息技术学院;
【基金】：国家自然科学基金资助项目(61402035)
【分类号】：TN918

【相似文献】