基于改进IPD质心的Tor网络流水印检测方法

doi:10.11959/j.issn.2096-109x.2019041

网络与信息安全学报 ›› 2019, Vol. 5 ›› Issue (4): 91-98.doi: 10.11959/j.issn.2096-109x.2019041

基于改进IPD质心的Tor网络流水印检测方法

杜捷(),何永忠,杜晔

北京交通大学计算机与信息技术学院，北京100044

出版日期:2019-08-15 发布日期:2019-08-20
作者简介:杜捷（1993- ），男，青海海东人，北京交通大学硕士生，主要研究方向为网络安全、匿名通信。|何永忠（1969- ），男，重庆人，博士，北京交通大学副教授、硕士生导师，主要研究方向为网络安全、计算机安全、密码协议。|杜晔（1978- ），男，黑龙江哈尔滨人，博士，北京交通大学副教授、博士生导师，主要研究方向为网络安全、态势感知、软件可靠性分析与评估。

Improved method of Tor network flow watermarks based on IPD interval

Jie DU(),Yongzhong HE,Ye DU

School of Computer and Information Technology,Beijing Jiaotong University,Beijing 100044,China

Online:2019-08-15 Published:2019-08-20

摘要/Abstract

摘要：

Tor是一种为隐藏流量源提供服务的匿名网络机制，但其存在入口流量特征明显、易被识别的问题。obfs4等网桥协议为解决此问题应运而生，由此带来的新挑战尚未攻克，因此，提出一种IPD质心方案，利用k-means的聚类特性将原方案进行改进，使加入的流水印在obfs4网桥3种模式上均能被高效地检测出。实验结果表明，改进后的算法有更高的检测率和识别率，且应对不同的网络环境有较强的适应能力，有利于良好安全网络环境的构建。

关键词: 主动流量分析, 网络流水印, 匿名通信, Tor

Abstract:

Tor is an anonymous network mechanism that provides services for hiding traffic sources,but it has the problem that the entry traffic flows of Tor are clearly identifiable.Bridge protocols such as obfs4 come into being to solve this problem,which brings new challenges that have not yet been overcome.An IPD interval scheme is proposed,which uses the clustering characteristics of k-means to improve the original scheme,so that the added flow watermark can be detected efficiently in the three modes of obfs4 bridges.The results of experiments show that the improved algorithm has higher detection rate and recognition rate,and has good adaptability to variable netflow traffic,which is conducive to the construction of a nice secure network environment.

Key words: active traffic analysis, network flow watermarks, anonymous communication, Tor

中图分类号:

TP391.1

杜捷,何永忠,杜晔. 基于改进IPD质心的Tor网络流水印检测方法[J]. 网络与信息安全学报, 2019, 5(4): 91-98.

Jie DU,Yongzhong HE,Ye DU. Improved method of Tor network flow watermarks based on IPD interval[J]. Chinese Journal of Network and Information Security, 2019, 5(4): 91-98.

图/表 11

图1

图2

图3

表1

表2

图4

图5

图6

图7

图8

图9

参考文献 13

[1]	WANG X , REEVES D . Robust correlation of encrypted attack traffic through stepping stones by flow watermarking[J]. IEEE Transactions on Dependable and Secure Computing, 2011,8(3): 434-449.
[2]	SNOEREN A , PATRIDGE C ,et al. Hash-based IP traceback[C]// Proceedings of ACM SIGCOMM, 2001: 3-14.
[3]	GOODRICH M T , . Efficient packet marking for large-scale iptraceback[C]// Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002). 2002: 117-126.
[4]	吕博, 廖勇, 谢海永 . Tor 匿名网络攻击技术综述[J]. 中国电子科学研究院学报, 2017(1): 14-15.
	LV B , LIAO Y , XIE H Y . Survey on attack technologies to Tor anonymous network[J]. Journal of CAEIT, 2017(1): 14-15
[5]	何永忠, 李响, 陈美玲 ,等. 基于云流量混淆的 Tor 匿名通信识别方法[J]. 工程科学与技术, 2017(2): 121-122.
	HE Y Z , LI X , CHEN M L ,et al. Identification of Tor anonymous communication with cloud traffic obfuscation[J]. Advanced Engineering Sciences, 2017(2): 121-122.
[6]	WANG X , CHEN S , JAJODIA S . Tracking anonymous peer-to-peer VoIP calls on the Internet[C]// ACM Conference on Computer and Communications Security. 2005: 81-91.
[7]	HOUMANSADR A , KIYAVASH N , BORISOV N . RAINBOW:a robust and invisible non-blind watermark for network flows[C]// Network and Distributed System Security Symposium,San Diego, 2009.
[8]	WANG X , CHEN S , JAJODIA S . Network flow watermarking attack on low-latency anonymous communication systems[C]// IEEE Symposium on Security and Privacy. IEEE Computer Society, 2007: 116-130.
[9]	PYUN Y J , PARK Y H , WANG X ,et al. Tracing traffic through intermediate hosts that repacketize flows[C]// IEEE International Conference on Computer Communications. 2007: 634-642.
[10]	PANCHENKO A , LANZE F , ZINNEN A ,et al. Website fingerprinting at internet scale[C]// Network and Distributed System Security Symposium. 2016.
[11]	郭晓军, 程光, 朱琛刚 ,等. 主动网络流水印技术研究进展[J]. 通信学报, 2014,35(7): 178-192.
	GUO X J , CHENG G , ZHU C G ,et al. Progress in research on active network flow watermark[J]. Journal on Communications, 2014,35(7): 178-192.
[12]	LEI C , ZHANG H , LIU Y ,et al. Net-flow fingerprint model based on optimization theory[J]. Arabian Journal for Science ＆ Engineering, 2016,41(8): 3081-3088.
[13]	KIYAVASH N , HOUMANSADR A , BORISOV N . Multi-flow attacks against network flow watermarking schemes[C]// Conference on Security Symposium. USENIX Association, 2008: 307-320.

名称	聚类中心C₀	聚类中心C₁
中心值/ms	19.650 164 83	85.742 117 29
中心数目	140	57

项目	聚类中心C₀′	聚类中心C₁′
中心值	23.265 414 24	99.079 305 76
中心数目	115	91

基于改进IPD质心的Tor网络流水印检测方法

Improved method of Tor network flow watermarks based on IPD interval

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 13

相关文章 3

Metrics

推荐阅读 0

[1]	史鑫, 郭云飞, 王亚文, 孙小丽, 梁浩. Tor网桥分发中融合物理-社交属性的女巫节点检测机制[J]. 网络与信息安全学报, 2023, 9(1): 103-114.
[2]	王良民,倪晓铃,赵蕙. 网络层匿名通信协议综述[J]. 网络与信息安全学报, 2020, 6(1): 11-26.
[3]	杨云, 李凌燕, 魏庆征. 匿名网络Tor与I2P的比较研究[J]. 网络与信息安全学报, 2019, 5(1): 66-77.