Tor网桥分发中融合物理-社交属性的女巫节点检测机制

doi:10.11959/j.issn.2096-109x.2023014

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (1): 103-114.doi: 10.11959/j.issn.2096-109x.2023014

Tor网桥分发中融合物理-社交属性的女巫节点检测机制

史鑫, 郭云飞, 王亚文, 孙小丽, 梁浩

信息工程大学，河南郑州 450001

修回日期:2022-07-06 出版日期:2023-02-25 发布日期:2023-02-01
作者简介:史鑫（1995- ），男，吉林长春人，信息工程大学博士生，主要研究方向为匿名网络、隐蔽通信和博弈论
郭云飞（1963- ），男，河南郑州人，信息工程大学教授、博士生导师，主要研究方向为网络空间安全、云安全和电信网安全
王亚文（1990- ），男，河南郑州人，信息工程大学助理研究员，主要研究方向为拟态防御和云计算
孙小丽（1992- ），女，河南南阳人，信息工程大学助理研究员，主要研究方向为信息超材料、隐蔽通信和毫米波
梁浩（1987- ），男，河南郑州人，信息工程大学副研究员，主要研究方向为网络空间安全和主动防御技术
基金资助:
国家重点研发计划(2021YFB1006200);国家重点研发计划(2021YFB1006201);国家自然科学基金(62072467);国家自然科学基金(62002383)

Physical-social attributes integrated Sybil detection for Tor bridge distribution

Xin SHI, Yunfei GUO, Yawen WANG, Xiaoli SUN, Hao LIANG

Information Engineering University, Zhengzhou 450001, China

Revised:2022-07-06 Online:2023-02-25 Published:2023-02-01
Supported by:
The National Key R＆D Program of China(2021YFB1006200);The National Key R＆D Program of China(2021YFB1006201);The National Natural Science Foundation of China(62072467);The National Natural Science Foundation of China(62002383)

摘要/Abstract

摘要：

作为目前应用范围最广的网络审查规避系统之一，Tor 在网桥分发过程中面临着严重的女巫攻击威胁。具有丰富网络和人力资源的审查者往往会部署大量女巫节点，它们通过伪装成正常节点来获取网桥信息并将其封锁或屏蔽。在此过程中，由于女巫节点和正常节点身份、目的和意图的不同，在网络活动中会产生个体或群体行为差异，称为节点行为特征。针对上述女巫攻击威胁，在分析节点行为特征的基础上提出了融合物理-社交属性的女巫节点检测机制。设计了节点物理域和社交域属性评估方法。采用客观反映节点上网桥正常运行状态的节点积分值和体现网桥屏蔽情况的节点风险指数来评估节点的物理域属性；用描述节点静态属性标签的社交相似度和刻画节点动态交互行为特征的社交信任度来评估节点的社交域属性。进而，融合节点的物理域和社交域属性定义可信度指标，表征当前节点为女巫节点的可能性，并以此为指导推测节点的真实身份，实现对女巫节点的精准检测。基于构建的Tor网络运行情况模拟器和MicroblogPCU数据集对所提机制的检测性能进行仿真实验。结果表明，所提机制能够有效提高女巫节点识别率，降低误检率，对于审查者的迷惑行为具有更强抵御能力，并且在节点社交属性缺失情况下仍具有良好检测性能。

关键词: Tor网桥分发, 女巫节点检测, 行为特征, 物理-社交属性

Abstract:

As one of the most widely utilized censorship circumvention systems, Tor faces serious Sybil attacks in bridge distribution.Censors with rich network and human resources usually deploy a large number of Sybils, which disguise themselves as normal nodes to obtain bridges information and block them.In the process, due to the different identities, purposes and intentions of Sybils and normal nodes, individual or group behavior differences occur in network activities, called as node behavior characteristics.To handle the Sybil attacks threat, a Sybil detection mechanism integrating physical-social attributes was proposed based on the analysis of node behavior characteristics.The physical-social attributes evaluation methods were designed.The credit value of nodes objectively reflecting the operation status of bridges on the nodes and the suspicion index of nodes reflecting the blocking status of bridges, were utilized to evaluate the physical attributes of nodes.The social attributes of nodes were evaluated by the social similarity, which described the static attribute labels of nodes and their social trust characterizing the dynamic interaction behaviors of nodes.Furthermore, integrating the physical-social attributes, the credibility of nodes were defined as the possibility of the current node being a Sybil, which was exploited as a guidance on inferring the true identifies of nodes, so as to achieve accurate detection on Sybils.The detection performance of the proposed mechanism based on the constructed Tor network operation status simulator and the Microblog PCU dataset were simulated.The results show that the proposed mechanism can effectively improve the true positive rate on Sybils, and decrease the false positive rate.It also has stronger resistance on the deceptive behavior of censors, and still performs well in the absence of node social attributes.

Key words: Tor bridge distribution, Sybil detection, behavior characteristics, physical-social attributes

中图分类号:

TP393

史鑫, 郭云飞, 王亚文, 孙小丽, 梁浩. Tor网桥分发中融合物理-社交属性的女巫节点检测机制[J]. 网络与信息安全学报, 2023, 9(1): 103-114.

Xin SHI, Yunfei GUO, Yawen WANG, Xiaoli SUN, Hao LIANG. Physical-social attributes integrated Sybil detection for Tor bridge distribution[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 103-114.

图/表 10

图1

图2

图3

图4

图5

表1

图6

表2

图7

图8

参考文献 32

[1]	DOUGLAS F E . Circumvention of censorship of internet access and publication[D]. University of Illinois at Urbana-Champaign, 2017.
[2]	FIFIELD D . Threat modeling and circumvention of internet censorship[D]. University of California Berkeley, 2017.
[3]	LEBERKNIGHT C S , CHIANG M , WONG F M F . A taxonomy of censors and anti-censors part II:Anti-censorship technologies[J]. International Journal of E-Politics (IJEP), 2012,3(4): 20-35.
[4]	TSCHANTZ M C , AFROZ S , PAXSON V . Sok:towards grounding censorship circumvention in empiricism[C]// IEEE Symposium on Security and Privacy. 2016: 914-933.
[5]	NOBORI D , SHINJO Y . VPN gate:a volunteer-organized public vpn relay system with blocking resistance for bypassing government censorship firewalls[C]// 11th USENIX Symposium on Networked Systems Design and Implementation. 2014: 229-241.
[6]	ZOLFAGHARI H , HOUMANSADR A . Practical censorship evasion leveraging content delivery networks[C]// ACM SIGSAC Conference on Computer and Communications Security. 2016: 1715-1726.
[7]	NASR M , ZOLFAGHARI H , HOUMANSADR A . The waterfall of liberty:Decoy routing circumvention that resists routing attacks[C]// ACM SIGSAC Conference on Computer and Communications Security. 2017: 2037-2052.
[8]	WANG Q , LIN Z , BORISOV N ,et al. rBridge:user reputation based tor bridge distribution with privacy preservation[C]// Network and Distributed Systems Security Symposium. 2013.
[9]	杨云, 李凌燕, 魏庆征 . 匿名网络Tor与I2P的比较研究[J]. 网络与信息安全学报, 2019,5(1): 66-77.
	YANG Y , LI L Y , WEI Q Z . Comparative study of anonymous network Tor and I2P[J]. Chinese Journal of Network and Information Security, 2019,5(1): 66-77.
[10]	PORTAL T M . The Tor project[EB].
[11]	王啸, 方滨兴, 刘培朋 ,等. Tor匿名通信网络节点家族的测量与分析[J]. 通信学报, 2015,36(2): 84-91.
	WANG X , FANG B X , LIU P M ,et al. Measuring and analyzing node families in the Tor anonymous communication network[J]. Journal on Communications, 2015,36(2): 84-91.
[12]	罗军舟, 杨明, 凌振 ,等. 匿名通信与暗网研究综述[J]. 计算机研究与发展, 2019,56(1): 103-130.
	LUO J Z , YANG M , LING Z ,et al. Anonymous communication and darknet:a survey[J]. Journal of Computer Research and Development, 2019 56(1): 103-130.
[13]	杜捷, 何永忠, 杜晔 . 基于改进IPD质心的Tor网络流水印检测方法[J]. 网络与信息安全学报, 2019,5(4): 91-98.
	DU J , HE Y Z , DU Y . Improved method of Tor network flow watermarks based on IPD interval[J]. Chinese Journal of Network and Information Security, 2019,5(4): 91-98.
[14]	WINTER P , LINDSKOG S . How the great firewall of China is blocking Tor[C]// USENIX Workshop on Free and Open Communications on the Internet (FOCI). Bellevue,USA, 2012.
[15]	MAHDIAN M , . Fighting censorship with algorithms[C]// Internet Conference on Fun with Algorithms. 2010: 296-306.
[16]	ZAMANI M , SAIA J , CRANDALL J . TorBricks:blocking- resistant Tor bridge distribution[C]// International Symposium on Stabilization,Safety,and Security of Distributed Systems. 2017: 426-440.
[17]	MCCOY D , MORALES J A , LEVCHENKO K . Proximax:A measurement based system for proxies dissemination[J]. Financial Cryptography and Data Security, 2011,5(9): 1-10.
[18]	DOUGLAS F , PAN W , CAESAR M . Salmon:robust proxy distribution for censorship circumvention[J]. Proceedings on Privacy Enhancing Technologies, 2016,(4): 4-20.
[19]	NASR M , FARHANG S , HOUMANSADR A ,et al. Enemy at the gateways:Censorship-resilient proxy distribution using game theory[C]// Network and Distributed Systems Security Symposium. 2019.
[20]	GE K , HE Y . Detection of sybil attack on Tor resource distribution[C]// IEEE International Conference on Power,Intelligent Computing and Systems. 2020: 328-332.
[21]	SANATINIA A , NOUBIR G . Honey onions:a framework for characterizing and identifying misbehaving tor HSDirs[C]// 2016 IEEE Conference on Communications and Network Security (CNS). 2016: 127-135.
[22]	康恺, 张颖君, 连一峰 ,等. 一种社交网络 Sybil 用户检测方法[J]. 计算机科学, 2016,43(1): 172-177.
	KANG K , YANG Y J , LIAN Y F ,et al. Compound approach for sybil users detection in social networks[J]. Computer Science, 2016,43(1): 328-332.
[23]	吴大鹏, 司书山, 闫俊杰 ,等. 基于行为特征分析的社交网络女巫节点检测机制[J]. 电子与信息学报, 2017,39(9): 2089-2096.
	WU D P , SI S S , YAN J J ,et al. Behaviors analysis based sybil detection in social networks[J]. Journal of Electronics and Information Technology, 2017,39(9): 2089-2096.
[24]	方晓汾, 方凯, 汪小东 ,等. 基于能耗信任值的无线传感器网络Sybil 攻击检测方法研究[J]. 传感技术学报, 2020,33(6): 907-915.
	FANG F X , FANG K , WANG X D ,et al. Sybil attack detection method based on energy consumption trust value in WSN[J]. Chinese Journal of Sensors and Actuators, 2020,33(6): 907-915.
[25]	WU D , SI S , WANG H ,et al. Social influence aware sybil detection in social networks[C]// 2017 IEEE/CIC International Conference on Communications in China (ICCC). 2017: 1-4.
[26]	GEDDES J , SCHUCHARD M , HOPPER N . Cover your acks:Pitfalls of covert channel censorship circumvention[C]// ACM SIGSAC Conference on Computer ＆ Communications Security. 2013: 361-372.
[27]	MOHAJERI MOGHADDAM H , LI B , DERAKHSHANI M ,et al. Skypemorph:protocol obfuscation for Tor bridges[C]// ACM Conference on Computer and Communications Security. 2012: 97-108.
[28]	SMITS R , JAIN D , PIDCOCK S ,et al. BridgeSPA:improving tor bridges with single packet authorization[C]// Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. 2011: 93-102.
[29]	WU D , ZHOU L , CAI Y . Social-aware rate based content sharing mode selection for D2D content sharing scenarios[J]. IEEE Transactions on Multimedia, 2017,19(11): 2571-2582.
[30]	LIU Z , LIU Y , WINTER P ,et al. TorPolice:Towards enforcing service-defined access policies for anonymous communication in the Tor network[C]// 2017 IEEE 25th International Conference on Network Protocols (ICNP). 2017: 1-10.
[31]	SYVERSON P , DINGLEDINE R , MATHEWSON N . Tor:The second generation onion router[C]// Usenix Security. 2004: 303-320.
[32]	XU G , ZHOU D , LIU J . Social network spam detection based on ALBERT and combination of Bi-LSTM with self-attention[J]. Security and Communication Networks, 2021.

权重系数设置(ω_φ,ω_φ,ω_α,ω_β)	策略代号	说明
(0.25,0.25,0.25,0.25)	A	均衡设置
(0.5,0.5,0,0)	B	仅物理属性
(0,0,0.5,0.5)	C	仅社交属性
(0.4,0.4,0.1,0.1)	D	物理属性增强
(0.1,0.1,0.4,0.4)	E	社交属性增强

权重系数设置	激进型策略AUC值	保守型策略AUC值	性能损失
A（均衡设置）	0.955 5	0.949 2	0.66%
B（仅物理属性）	0.815 5	0.801 5	1.72%
C（仅社交属性）	0.906 1	0.906 1	0
D（物理属性增强）	0.960 1	0.944 9	1.58%
E（社交属性增强）	0.934 0	0.928 7	0.57%

Tor网桥分发中融合物理-社交属性的女巫节点检测机制

Physical-social attributes integrated Sybil detection for Tor bridge distribution

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 32

相关文章 15

Metrics

推荐阅读 0

[1]	陈先意, 顾军, 颜凯, 江栋, 许林峰, 付章杰. 针对车牌识别系统的双重对抗攻击[J]. 网络与信息安全学报, 2023, 9(3): 16-27.
[2]	叶天鹏, 林祥, 李建华, 张轩凯, 许力文. 面向雾计算的个性化轻量级分布式网络入侵检测系统[J]. 网络与信息安全学报, 2023, 9(3): 28-37.
[3]	祖立军, 曹雅琳, 门小骅, 吕智慧, 叶家炜, 李泓一, 张亮. 基于隐私风险评估的脱敏算法自适应方法[J]. 网络与信息安全学报, 2023, 9(3): 49-59.
[4]	夏锐琪, 李曼曼, 陈少真. 基于机器学习的分组密码结构识别[J]. 网络与信息安全学报, 2023, 9(3): 79-89.
[5]	袁静怡, 李子川, 彭国军. EN-Bypass：针对邮件代发提醒机制的安全评估方法[J]. 网络与信息安全学报, 2023, 9(3): 90-101.
[6]	余锋, 林庆新, 林晖, 汪晓丁. 基于生成对抗网络的隐私增强联邦学习方案[J]. 网络与信息安全学报, 2023, 9(3): 113-122.
[7]	朱春陶, 尹承禧, 张博林, 殷琪林, 卢伟. 基于多域时序特征挖掘的伪造人脸检测方法[J]. 网络与信息安全学报, 2023, 9(3): 123-134.
[8]	李晓萌, 郭玳豆, 卓训方, 姚恒, 秦川. 载体独立的抗屏摄信息膜叠加水印算法[J]. 网络与信息安全学报, 2023, 9(3): 135-149.
[9]	蔡召, 荆涛, 任爽. 以太坊钓鱼诈骗检测技术综述[J]. 网络与信息安全学报, 2023, 9(2): 21-32.
[10]	潘雁, 林伟, 祝跃飞. 渐进式的协议状态机主动推断方法[J]. 网络与信息安全学报, 2023, 9(2): 81-93.
[11]	杨盼, 康绯, 舒辉, 黄宇垚, 吕小少. 基于函数摘要的二进制程序污点分析优化方法[J]. 网络与信息安全学报, 2023, 9(2): 115-131.
[12]	肖天, 江智昊, 唐鹏, 黄征, 郭捷, 邱卫东. 基于深度强化学习的高性能导向性模糊测试方案[J]. 网络与信息安全学报, 2023, 9(2): 132-142.
[13]	袁承昊, 李勇, 任爽. 多关键词动态可搜索加密方案[J]. 网络与信息安全学报, 2023, 9(2): 143-153.
[14]	侯泽洲, 任炯炯, 陈少真. 基于神经网络区分器的SIMON-like算法参数安全性评估[J]. 网络与信息安全学报, 2023, 9(2): 154-163.
[15]	郭学镜, 方毅翔, 赵怡, 张天助, 曾文超, 王俊祥. 基于传统引导机制的深度鲁棒水印算法[J]. 网络与信息安全学报, 2023, 9(2): 175-183.