Tor网桥分发中融合物理-社交属性的女巫节点检测机制

doi:10.11959/j.issn.2096-109x.2023014

Abstract

Abstract:

As one of the most widely utilized censorship circumvention systems, Tor faces serious Sybil attacks in bridge distribution.Censors with rich network and human resources usually deploy a large number of Sybils, which disguise themselves as normal nodes to obtain bridges information and block them.In the process, due to the different identities, purposes and intentions of Sybils and normal nodes, individual or group behavior differences occur in network activities, called as node behavior characteristics.To handle the Sybil attacks threat, a Sybil detection mechanism integrating physical-social attributes was proposed based on the analysis of node behavior characteristics.The physical-social attributes evaluation methods were designed.The credit value of nodes objectively reflecting the operation status of bridges on the nodes and the suspicion index of nodes reflecting the blocking status of bridges, were utilized to evaluate the physical attributes of nodes.The social attributes of nodes were evaluated by the social similarity, which described the static attribute labels of nodes and their social trust characterizing the dynamic interaction behaviors of nodes.Furthermore, integrating the physical-social attributes, the credibility of nodes were defined as the possibility of the current node being a Sybil, which was exploited as a guidance on inferring the true identifies of nodes, so as to achieve accurate detection on Sybils.The detection performance of the proposed mechanism based on the constructed Tor network operation status simulator and the Microblog PCU dataset were simulated.The results show that the proposed mechanism can effectively improve the true positive rate on Sybils, and decrease the false positive rate.It also has stronger resistance on the deceptive behavior of censors, and still performs well in the absence of node social attributes.

Key words: Tor bridge distribution, Sybil detection, behavior characteristics, physical-social attributes

CLC Number:

TP393

Xin SHI, Yunfei GUO, Yawen WANG, Xiaoli SUN, Hao LIANG. Physical-social attributes integrated Sybil detection for Tor bridge distribution[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 103-114.

Figures/Tables 10

References 32

[1]	DOUGLAS F E . Circumvention of censorship of internet access and publication[D]. University of Illinois at Urbana-Champaign, 2017.
[2]	FIFIELD D . Threat modeling and circumvention of internet censorship[D]. University of California Berkeley, 2017.
[3]	LEBERKNIGHT C S , CHIANG M , WONG F M F . A taxonomy of censors and anti-censors part II:Anti-censorship technologies[J]. International Journal of E-Politics (IJEP), 2012,3(4): 20-35.
[4]	TSCHANTZ M C , AFROZ S , PAXSON V . Sok:towards grounding censorship circumvention in empiricism[C]// IEEE Symposium on Security and Privacy. 2016: 914-933.
[5]	NOBORI D , SHINJO Y . VPN gate:a volunteer-organized public vpn relay system with blocking resistance for bypassing government censorship firewalls[C]// 11th USENIX Symposium on Networked Systems Design and Implementation. 2014: 229-241.
[6]	ZOLFAGHARI H , HOUMANSADR A . Practical censorship evasion leveraging content delivery networks[C]// ACM SIGSAC Conference on Computer and Communications Security. 2016: 1715-1726.
[7]	NASR M , ZOLFAGHARI H , HOUMANSADR A . The waterfall of liberty:Decoy routing circumvention that resists routing attacks[C]// ACM SIGSAC Conference on Computer and Communications Security. 2017: 2037-2052.
[8]	WANG Q , LIN Z , BORISOV N ,et al. rBridge:user reputation based tor bridge distribution with privacy preservation[C]// Network and Distributed Systems Security Symposium. 2013.
[9]	杨云, 李凌燕, 魏庆征 . 匿名网络Tor与I2P的比较研究[J]. 网络与信息安全学报, 2019,5(1): 66-77.
	YANG Y , LI L Y , WEI Q Z . Comparative study of anonymous network Tor and I2P[J]. Chinese Journal of Network and Information Security, 2019,5(1): 66-77.
[10]	PORTAL T M . The Tor project[EB].
[11]	王啸, 方滨兴, 刘培朋 ,等. Tor匿名通信网络节点家族的测量与分析[J]. 通信学报, 2015,36(2): 84-91.
	WANG X , FANG B X , LIU P M ,et al. Measuring and analyzing node families in the Tor anonymous communication network[J]. Journal on Communications, 2015,36(2): 84-91.
[12]	罗军舟, 杨明, 凌振 ,等. 匿名通信与暗网研究综述[J]. 计算机研究与发展, 2019,56(1): 103-130.
	LUO J Z , YANG M , LING Z ,et al. Anonymous communication and darknet:a survey[J]. Journal of Computer Research and Development, 2019 56(1): 103-130.
[13]	杜捷, 何永忠, 杜晔 . 基于改进IPD质心的Tor网络流水印检测方法[J]. 网络与信息安全学报, 2019,5(4): 91-98.
	DU J , HE Y Z , DU Y . Improved method of Tor network flow watermarks based on IPD interval[J]. Chinese Journal of Network and Information Security, 2019,5(4): 91-98.
[14]	WINTER P , LINDSKOG S . How the great firewall of China is blocking Tor[C]// USENIX Workshop on Free and Open Communications on the Internet (FOCI). Bellevue,USA, 2012.
[15]	MAHDIAN M , . Fighting censorship with algorithms[C]// Internet Conference on Fun with Algorithms. 2010: 296-306.
[16]	ZAMANI M , SAIA J , CRANDALL J . TorBricks:blocking- resistant Tor bridge distribution[C]// International Symposium on Stabilization,Safety,and Security of Distributed Systems. 2017: 426-440.
[17]	MCCOY D , MORALES J A , LEVCHENKO K . Proximax:A measurement based system for proxies dissemination[J]. Financial Cryptography and Data Security, 2011,5(9): 1-10.
[18]	DOUGLAS F , PAN W , CAESAR M . Salmon:robust proxy distribution for censorship circumvention[J]. Proceedings on Privacy Enhancing Technologies, 2016,(4): 4-20.
[19]	NASR M , FARHANG S , HOUMANSADR A ,et al. Enemy at the gateways:Censorship-resilient proxy distribution using game theory[C]// Network and Distributed Systems Security Symposium. 2019.
[20]	GE K , HE Y . Detection of sybil attack on Tor resource distribution[C]// IEEE International Conference on Power,Intelligent Computing and Systems. 2020: 328-332.
[21]	SANATINIA A , NOUBIR G . Honey onions:a framework for characterizing and identifying misbehaving tor HSDirs[C]// 2016 IEEE Conference on Communications and Network Security (CNS). 2016: 127-135.
[22]	康恺, 张颖君, 连一峰 ,等. 一种社交网络 Sybil 用户检测方法[J]. 计算机科学, 2016,43(1): 172-177.
	KANG K , YANG Y J , LIAN Y F ,et al. Compound approach for sybil users detection in social networks[J]. Computer Science, 2016,43(1): 328-332.
[23]	吴大鹏, 司书山, 闫俊杰 ,等. 基于行为特征分析的社交网络女巫节点检测机制[J]. 电子与信息学报, 2017,39(9): 2089-2096.
	WU D P , SI S S , YAN J J ,et al. Behaviors analysis based sybil detection in social networks[J]. Journal of Electronics and Information Technology, 2017,39(9): 2089-2096.
[24]	方晓汾, 方凯, 汪小东 ,等. 基于能耗信任值的无线传感器网络Sybil 攻击检测方法研究[J]. 传感技术学报, 2020,33(6): 907-915.
	FANG F X , FANG K , WANG X D ,et al. Sybil attack detection method based on energy consumption trust value in WSN[J]. Chinese Journal of Sensors and Actuators, 2020,33(6): 907-915.
[25]	WU D , SI S , WANG H ,et al. Social influence aware sybil detection in social networks[C]// 2017 IEEE/CIC International Conference on Communications in China (ICCC). 2017: 1-4.
[26]	GEDDES J , SCHUCHARD M , HOPPER N . Cover your acks:Pitfalls of covert channel censorship circumvention[C]// ACM SIGSAC Conference on Computer ＆ Communications Security. 2013: 361-372.
[27]	MOHAJERI MOGHADDAM H , LI B , DERAKHSHANI M ,et al. Skypemorph:protocol obfuscation for Tor bridges[C]// ACM Conference on Computer and Communications Security. 2012: 97-108.
[28]	SMITS R , JAIN D , PIDCOCK S ,et al. BridgeSPA:improving tor bridges with single packet authorization[C]// Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. 2011: 93-102.
[29]	WU D , ZHOU L , CAI Y . Social-aware rate based content sharing mode selection for D2D content sharing scenarios[J]. IEEE Transactions on Multimedia, 2017,19(11): 2571-2582.
[30]	LIU Z , LIU Y , WINTER P ,et al. TorPolice:Towards enforcing service-defined access policies for anonymous communication in the Tor network[C]// 2017 IEEE 25th International Conference on Network Protocols (ICNP). 2017: 1-10.
[31]	SYVERSON P , DINGLEDINE R , MATHEWSON N . Tor:The second generation onion router[C]// Usenix Security. 2004: 303-320.
[32]	XU G , ZHOU D , LIU J . Social network spam detection based on ALBERT and combination of Bi-LSTM with self-attention[J]. Security and Communication Networks, 2021.

Metrics

Recommended 0

No Suggested Reading articles found!

权重系数设置(ω_φ,ω_φ,ω_α,ω_β)	策略代号	说明
(0.25,0.25,0.25,0.25)	A	均衡设置
(0.5,0.5,0,0)	B	仅物理属性
(0,0,0.5,0.5)	C	仅社交属性
(0.4,0.4,0.1,0.1)	D	物理属性增强
(0.1,0.1,0.4,0.4)	E	社交属性增强

权重系数设置	激进型策略AUC值	保守型策略AUC值	性能损失
A（均衡设置）	0.955 5	0.949 2	0.66%
B（仅物理属性）	0.815 5	0.801 5	1.72%
C（仅社交属性）	0.906 1	0.906 1	0
D（物理属性增强）	0.960 1	0.944 9	1.58%
E（社交属性增强）	0.934 0	0.928 7	0.57%

Physical-social attributes integrated Sybil detection for Tor bridge distribution

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 32

Related Articles 15

Metrics

Recommended 0

[1]	Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27.
[2]	Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37.
[3]	Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59.
[4]	Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89.
[5]	Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101.
[6]	Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122.
[7]	Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134.
[8]	Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149.
[9]	Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32.
[10]	Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93.
[11]	Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131.
[12]	Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142.
[13]	Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153.
[14]	Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163.
[15]	Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183.