基于SDN的实际网络流中Tor网页复合特征提取方法

doi:10.11959/j.issn.1000-436x.2022056

Abstract

Abstract:

Website fingerprinting (WF) methods for Tor webpage traffic are often based on the separated Tor traffic or even the separated Tor webpage traffic.However, distinguishing Tor traffic from the original traffic of the actual network and Tor webpage traffic from the Tor traffic costs amount of computation, which is more difficult than the WF attack itself.According to the current architecture of the Internet and the characteristics of network traffic converging to regional central nodes, the bi-directional statistical feature (BSF) was proposed for distinguishing Tor traffic through the intra-domain global perspective provided by the SDN structure of the central node and the node information disclosed by the Tor network.Furthermore, a hidden feature extraction method for Web traffic based on lifted structure fingerprinting (LSF) was proposed, and a composited Tor-webpage-identification traffic feature (CTTF) was proposed based on BSF and LSF deep features.For solving the problem of traffic training data scarcity, a traffic data augmentation method based on translation was proposed, which made the augmented traffic data as consistent as the Tor traffic data captured in the real working environment.The experimental results show that the identification rate based on CTTF can be improved by about 4% compared with using only the original data features.When there is less training data, the classification accuracy is improved more obvious after using the traffic data augmentation method, and the false positive rate can be effectively reduced.

Key words: traffic discovery, traffic classification, statistical feature, data augmentation

CLC Number:

TP393

Hongping YAN, Qiang ZHOU, Shihao WANG, Wang YAO, Liukun HE, Liangmin WANG. Composite Tor traffic features extraction method of webpage in actual network flow based on SDN[J]. Journal on Communications, 2022, 43(3): 76-87.

Figures/Tables 9

References 37

[1]	HERRMANN D , WENDOLSKY R , FEDERRATH H . Website fingerprinting:attacking popular privacy enhancing technologies with the multinomial na?ve-Bayes classifier[C]// Proceedings of the 2009 ACM Workshop on Cloud Computing Security. New York:ACM Press, 2009: 31-42.
[2]	PANCHENKO A , NIESSEN L , ZINNEN A ,et al. Website fingerprinting in onion routing based anonymization networks[C]// Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society. New York:ACM Press, 2011: 103-114.
[3]	WANG T , CAI X , NITHYANAND R ,et al. Effective attacks and provable defenses for website fingerprinting[C]// 23rd USENIX Security Symposium. Berkeley:USENIX Association, 2014: 143-157.
[4]	SCOTT-HAYWARD S , O’CALLAGHAN G , SEZER S . SDN security:a survey[C]// Proceedings of 2013 IEEE SDN for Future Networks and Services. Piscataway:IEEE Press, 2013: 1-7.
[5]	魏松杰, 孙鑫, 赵茹东 ,等. SDN中IP欺骗数据分组网络溯源方法研究[J]. 通信学报, 2018,39(11): 181-189.
	WEI S J , SUN X , ZHAO R D ,et al. Tracing IP-spoofed packets in software defined network[J]. Journal on Communications, 2018,39(11): 181-189.
[6]	SONG H O , XIANG Y , JEGELKA S ,et al. Deep metric learning via lifted structured feature embedding[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2016: 4004-4012.
[7]	祝现威, 常朝稳, 朱智强 ,等. 基于身份属性的SDN控制转发方法[J]. 通信学报, 2019,40(11): 1-18.
	ZHU X W , CHANG C W , ZHU Z Q ,et al. SDN control and forwarding method based on identity attribute[J]. Journal on Communications, 2019,40(11): 1-18.
[8]	BENZEKKI K , FERGOUGUI A E , ELALAOUI A E . Software-defined networking (SDN):a survey[J]. Security and Communication Networks, 2016,9(18): 5803-5833.
[9]	OCONNOR T , ENCK W , PETULLO W M ,et al. PivotWall:SDN-based information flow control[C]// Proceedings of the Symposium on SDN Research.[S.l.:s.n.], 2018: 1-14.
[10]	LING Z , LUO J Z , XU D N ,et al. Novel and practical SDN-based traceback technique for malicious traffic over anonymous networks[C]// Proceedings of IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2019: 1180-1188.
[11]	MOORE A W , PAPAGIANNAKI K . Toward the accurate identification of network applications[C]// International Workshop on Passive and Active Network Measurement,Berlin:Springer, 2005: 41-54.
[12]	FINSTERBUSCH M , RICHTER C , ROCHA E ,et al. A survey of payload-based traffic classification approaches[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(2): 1135-1156.
[13]	WANG T , GOLDBERG I . Improved website fingerprinting on tor[C]// Proceedings of the 12th ACM Workshop on Privacy in the Electronic Society. New York:ACM Press, 2013: 201-212.
[14]	CAI X , ZHANG X C , JOSHI B ,et al. Touching from a distance:website fingerprinting attacks and defenses[C]// Proceedings of the 2012 ACM Conference on Computer and Communications Security. New York:ACM Press, 2012: 605-616.
[15]	HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2016: 770-778.
[16]	ZHU J Y , PARK T , ISOLA P ,et al. Unpaired image-to-image translation using cycle-consistent adversarial networks[C]// Proceedings of 2017 IEEE International Conference on Computer Vision. Piscataway:IEEE Press, 2017: 2242-2251.
[17]	SIRINAM P , IMANI M , JUAREZ M ,et al. Deep fingerprinting:undermining website fingerprinting defenses with deep learning[C]// Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2018: 1928-1943.
[18]	RIMMER V , PREUVENEERS D , JUAREZ M ,et al. Automated website fingerprinting through deep learning[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 1-16.
[19]	BHAT S , LU D , KWON A ,et al. Var-CNN:a data-efficient website fingerprinting attack based on deep learning[J]. Proceedings on Privacy Enhancing Technologies, 2019,2019(4): 292-310.
[20]	SHEN M , LIU Y T , ZHU L H ,et al. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic[J]. IEEE Transactions on Information Forensics and Security, 2021,16: 2046-2059.
[21]	CADENA W D L , MITSEVA A , HILLER J ,et al. TrafficSliver:fighting website fingerprinting attacks with traffic splitting[C]// Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2020: 1971-1985.
[22]	HARDEGEN C , PFüLB B , RIEGER S ,et al. Predicting network flow characteristics using deep learning and real-world network traffic[J]. IEEE Transactions on Network and Service Management, 2020,17(4): 2662-2676.
[23]	SHI Y , MATSUURA K . Fingerprinting attack on the tor anonymity system[C]// International Conference on Information and Communications Security. Berlin:Springer, 2009: 425-438.
[24]	PANCHENKO A , LANZE F B , ZINNEN A ,et al. Website fingerprinting at Internet scale[C]// Proceedings of 2016 Network and Distributed System Security Symposium. Reston:Internet Society, 2016: 1-15.
[25]	HAYES J , DANEZIS G . K-fingerprinting:a robust scalable website fingerprinting technique[J]. arXiv Preprint,arXiv:1509.00789, 2015.
[26]	MATIC S , TRONCOSO C , CABALLERO J . Dissecting tor bridges:a security evaluation of their private and public infrastructures[C]// Proceedings of 2017 Network and Distributed System Security Symposium. Reston:Internet Society, 2017: 1-15.
[27]	LING Z , LUO J Z , YU W ,et al. Extensive analysis and large-scale empirical evaluation of tor bridge discovery[C]// 2012 Proceedings of IEEE INFOCOM. Piscataway:IEEE Press, 2012: 2381-2389.
[28]	KINGMA D P , BA J . Adam:a method for stochastic optimization[J]. arXiv Preprint,arXiv:1412.6980, 2014.
[29]	WANG L M , MEI H T , SHENG V S . Multilevel identification and classification analysis of tor on mobile and PC platforms[J]. IEEE Transactions on Industrial Informatics, 2021,17(2): 1079-1088.
[30]	LOTFOLLAHI M , SIAVOSHANI M J , ZADE R S H ,et al. Deep packet:a novel approach for encrypted traffic classification using deep learning[J]. Soft Computing, 2020,24(3): 1999-2012.
[31]	CHOPRA S , HADSELL R , LECUN Y . Learning a similarity metric discriminatively,with application to face verification[C]// Proceedings of 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2005: 539-546.
[32]	SCHROFF F , KALENICHENKO D , PHILBIN J . FaceNet:a unified embedding for face recognition and clustering[C]// Proceedings of 2015 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2015: 815-823.
[33]	SOHN K , . Improved deep metric learning with multiclass n-pair loss objective[C]// Advances in Neural Information Processing Systems.[S.l.:s.n.], 2016: 1857-1865.
[34]	PEREZ L , WANG J . The effectiveness of data augmentation in image classification using deep learning[J]. arXiv Preprint,arXiv:1712.04621, 2017.
[35]	兰巨龙, 张学帅, 胡宇翔 ,等. 基于深度强化学习的软件定义网络QoS优化[J]. 通信学报, 2019,40(12): 60-67.
	LAN J L , ZHANG X S , HU Y X ,et al. Software-defined networking QoS optimization based on deep reinforcement learning[J]. Journal on Communications, 2019,40(12): 60-67.
[36]	SUTSKEVER I , MARTENS J , DAHL G ,et al. On the importance of initialization and momentum in deep learning[C]// International Conference on Machine Learning.[S.l.:s.n.], 2013: 1139-1147.
[37]	ZEILER M D . ADADELTA:an adaptive learning rate method[J]. arXiv Preprint,arXiv:1212.5701, 2012.

Metrics

Recommended 0

No Suggested Reading articles found!

Composite Tor traffic features extraction method of webpage in actual network flow based on SDN

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 9

References 37

Related Articles 15

Metrics

Recommended 0

[1]	Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN, Yongliang ZHOU, Jiali MA. Method based on contrastive incremental learning for fine-grained malicious traffic classification [J]. Journal on Communications, 2023, 44(3): 1-11.
[2]	Lingtao TANG, Di WANG, Shengyun LIU. Data augmentation scheme for federated learning with non-IID data [J]. Journal on Communications, 2023, 44(1): 164-176.
[3]	Xueyuan DUAN, Yu FU, Kun WANG, Bin LI. LDoS attack detection method based on simple statistical features [J]. Journal on Communications, 2022, 43(11): 53-64.
[4]	Yifeng WANG, Yuanbo GUO, Qingli CHEN, Chen FANG, Renhao LIN. Method based on contrastive learning for fine-grained unknown malicious traffic classification [J]. Journal on Communications, 2022, 43(10): 12-25.
[5]	Yongjin HU,Yuanbo GUO,Jun MA,Han ZHANG,Xiuqing MAO. Method to generate cyber deception traffic based on adversarial sample [J]. Journal on Communications, 2020, 41(9): 59-70.
[6]	Yong WANG,Huiyi ZHOU,Hao FENG,Miao YE,Wenlong KE. Network traffic classification method basing on CNN [J]. Journal on Communications, 2018, 39(1): 14-23.
[7]	Chang-xi GAO,Ya-biao WU,Cong WANG. Encrypted traffic classification based on packet length distribution of sampling sequence [J]. Journal on Communications, 2015, 36(9): 65-75.
[8]	Ji-cang LU,Fen-lin LIU,Xiang-yang LUO,Yi ZHANG. Recognition of PQ stego images based on identifiable statistical feature [J]. Journal on Communications, 2015, 36(3): 139-148.
[9]	. Automatic extraction for the traffic of unknown network applications [J]. Journal on Communications, 2014, 35(7): 20-171.
[10]	Bian-qin WANG,Shun-zheng YU. Automatic extraction for the traffic of unknown network applications [J]. Journal on Communications, 2014, 35(7): 164-171.
[11]	Zhe YANG,Ling-zhi LI,Qi-jin JI,Yan-qin ZHU. Network traffic classification using decision tree based on minimum partition distance [J]. Journal on Communications, 2012, 33(3): 91-102.
[12]	Liang CHEN,Jian GONG. Fast application-level traffic classification using NetFlow records [J]. Journal on Communications, 2012, 33(1): 145-152.
[13]	Ru-chun FEI,Li-na WANG,Huan-guo ZHANG. Data hiding method based on color table expansion technique [J]. Journal on Communications, 2009, 30(4): 137-140.
[14]	Yong ZHAO,Qiu-lin YAO,Zhi-bin ZHANG,Li GUO,Bin-xing FANG. TPCAD:a text-oriented multi-protocol inference approach [J]. Journal on Communications, 2009, 30(10A): 28-35.
[15]	Xin-guang, SUI,Lei SHEN,Ji-kun YAN,Zhong-liang ZHU. Text steganalysis using AdaBoost [J]. Journal on Communications, 2007, 28(12): 136-140.