网络安全与数据治理2023,Vol.42Issue(12):41-47,7.DOI:10.19358/j.issn.2097-1788.2023.12.007
融合协议信息的TOR匿名网络流量识别方法
TOR anonymity network traffic recognition method integrating protocol information fusion
杨刚 1姜舟 1张娇婷 1汪俊永 1王强 2张研1
作者信息
- 1. 三六零数字安全科技集团有限公司,北京 100020
- 2. 中国科学院信息工程研究所,北京 100093||中国科学院大学网络空间安全学院,北京 100049
- 折叠
摘要
Abstract
Traffic analysis in the TOR(The Onion Router)anonymous network has become a challenging task.With the iterative updates of TOR's obfuscation techniques,the introduction of the OBFS4 obfuscation protocol has made it increasingly difficult to detect TOR traffic.This paper provided a detailed study of TOR's behavioral features,incorporating features of the OBFS4(Ob-ject-Based File System4)obfuscation protocol algorithm to enhance the capability of detecting obfuscated traffic.In addition,this paper constructed a dataset covering various tunnel types,including web browsing,video streaming,and chat,to conduct experi-ments.The results show that the proposed method has significant effect on TOR traffic detection tasks based on the OBFS4 obfus-cation protocol.The use of the lightGBM model has achieved the best detection performance,with an accuracy of 98.89%when combining protocol features.Our approach was tested on various versions of TOR traffic,and the accuracy in detecting different versions of TOR traffic exceeded 97%in all cases.关键词
TOR/混淆协议特征/行为特征/lightGBMKey words
TOR/obfuscation protocol features/behavioral features/lightGBM分类
信息技术与安全科学引用本文复制引用
杨刚,姜舟,张娇婷,汪俊永,王强,张研..融合协议信息的TOR匿名网络流量识别方法[J].网络安全与数据治理,2023,42(12):41-47,7.
