本文關鍵詞： 匿名通信 Tor-Meek 內(nèi)容分類 數(shù)據(jù)分片 流量混淆　出處：《北京交通大學》2017年碩士論文　論文類型：學位論文

【摘要】：近年來,隨著網(wǎng)絡安全事件頻發(fā),網(wǎng)絡安全提升到國家戰(zhàn)略高度并予以重視。匿名通信技術能夠從通信實體和通信關系兩個層面,為網(wǎng)絡提供更加安全的保護作用。然而,匿名通信技術對網(wǎng)絡行為隱藏,引發(fā)惡意用戶利用該技術從事非法、惡意的網(wǎng)絡活動,從而,給網(wǎng)絡安全防護造成了巨大的威脅,同時,增加了網(wǎng)絡取證的難度。Tor作為匿名通信最為典型的應用,通過集成傳輸插件Meek實現(xiàn)流量混淆,達到了避免過濾攻擊的目的。本文通過對Tor-Meek流量進行識別與分析,基于分片處理的結(jié)果,采用機器學習方法從二分類和多分類兩種方式,對流量內(nèi)容分類進行研究,實驗表明,本文提出的基于流量分析的Tor-Meek內(nèi)容分類的方法能夠有效分類匿名通信內(nèi)容,對網(wǎng)絡安全防護技術有著重要作用。本文從以下四個方面對基于Tor-Meek流量內(nèi)容分類進行研究:(1)首先,對Tor匿名通信技術進行介紹,涵蓋三方面內(nèi)容:匿名通信發(fā)展歷程、Tor匿名通信技術以及Tor網(wǎng)橋技術。本文重點研究Meek使用的流量混淆技術,提煉出Meek的關鍵技術實現(xiàn),其中包括前置域名技術、服務器名查詢技術和內(nèi)容分發(fā)網(wǎng)絡技術。(2)提出Tor-Meek流量識別方法,采用靜態(tài)特征與流動態(tài)特征結(jié)合進行流量識別。該識別過程先進行TLS數(shù)據(jù)包識別,再使用Meek靜態(tài)特征進行二次識別,然后使用Polling動態(tài)特征做關鍵識別,最終標定識別出的Tor-Meek流量。(3)提出從流量分析的角度進行內(nèi)容分類,根據(jù)流量分析統(tǒng)計分析,選定19個分類特征參數(shù)。使用數(shù)據(jù)分片模型對標定的Tor-Meek分片處理,再以分片為分類對象使用內(nèi)容分類模型做分類處理。采用Libsvm作為分類工具,提出多分類和二分類兩種方式進行內(nèi)容分類。最后設計分類實驗,以懲罰參數(shù)和分片大小為實驗變量,使用準確率、召回率和精度作為評價指標,評估本文提出的Tor-Meek內(nèi)容分類方法。(4)最后對本次論文的工作進行總結(jié),提出該項研究的兩點未來展望,其一是對多分類實驗方法的改進和優(yōu)化提高多分類的準確性,其二是通過用戶行為建模,實現(xiàn)用戶行為畫像。
[Abstract]:In recent years, with the frequent occurrence of network security events, network security has been raised to the national strategic level and paid attention to. Anonymous communication technology can be from the communication entity and communication relationship two levels. However, anonymous communication technology hides the network behavior, causing malicious users to engage in illegal and malicious network activities. At the same time, it increases the difficulty of network forensics. Tor, as the most typical application of anonymous communication, realizes traffic confusion through integrated transmission plug-in Meek. Through the identification and analysis of Tor-Meek traffic, based on the results of slice processing, machine learning method from two classification and multiple classification methods are adopted. The research on traffic content classification shows that the proposed Tor-Meek content classification method based on traffic analysis can effectively classify anonymous communication content. Network security protection technology plays an important role. This paper studies the classification of traffic content based on Tor-Meek from the following four aspects: 1) first of all, the anonymous communication technology of Tor is introduced. It covers three aspects: anonymous communication technology and Tor bridge technology. This paper focuses on the traffic confusion technology used in Meek. The key technologies of Meek are extracted, including predomain name technology, server name query technology and content distribution network technology. (2) Tor-Meek traffic identification method is proposed. The static feature and the flow feature are used to identify the flow. The identification process is based on the TLS packet recognition, and then the Meek static feature is used for the secondary recognition. Then the Polling dynamic feature is used as the key recognition, and the identified Tor-Meek traffic is finally calibrated. (3) the content classification is proposed from the point of view of traffic analysis. According to the statistical analysis of flow analysis, 19 classification characteristic parameters were selected, and the calibrated Tor-Meek slicing was processed by using the data slicing model. Then using the content classification model as the classification object, using Libsvm as the classification tool, we propose two methods of content classification, multi-classification and two-classification. Finally, the classification experiment is designed. Penalty parameters and slice size are used as experimental variables, and the accuracy, recall rate and precision are used as evaluation indicators. Finally, the paper summarizes the work of this paper, and puts forward two future prospects of this study. One is to improve and optimize the multi-classification experimental method to improve the accuracy of multi-classification, the other is to realize user behavior portrait through user behavior modeling.
【學位授予單位】：北京交通大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關期刊論文 前6條

1 何高峰;楊明;羅軍舟;張璐;;Tor匿名通信流量在線識別方法[J];軟件學報;2013年03期

2 張璐;羅軍舟;楊明;何高峰;;基于時隙質(zhì)心流水印的匿名通信追蹤技術[J];軟件學報;2011年10期

3 孫知信;張玉峰;;基于多維支持向量機的P2P網(wǎng)絡流量識別模型[J];吉林大學學報(工學版);2010年05期

4 劉穎秋;李巍;李云春;;網(wǎng)絡流量分類與應用識別的研究[J];計算機應用研究;2008年05期

5 段桂華,楊路明,王偉平,宋虹;一種基于洋蔥路由的可撤銷匿名通信方案[J];計算機工程與應用;2005年13期

6 張學工;關于統(tǒng)計學習理論與支持向量機[J];自動化學報;2000年01期

，

本文編號：1493291