本文選題：匿名網(wǎng)絡(luò) + 流量分析�。� 參考：《北京郵電大學(xué)》2014年碩士論文

【摘要】：信息溯源是指采用一系列的方法和技術(shù)手段將內(nèi)容、網(wǎng)絡(luò)行為以及應(yīng)用行為等追溯到其發(fā)起者。一般情況下可以通過(guò)數(shù)據(jù)連接的四元組判斷信息的來(lái)源或者發(fā)起者,但是當(dāng)信息發(fā)送者采用一定的手段隱藏這種關(guān)系時(shí),如何發(fā)現(xiàn)信息的來(lái)源變成了一項(xiàng)富有挑戰(zhàn)性的工作。 匿名通信服務(wù)隱藏通信實(shí)體的地址、通信關(guān)系等,保護(hù)用戶隱私。但與此同時(shí),匿名網(wǎng)絡(luò)也被用于掩蓋網(wǎng)絡(luò)罪犯的行蹤,如何針對(duì)匿名網(wǎng)絡(luò)的流量進(jìn)行信息溯源,具有非常重要的實(shí)際意義。已有的針對(duì)匿名網(wǎng)絡(luò)流量的信息溯源方法,在實(shí)際的應(yīng)用中大都具有一定的局限性。本文針對(duì)匿名通信網(wǎng)絡(luò),提出一種在獲取匿名網(wǎng)絡(luò)的入口流量和出口流量的情況下,對(duì)匿名網(wǎng)絡(luò)用戶間的通信關(guān)系進(jìn)行去匿名化分析,達(dá)到追蹤溯源的效果的方法。本文選取匿名網(wǎng)絡(luò)Tor做為研究對(duì)象,針對(duì)Tor的流量開展了一系列的基于流量的分析溯源工作。 、首先,為了了解匿名網(wǎng)絡(luò)流量的特征,我們針對(duì)Tor的流量進(jìn)行了深入的分析與測(cè)量,通過(guò)提取并對(duì)比入口流量和對(duì)應(yīng)出口的流量,分析Tor流量的特征。我們同時(shí)測(cè)量了Tor網(wǎng)絡(luò)目的節(jié)點(diǎn)的國(guó)家分布以及流量長(zhǎng)度分布等,為后續(xù)量化實(shí)驗(yàn)驗(yàn)證提供了依據(jù)。 二、考慮到Tor數(shù)據(jù)采用SSL進(jìn)行加密,而基于SSL的網(wǎng)絡(luò)應(yīng)用逐漸增多,從背景數(shù)據(jù)流中識(shí)別出Tor流量可以提高溯源的準(zhǔn)確性,并且減少系統(tǒng)的計(jì)算量。在對(duì)Tor協(xié)議和流量進(jìn)行深入研究的基礎(chǔ)上,選取了數(shù)據(jù)包長(zhǎng)度作為特征,以SVM分類算法作為Tor流量識(shí)別的算法。在離線環(huán)境下,使用該方法實(shí)現(xiàn)了對(duì)Tor流量進(jìn)行分類識(shí)別,分類的準(zhǔn)確率與召回率均可以到達(dá)90%以上。 三、在以上工作的基礎(chǔ)上設(shè)計(jì)并實(shí)現(xiàn)基于流量分析的信息溯源系統(tǒng)。選用k-means算法,對(duì)于匿名網(wǎng)絡(luò)的入口流量和出口流量,按照選取的特征向量進(jìn)行多元關(guān)聯(lián)分析,以獲取兩部分流量之間的對(duì)應(yīng)關(guān)系。并在真實(shí)網(wǎng)絡(luò)環(huán)境下,對(duì)系統(tǒng)的準(zhǔn)確性進(jìn)行了評(píng)估和驗(yàn)證。當(dāng)數(shù)據(jù)流的字節(jié)數(shù)大于200K1B時(shí),信息溯源的準(zhǔn)確率可以達(dá)到90%以上。
[Abstract]:Information traceability refers to the use of a series of methods and techniques to trace the content, network behavior and application behavior to its initiators.In general, the information source or initiator can be judged by the quaternion of data connection, but how to find the source of information becomes a challenging task when the sender uses certain means to hide the relationship.Anonymous communication service hides the address of communication entity, communication relation and so on, protects user's privacy.But at the same time, anonymous network is also used to cover up the whereabouts of network criminals. How to trace the traffic of anonymous network is of great practical significance.Most of the existing information traceability methods for anonymous network traffic have some limitations in practical applications.In this paper, we propose a method to analyze the communication relationship between anonymous network users by means of de-anonymity analysis under the condition of obtaining the inlet and outlet traffic of anonymous network, so as to achieve the effect of tracing the source.In this paper, anonymous network Tor is selected as the research object, and a series of traceability based on traffic analysis for Tor traffic are carried out.Firstly, in order to understand the characteristics of anonymous network traffic, we analyze and measure the traffic of Tor in depth, and analyze the characteristics of Tor traffic by extracting and comparing the incoming traffic and the corresponding flow.At the same time, we measure the national distribution and the flow length distribution of the destination nodes in Tor network, which provides the basis for the subsequent quantization experiments.Secondly, considering that the Tor data is encrypted by SSL, and the network application based on SSL is increasing, identifying the Tor traffic from the background data stream can improve the accuracy of traceability and reduce the calculation of the system.Based on the in-depth study of Tor protocol and traffic, the packet length is selected as the feature, and the SVM classification algorithm is used as the Tor traffic recognition algorithm.In the off-line environment, the method is used to classify and identify the Tor traffic. The classification accuracy and recall rate can reach more than 90%.Thirdly, the information traceability system based on traffic analysis is designed and implemented based on the above work.In order to obtain the corresponding relationship between the two parts of traffic, the k-means algorithm is used to analyze the inlet and outlet traffic of anonymous network according to the selected eigenvector.In the real network environment, the accuracy of the system is evaluated and verified.When the number of bytes in the data stream is greater than 200K1B, the accuracy of traceability can reach more than 90%.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.06

【共引文獻(xiàn)】

相關(guān)期刊論文 前10條

1 于炯;曹元大;宋榮功;;自管理機(jī)密網(wǎng)絡(luò)的分布式匿名路由協(xié)議[J];北京理工大學(xué)學(xué)報(bào);2007年11期

2 施榮華;伍瑩;郭迎;曾貴華;;Quantum Distributed Ballot Scheme Based on Greenberger-Horne-Zeilinger State[J];Communications in Theoretical Physics;2010年08期

3 陸慶,周世杰,傅彥;匿名通信技術(shù)分析[J];電子科技大學(xué)學(xué)報(bào);2004年02期

4 吳艷輝;王偉平;陳建二;;重路由匿名通信研究進(jìn)展與展望[J];電信科學(xué);2006年05期

5 趙福祥,趙紅云,王育民,楊世平;一個(gè)采用分段驗(yàn)證簽密隱蔽路由的設(shè)計(jì)與實(shí)現(xiàn)[J];電子學(xué)報(bào);2002年07期

6 陶志紅,Hans KleineBu，

本文編號(hào)：1736924