摘要
流量拟态技术将传输数据伪装成特定白名单协议以突破网络流量审查,实现隐蔽数据传输。随着检测对抗的愈加激烈,基于静态规则的混淆隐蔽传输技术局限性愈加突显,在混淆固有特征时容易形成新的网桥协议指纹。设计并实现基于当前网络环境特征的自适应流量拟态协议网桥,通过对环境中正常HTTP流量的特征提取分析,预测生成拟态网桥采用的混淆特征。实验证明该自适应网桥能够动态生成拟态规则,生成流量与真实流量具有较高相似度,拟态所需的冗余数据在可接受范围内。同时论证了当前基于特征的流量协议检测技术在面临高复杂度的流量拟态时所存在的局限性。
Traffic mimicry technique aims to disguise data traffic as common-used protocols to bypass censorship and implement hidden data transmission.With the anomaly detection getting more strict,traditional traffic obfuscation methods based on static rules are limited due to their own bridge feature generated in obfuscation.A new network bridge with self-adaptive traffic mimicry method is designed and implemented in this paper.This network bridge would extract and analyze features in real HTTP traffic,predict the normal traffic features in current environment and generate the mimicry traffic.The traffic generated by this bridge was proved to have a high similarity as normal traffic within acceptable data redundancy in the experiment.This work also indicated that current detection models require deeper inspection in traffic audit to explore the hidden abnormal communication.
作者
施帆
王轶骏
薛质
姜开达
Shi Fan;Wang Yijun;Xue Zhi;Jiang Kaida(School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《计算机应用与软件》
北大核心
2021年第3期94-104,共11页
Computer Applications and Software
基金
国家重点研发计划项目(2019QY0703)。
关键词
流量拟态
隐蔽传输
Tor网桥
流量识别
Traffic mimicry
Hidden transmission
Tor bridge
Traffic identification