摘要
Tor是一种基于洋葱路由通信协议建立的隐蔽加密通信系统。该系统基于互联网现有路由、数据加密等协议,构建了一套保护通信实体的身份隐匿机制,使得经过Tor网络传播的数据难以被有效追踪和分析。然而近年来这项隐蔽通信技术被罪犯大量使用,已成为网络犯罪和非法交易的温床。为有效应对该问题,提出一项基于机器学习的Tor网络识别检测技术,通过主动生成Tor网络流量,基于机器学习技术实施流特征提取与检测,从而发现参与Tor通信的网络实体及其通信类型,进而检出潜在的恶意暗网用户。实验表明,该方法可有效识别Tor通信实体以及通信行为,如电子邮件和FTP应用等。
Tor is an anonymous Internet communication system based on onion routing network protocol.Network traffics generated by normal applications become hard to trace when they are delivered by Tor system.However,an increasing number of cyber criminals are utilizing Tor to remain anonymous while carrying out their crimes or make illegal transactions.As a countermeasure,this paper presents a method able to identify Tor traffics and thereby recognize related Tor hosts.The method proposes several groups of features extracted from network traffic and resort to machine learning algorithm to evaluate feature effectiveness.Experiments in real world dataset demonstrate that the proposed method is able to distinguish Tor flows from normal traffics as well as recognize the kind of activity in Tor generated by different normal applications.
作者
张玲
卫传征
林臻彪
段琳琳
Zhang Ling;Wei Chuanzheng;Lin Zhenbiao;Duan Linlin(Beijing Cyber XingAn Technology Co.,Ltd.,Beijing 102200,China;School of Information Engineering,Zhengzhou University,Zhengzhou 450001,China)
出处
《电子技术应用》
2021年第4期54-58,共5页
Application of Electronic Technique
关键词
暗网探测
TOR
通信实体识别
机器学习
darknet detection
Tor
communication entity recognition
machine learning
