摘要
网络流量分类一直是许多研究工作的关注领域,数据加密的普遍使用使其成为一个公开的技术挑战。数据加密是各种隐私增强工具中使用的一项关键技术。其中,基于匿名通信系统Tor构建的暗网是现今规模最大的匿名通信实体,常被犯罪分子用来从事各类违法犯罪活动,因此高效识别Tor流量具有重要研究意义。文章根据Tor匿名通信流量特点设计了一组用于Tor流量行为检测的网络流特征,并在原有深度森林模型的内存需求和时间开销局限性问题上,提出一种改进的深度森林模型,用于Tor网络流量的识别。实验结果表明,与已有识别方法相比,文章提出的模型准确率可达99.86%,同时,检测时间开销和内存需求都有所优化。
Traffic classification has been the subject of many research studies.The widespread use of encryption make it an open technical challenge.Data encryption is a key technology used in various privacy enhancing tools.Among them,The darknet based on Tor anonymous communication system is the largest anonymous communication entity today,It is often used by criminals to engage in various illegal and criminal activities.Therefore,efficient identification and recognition of Tor traffic is of great significance.According to the characteristics of Tor anonymous traffic,this paper designs a set of network flow characteristics for Tor traffic behavior detection.To address the shortcomings of the original deep forest model in terms of memory and time overheads,this paper proposes an improved deep forest model for Tor network traffic identification.The experimental results show that,compared with the existing recognition methods,the proposed model can achieve 99.86%accuracy,and the detection time overhead and memory requirements are optimized.
作者
魏松杰
李成豪
沈浩桐
张文哲
WEI Songjie;LI Chenghao;SHEN Haotong;ZHANG Wenzhe(School of Computer Science and Engineering,Nanjing University of Science and Technology,Nanjing 210094,China)
出处
《信息网络安全》
CSCD
北大核心
2022年第8期64-71,共8页
Netinfo Security
基金
国家自然科学基金[61472189]
工信部2020年工业互联网创新发展工项目[61802186]。
关键词
流量分类
Tor暗网
匿名流量
深度森林
traffic classification
Tor darknet
anonymized traffic
deep forest
