摘要
作为目前应用范围最广的网络审查规避系统之一,Tor在网桥分发过程中面临着严重的女巫攻击威胁。具有丰富网络和人力资源的审查者往往会部署大量女巫节点,它们通过伪装成正常节点来获取网桥信息并将其封锁或屏蔽。在此过程中,由于女巫节点和正常节点身份、目的和意图的不同,在网络活动中会产生个体或群体行为差异,称为节点行为特征。针对上述女巫攻击威胁,在分析节点行为特征的基础上提出了融合物理-社交属性的女巫节点检测机制。设计了节点物理域和社交域属性评估方法。采用客观反映节点上网桥正常运行状态的节点积分值和体现网桥屏蔽情况的节点风险指数来评估节点的物理域属性;用描述节点静态属性标签的社交相似度和刻画节点动态交互行为特征的社交信任度来评估节点的社交域属性。进而,融合节点的物理域和社交域属性定义可信度指标,表征当前节点为女巫节点的可能性,并以此为指导推测节点的真实身份,实现对女巫节点的精准检测。基于构建的Tor网络运行情况模拟器和Microblog PCU数据集对所提机制的检测性能进行仿真实验。结果表明,所提机制能够有效提高女巫节点识别率,降低误检率,对于审查者的迷惑行为具有更强抵御能力,并且在节点社交属性缺失情况下仍具有良好检测性能。
As one of the most widely utilized censorship circumvention systems,Tor faces serious Sybil attacks in bridge distribution.Censors with rich network and human resources usually deploy a large number of Sybils,which disguise themselves as normal nodes to obtain bridges information and block them.In the process,due to the different identities,purposes and intentions of Sybils and normal nodes,individual or group behavior differences occur in network activities,called as node behavior characteristics.To handle the Sybil attacks threat,a Sybil detection mechanism integrating physical-social attributes was proposed based on the analysis of node behavior characteristics.The physical-social attributes evaluation methods were designed.The credit value of nodes objectively reflecting the operation status of bridges on the nodes and the suspicion index of nodes reflecting the blocking status of bridges,were utilized to evaluate the physical attributes of nodes.The social attributes of nodes were evaluated by the social similarity,which described the static attribute labels of nodes and their social trust characterizing the dynamic interaction behaviors of nodes.Furthermore,integrating the physical-social attributes,the credibility of nodes were defined as the possibility of the current node being a Sybil,which was exploited as a guidance on inferring the true identifies of nodes,so as to achieve accurate detection on Sybils.The detection performance of the proposed mechanism based on the constructed Tor network operation status simulator and the Microblog PCU dataset were simulated.The results show that the proposed mechanism can effectively improve the true positive rate on Sybils,and decrease the false positive rate.It also has stronger resistance on the deceptive behavior of censors,and still performs well in the absence of node social attributes.
作者
史鑫
郭云飞
王亚文
孙小丽
梁浩
SHI Xin;GUO Yunfei;WANG Yawen;SUN Xiaoli;LIANG Hao(Information Engineering University,Zhengzhou 450001,China)
出处
《网络与信息安全学报》
2023年第1期103-114,共12页
Chinese Journal of Network and Information Security
基金
国家重点研发计划(2021YFB1006200,2021YFB1006201)
国家自然科学基金(62072467,62002383)。
关键词
Tor网桥分发
女巫节点检测
行为特征
物理-社交属性
Tor bridge distribution
Sybil detection
behavior characteristics
physical-social attributes