摘要
TOR(The Onion Router)匿名网络流量识别是一项重要的加密流量检测任务,随着TOR混淆模式的迭代更新,引入OBFS4(Object-Based File System4)混淆协议后对TOR的检测较为困难。详细研究了TOR行为和混淆协议特性,将关键行为特征与OBFS4混淆协议特征进行融合,增强了面向混淆协议的TOR流量的检出能力。另外构造了包含浏览网页、视频直播、聊天等多业务数据集进行实验。结果显示,该研究方法在基于OBFS4混淆协议的TOR流量检测任务上效果显著,其中lightGBM模型检测效果最佳,在融合协议特征的方法下准确率达到98.89%。同时该方法面向不同版本的TOR流量开展复测,在不同版本的TOR流量检测任务中准确率均高于97%。
Traffic analysis in the TOR(The Onion Router)anonymous network has become a challenging task.With the iterative updates of TOR′s obfuscation techniques,the introduction of the OBFS4 obfuscation protocol has made it increasingly difficult to detect TOR traffic.This paper provided a detailed study of TOR′s behavioral features,incorporating features of the OBFS4(Object-Based File System4)obfuscation protocol algorithm to enhance the capability of detecting obfuscated traffic.In addition,this paper constructed a dataset covering various tunnel types,including web browsing,video streaming,and chat,to conduct experiments.The results show that the proposed method has significant effect on TOR traffic detection tasks based on the OBFS4 obfuscation protocol.The use of the lightGBM model has achieved the best detection performance,with an accuracy of 98.89%when combining protocol features.Our approach was tested on various versions of TOR traffic,and the accuracy in detecting different versions of TOR traffic exceeded 97%in all cases.
作者
杨刚
姜舟
张娇婷
汪俊永
王强
张研
Yang Gang;Jiang Zhou;Zhang Jiaoting;Wang Junyong;Wang Qiang;Zhang Yan(360 Digital Security Technology Group Co.,Ltd.,Beijing 100020,China;Institute of Information Engineering,CAS,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China)
出处
《网络安全与数据治理》
2023年第12期41-47,共7页
CYBER SECURITY AND DATA GOVERNANCE
