摘要
洋葱路由(Tor, the onion route)网络加密流的关联分析是其追踪溯源的核心技术之一;针对当前基于深度学习的流关联方法存在的时间特征不可靠且初级特征表征能力不强的问题,提出了一种基于时频分析和图卷积神经网络的关联分析方法,该方法使用Tor网络流量的数据包长度信息作为原始特征序列,将数据包的包长度序列通过时频分布函数映射到时频域,并进一步将其嵌入为图结构数据,同时使用图卷积神经网络提取高阶特征,最后将得到的高阶特征输入三元组网络以实现相似流量的关联。实验结果表明误报率为0.1%时,所提方法的关联准确率可达到83.4%,明显优于已有的DeepCorr和Attcorr方法。
The correlation analysis of encrypted flows in the Tor network is one of core techniques for its traceability.Aimed at unreliable temporal features and weak initial feature representation in current flow correlation methods based on deep learning,a correlation analysis method based on time-frequency analysis and graph convolutional network(GCN)is proposed.The method utilizes the packet length information of Tor network traffic as a raw feature sequence,a time-frequency distribution function is used to map the packet length sequence to the time-frequency domain,and further embed it into the graph-structured data,its high-order features are extracted by using the graph convolutional neural network.Finally,the obtained high-order features are then input into triplet network to achieve the correlation of similar flows.Experimental results show that with a false positive rate of 0.1%,the correlation accuracy of the proposed method achieves by 83.4%,significantly outperforming the existing DeepCorr and Attcorr methods.
作者
张凯杰
刘光杰
翟江涛
孟玉飞
ZHANG Kaijie;LIU Guangjie;ZHAI Jiangtao;MENG Yufei(Key Laboratory of Intelligent Support Technology for Complex Environments,Ministry of Education,Nanjing 210044,China;School of Electronic&Information Engineering,Nanjing University of Information Science&Technology,Nanjing 210044,China)
基金
国家重点研发计划(2021QY0700)
国家自然科学基金(U21B2003,62072250)。
