Tor被动流量分析综述
Survey on Tor Passive Traffic Analysis
梅汉涛 1程光 1朱怡霖 1周余阳1
作者信息
- 1. 东南大学网络空间安全学院,江苏 南京 211189;江苏省泛在网络安全工程研究中心(东南大学),江苏 南京 211189;网络空间国际治理研究基地(东南大学),江苏 南京 211189;紫金山实验室,江苏 南京 211189
- 折叠
摘要
随着网络的蓬勃发展,用户隐私正面临着前所未有的挑战.人们开发出多种匿名通信系统来保护隐私,第2 代洋葱路由Tor(the second-generation onion router)是目前最为广泛使用的匿名通信系统.然而,卓越的匿名性也使之成为不法分子犯罪的温床,如今Tor中充斥着非法交易、网络犯罪等.Tor被动流量分析通过被动观察网络流量对Tor进行去匿名化,已成为最热门的去匿名化技术.从Tor与流量分析基本概念出发,介绍Tor被动流量分析技术的应用场景与威胁模型.按照技术类型将现有工作分为流量分类技术与流关联技术,依据分析流程分别对比其流量采集方法、特征提取方法、使用算法.最后探讨当前研究面临的主要挑战与未来可能的研究趋势.
Abstract
The growth in the Internet poses privacy challenges,prompting the development of anonymous communication systems like the most widely used Tor(the second-generation onion router).However,the notable anonymity offered by Tor has inadvertently made it a breeding ground for criminal activities,attracting miscreants engaged in illegal trading and cybercrime.One of the most prevalent techniques for de-anonymizing Tor is Tor passive traffic analysis,where in anonymity is compromised by passively observing network traffic.This study aims to delve into the fundamental concepts of Tor and traffic analysis,elucidate application scenarios and threat models,and classify existing works into two categories:traffic identification&classification,and flow correlation.Subsequently,their respective traffic collection methods,feature extraction techniques,and algorithms are compared and analyzed.Finally,the primary challenges faced by current research in this domain are concluded and future research directions are proposed.
关键词
Tor/流量分析/流量分类/网站指纹/流关联Key words
Tor/traffic analysis/traffic classification/website fingerprinting/flow correlation引用本文复制引用
出版年
2025
NETL
NSTL
万方数据