Encrypted Tor Traffic detection method based on feature fusion
An anonymous network is a common tool to protect personal privacy currently.It has strong pri-vacy protection ability when combined with obfuscation bridge component.The continuous game of informa-tion confrontation has made the use of encryption proxies in anonymous networks as the primary method to protect privacy of data security sensitive users.The dual protection of an anonymous network and encryption proxy makes traffic detection encounter the following challenges and issues:(1)Proxy convergence:the traf-fic after the encryption proxy presents single-stream characteristics,resulting in the failure of the traffic detec-tion method based on the complete data stream.(2)Fuzzy features:data packet obfuscation mechanism makes data stream features sparse,which weakens the effect of methods based on low-order statistical fea-tures.This paper proposes a traffic detection method named SETTDM to address these two challenges.Addi-tionally,to solve the agent aggregation problem,a sliding window-based method is used to split data sub-streams,so that the SETTDM method can be applied to the aggregated data streams generated by agents and the feature space of the original data streams is preserved as far as possible.To solve the problem of feature ambiguity,a feature extraction method based on feature fusion was proposed:multi-angle statistical timing features combined with encryption space features extracted by ResNet.In the experiment,real secondary en-crypted Tor traffic,encrypted background traffic and unencrypted background traffic were collected,and pub-lic encrypted traffic data set ISCXVPN2016 was fused to form the experimental data set.The testing results show that the SETTDM method achieves a precision rate of 99.78%,demonstrating an improvement of 2.30%to 9.29%compared to the benchmark methods.
国家科技期刊平台
NSTL
万方数据
