信息网络安全 ›› 2021, Vol. 21 ›› Issue (4): 39-48.doi: 10.3969/j.issn.1671-1122.2021.04.005

• 技术研究 • 上一篇    下一篇

基于ARF的Tor网站指纹识别技术

蔡满春, 王腾飞(), 岳婷, 芦天亮   

  1. 中国人民公安大学信息网络安全学院,北京 100076
  • 收稿日期:2020-11-03 出版日期:2021-04-10 发布日期:2021-05-14
  • 通讯作者: 王腾飞 E-mail:2018211264@stu.ppsuc.edu.cn
  • 作者简介:蔡满春(1975—),男,河北,副教授,博士,主要研究方向为密码学、网络安全|王腾飞(1996—),男,河南,硕士研究生,主要研究方向为网络安全、匿名网络|岳婷(1996—),女,四川,硕士研究生,主要研究方向为恶意代码、密码学|芦天亮(1985—),男,河北,副教授,博士,主要研究方向为恶意代码、网络安全。
  • 基金资助:
    “十三五”国家密码发展基金(MMJJ20180108);中国人民公安大学2019年基本科研业务费重大项目(2019JKF108)

ARF-based Tor Website Fingerprint Recognition Technology

CAI Manchun, WANG Tengfei(), YUE Ting, LU Tianliang   

  1. Department of Information Cyber Security, People’s Public Security University of China, Beijing 100076, China
  • Received:2020-11-03 Online:2021-04-10 Published:2021-05-14
  • Contact: WANG Tengfei E-mail:2018211264@stu.ppsuc.edu.cn

摘要:

不法分子通过Tor等匿名通信系统构建暗网隐匿其不法行为,给网络监管带来了严峻挑战。网站指纹识别技术能根据加密流量来推测用户访问的站点,是一种有效的监管手段。已有的网站指纹识别技术采用的多为基于批处理的静态模型,无法有效解决概念漂移问题。针对Tor网站指纹,文章提出一种基于自适应随机森林(ARF)算法的动态网站指纹识别模型。模型使用自适应随机森林算法作为分类器,支持手工特征以及自动特征两种输入,能够根据特征流动态更新分类器模型,实现网站指纹的在线分类识别。实验结果表明,基于ARF的动态网站指纹识别模型检测能力优于已有的多种网站指纹识别方法,并能够有效解决已有模型存在的概念漂移问题。

关键词: 网站指纹, 匿名网络, 网络安全, 数据流挖掘, 自适应随机森林

Abstract:

Criminals use Tor and other anonymous communication systems to construct dark Webs to conceal their illegal activities, which brings severe challenges to network supervision. Website fingerprint recognition technology can infer the sites that users visit based on encrypted traffic, which is an effective monitoring method. Existing Website fingerprint recognition technologies mostly use batch-based static models, which cannot effectively solve the problem of concept drift. Aiming at Tor Website fingerprints, a dynamic Website fingerprint recognition model based on adaptive random forest algorithm is proposed. The model uses an adaptive random forest algorithm as the classifier, supports two input of manual features and automatic features, and can dynamically update the classifier model according to the feature stream to realize online classification and recognition of Website fingerprints. The experimental results show that the dynamic Website fingerprint recognition model based on ARF is better than the existing multiple Website fingerprint recognition methods, and can effectively solve the problem of concept drift in existing models.

Key words: Website fingerprint, anonymous network, cyber security, stream mining, adaptive random forest

中图分类号: