软件学报
軟件學報
연건학보
JOURNAL OF SOFTWARE
2013年
3期
540-556
,共17页
何高峰%杨明%罗军舟%张璐
何高峰%楊明%囉軍舟%張璐
하고봉%양명%라군주%장로
匿名通信%Tor%流量识别%TLS指纹%报文长度分布
匿名通信%Tor%流量識彆%TLS指紋%報文長度分佈
닉명통신%Tor%류량식별%TLS지문%보문장도분포
anonymous communication%Tor%traffic identification%TLS fingerprint%packet size distribution
匿名通信技术的滥用给网络监管带来了新的挑战.有效识别出匿名通信流量,是阻止该类技术滥用的前提,具有重要的研究意义和应用价值.现有研究工作侧重于匿名通信关系的确认,无法用于匿名通信流量的识别和阻塞.针对这个问题,围绕广泛使用的 Tor 匿名通信系统,深入分析运行机制,归纳总结其流量特征.在此基础上,分别提出基于 TLS指纹和基于报文长度分布的 Tor 匿名通信流量识别方法.对两种识别方法的优缺点和适用性进行了详细分析和讨论,并通过CAIDA数据集和在线部署对识别方法进行了验证.实验结果表明,基于TLS指纹和基于报文长度分布的识别方法均能有效识别出Tor匿名通信流量.
匿名通信技術的濫用給網絡鑑管帶來瞭新的挑戰.有效識彆齣匿名通信流量,是阻止該類技術濫用的前提,具有重要的研究意義和應用價值.現有研究工作側重于匿名通信關繫的確認,無法用于匿名通信流量的識彆和阻塞.針對這箇問題,圍繞廣汎使用的 Tor 匿名通信繫統,深入分析運行機製,歸納總結其流量特徵.在此基礎上,分彆提齣基于 TLS指紋和基于報文長度分佈的 Tor 匿名通信流量識彆方法.對兩種識彆方法的優缺點和適用性進行瞭詳細分析和討論,併通過CAIDA數據集和在線部署對識彆方法進行瞭驗證.實驗結果錶明,基于TLS指紋和基于報文長度分佈的識彆方法均能有效識彆齣Tor匿名通信流量.
닉명통신기술적람용급망락감관대래료신적도전.유효식별출닉명통신류량,시조지해류기술람용적전제,구유중요적연구의의화응용개치.현유연구공작측중우닉명통신관계적학인,무법용우닉명통신류량적식별화조새.침대저개문제,위요엄범사용적 Tor 닉명통신계통,심입분석운행궤제,귀납총결기류량특정.재차기출상,분별제출기우 TLS지문화기우보문장도분포적 Tor 닉명통신류량식별방법.대량충식별방법적우결점화괄용성진행료상세분석화토론,병통과CAIDA수거집화재선부서대식별방법진행료험증.실험결과표명,기우TLS지문화기우보문장도분포적식별방법균능유효식별출Tor닉명통신류량.
@@@@Abuse of anonymous communication systems has introduced new challenges into network administration. The effective identification of anonymous communication traffic is a prerequisite to prevent such abuse;thus, this is fundamentally important for both theoretical researches and practical applications. Existing researches mainly focus on the confirmation of anonymous communication relationship and cannot be used to identify and block anonymous communication traffic. To solve this problem, the operation mechanism is deeply analyzed and traffic characteristics are summarized for the widely used Tor anonymous communication system. On this basis, a TLS fingerprint-based and packet-size distributions based methods are proposed to identify Tor anonymous communication traffic, respectively. The advantages, disadvantages and applicability of these two methods are analyzed and discussed in detail, and are validated by CAIDA dataset and online deployment. Experimental results prove that both methods are effective in identifying Tor anonymous communication traffic.
