ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2020, Vol. 57 ›› Issue (4): 746-766.doi: 10.7544/issn1000-1239.2020.20190860

所属专题: 2020数据驱动网络专题

• 网络技术 • 上一篇    下一篇

基于深度神经网络burst特征分析的网站指纹攻击方法

马陈城1,2,杜学绘1,2,曹利峰1,2,吴蓓3   

  1. 1(战略支援部队信息工程大学 郑州 450001);2(河南省信息安全重点实验室(战略支援部队信息工程大学) 郑州 450001);3(61497部队 北京 100000) (machencheng07@foxmail.com)
  • 出版日期: 2020-04-01
  • 基金资助: 
    国家重点研发计划项目(2016YFB0501901,2018YFB0803603);国家自然科学基金项目(61502531,61702550,61802436)

burst-Analysis Website Fingerprinting Attack Based on Deep Neural Network

Ma Chencheng1,2, Du Xuehui1,2, Cao Lifeng1,2, Wu Bei3   

  1. 1(Strategic Support Force Information Engineering University, Zhengzhou 450001);2(He’nan Province Key Laboratory of Information Security (Strategic Support Force Information Engineering University), Zhengzhou 450001);3(Unit 61497, Beijing 100000)
  • Online: 2020-04-01
  • Supported by: 
    This work was supported by the National Key Research and Development Program of China (2016YFB0501901, 2018YFB0803603) and the National Natural Science Foundation of China (61502531, 61702550, 61802436).

摘要: 以Tor为代表的匿名网络是一种隐匿用户数据传输行为的通信中介网络.不法分子利用匿名网络从事网络犯罪,对网络监管造成了极大的困难.网站指纹攻击技术是破解匿名通信的可行技术,可用于发现基于匿名网络秘密访问敏感网站的内网用户行为,是网络监管的重要手段.神经网络在网站指纹攻击技术上的应用突破了传统方法的性能瓶颈,但现有的研究未充分考虑根据突发流量(burst)特征等Tor流量特征对神经网络结构进行设计,存在网络过于复杂和分析模块冗余导致特征提取和分析不彻底、运行缓慢等问题.在对Tor流量特征进行研究和分析的基础上,设计了轻便的基于一维卷积网络的burst特征提取和分析模块,提出了基于深度神经网络分析burst特征的网站指纹攻击方法.进一步,针对在开放世界场景中仅使用阈值法简单分析指纹向量的不足,设计了基于随机森林算法的指纹向量分析模型.改进后的模型分类准确率达到了99.87%,在缓解概念漂移、绕过网站指纹攻击防御机制、识别Tor隐藏网站、小样本训练模型和运行速度等方面均有优异的性能表现,提高了网站指纹攻击技术应用到真实网络的可实践性.

关键词: 网站指纹攻击, 深度神经网络, burst特征分析, Tor匿名网络, 网络监管

Abstract: Anonymous network represented by Tor is a communication intermediary network that hides user data transmission behavior. The criminals use anonymous networks to engage in cyber crimes, which cause great difficulties in network supervision. The website fingerprinting attack technology is a feasible technology for cracking anonymous communication. It can be used to discover the behavior of intranet users who secretly access sensitive websites based on anonymous network, which is an important mean of network supervision. The application of neural network in website fingerprinting attack breaks through the performance bottleneck of traditional methods, but the existing researches have not fully considered to design the neural network structures based on the characteristics of Tor traffic such as burst and the characteristics of website fingerprinting attack technology. There are problems that the neural network is too complicated and the analysis module is redundant, which leads to problems such as incomplete feature extraction and analysis and running slowly. Based on the researches and analysis of Tor traffic characteristics, a lightweight burst feature extraction and analysis module based on one-dimensional convolutional network is designed, and a burst-analysis website fingerprinting attack method based on deep neural network is proposed. Furthermore, aiming at the shortcoming of simply using the threshold method to analyze fingerprinting vectors in open world scenarios, a fingerprint vector analysis model based on random forest algorithm is designed. The classification accuracy of the improved model reaches 99.87% and the model has excellent performance in alleviating concept drift, bypassing defense techniques against website fingerprinting attacks, identifying Tor hidden websites, performance of models trained with a small amount of data, and run time, which improves the practicality of applying website fingerprinting attack technology to real networks.

Key words: website fingerprinting attack, deep neural network (DNN), burst analysis, Tor anonymous network, network supervision

中图分类号: