计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (7): 363-371.doi: 10.11896/jsjkx.240900102

• 信息安全 • 上一篇    下一篇

基于威胁感知的Tor多路径选择

陈尚煜1, 扈红超1, 张帅1,2, 周大成1,2, 杨晓晗1,2   

  1. 1 信息工程大学信息技术研究所 郑州 450002
    2 网络空间安全教育部重点实验室 郑州 450002
  • 收稿日期:2024-09-18 修回日期:2025-01-17 发布日期:2025-07-17
  • 通讯作者: 扈红超(1725059086@qq.com)
  • 作者简介:(13523413761@163.com)
  • 基金资助:
    国家自然科学基金(62072467);河南省重大科技专项(221100211200-02)

Tor Multipath Selection Based on Threaten Awareness

CHEN Shangyu1, HU Hongchao1, ZHANG Shuai1,2, ZHOU Dacheng1,2, YANG Xiaohan1,2   

  1. 1 Institute of Information Technology, University of Information Engineering, Zhengzhou 450002, China
    2 Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou 450002, China
  • Received:2024-09-18 Revised:2025-01-17 Published:2025-07-17
  • About author:CHEN Shangyu,born in 2000, postgra- duate.His main research interests include cyber security and anonymous communication.
    HU Hongchao,born in 1982,professor,Ph.D supervisor.His main research interests include cloud computing security and cyber security.
  • Supported by:
    National Natural Science Foundation of China(62072467) and Major Science and Technology Special Projects of Henan Province(221100211200-02).

PDF (PC)

27

摘要: 随着机器学习以及深度学习的发展应用,攻击者可以通过Tor用户链路上的恶意节点以及恶意AS对其进行流量分析,从而对Tor用户进行去匿名化攻击。目前,针对常见的流量分析攻击的防御方法中,一类是通过插入虚拟数据包或者延迟真实数据包来改变流量特征,这种方法会引入带宽和时延开销;另一类是将用户流量进行分割,通过多个路径传输进行防御,这种方法缺少对电路上存在的恶意节点以及恶意AS的感知,当攻击者搜集到完整流量踪迹时,依旧难以抵御流量分析对Tor用户的去匿名化攻击。为了解决多路径防御方法在路径选择上存在的缺乏威胁感知的问题,提出了融合恶意节点感知以及恶意AS感知的基于威胁感知的多路径选择算法。首先提出一种改进的节点距离度量的方法,并使用改进后的距离度量基于K-Mediods算法对节点进行聚类,提高了恶意节点的检测效果;然后改进了AS感知算法,提高了匿名性要求;最后融合恶意节点检测以及AS感知算法,提出了一种基于威胁感知的多路径选择算法。实验结果表明,该算法不仅能抵抗多种流量分析攻击,而且确保了一定的Tor电路性能要求。

关键词: 匿名通信, 流量分析, 多路径, 恶意节点检测, AS感知

Abstract: With the development and application of machine learning and deep learning,attackers can conduct traffic analysis on malicious nodes and malicious AS on Tor user links,thus carrying out de-anonymization attacks on Tor users.At present,one of the common defense methods for traffic analysis attacks is to insert virtual packets or delay real packets to change traffic characteristics,which will introduce bandwidth and delay costs.The other type defends by dividing user traffic and transmitting it through multiple paths.This method lacks the perception of malicious nodes and malicious AS on the circuit.When an attacker collects a complete traffic trail,it is still difficult to resist the de-anonymization attack on Tor users by traffic analysis.In order to make up for the lack of threat awareness in the path selection of multi-path defense methods,this paper proposes a multipath selection algorithm based on threat awareness,which integrates malicious node awareness and malicious AS awareness.Firstly,an improved method of node distance measurement is proposed,and the improved distance measurement is used to cluster nodes based on K-Mediods algorithm,which improves the detection effect of malicious nodes.Then the improved AS sensing algorithm is improved the anonymity requirement.Finally,a multi-path selection algorithm based on threat perception is proposed by combining malicious node detection and AS sensing algorithm.The experimental results show that the proposed algorithm can not only resist a variety of traffic analysis attacks,but also ensure certain performance requirements of Tor circuits.

Key words: Anonymous communication, Traffic analysis, Multipath, Malicious node detection, AS awareness

中图分类号: 

  • TP393.08
[1]KARUNANAYAKEI,AHMED N,MALANEY R,et al.De-anonymisation attacks on tor:A survey[J].IEEE Communications Surveys & Tutorials,2021,23(4):2324-2350.
[2]NASRM,BAHRAMALI A,HOUMANSADR A.Deepcorr:Strong flow correlation attacks on tor using deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1962-1976.
[3]OH S E,YANG T,MATHEWS N,et al.DeepCoFFEA:Im-proved flow correlation attacks on Tor via metric learning and amplification[C]//2022 IEEE Symposium on Security and Privacy(SP).IEEE,2022:1915-1932.
[4]AMINUDDINM A I M,ZAABA Z F,SAMSUDIN A,et al.The rise of website fingerprinting on Tor:Analysis on techniques and assumptions[J].Journal of Network and Computer Applications,2023,212:103582.
[5]RAHMANS M,SIRINAM P,MATHEWS N,et al.Tik-Tok:The Utility of Packet Timing in Website Fingerprinting Attacks[C]//Proceedings on Privacy Enhancing Technologies.2020:5-24.
[6]SIRINAMP,IMANI M,JUAREZ M,et al.Deep fingerprinting:Undermining website fingerprinting defenses with deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1928-1943.
[7]SHENM,JI K,GAO Z,et al.Subverting website fingerprinting defenses with robust traffic representation[C]//32nd USENIX Security Symposium(USENIX Security 23).2023:607-624.
[8]XIAOX,ZHOU X,YANG Z,et al.A comprehensive analysis of website fingerprinting defenses on Tor[J].Computers & Security,2024,136:103577.
[9]ABUSNAINAA,JANG R,KHORMALI A,et al.Dfd:Adver-sarial learning-based approach to defend against website fingerprinting[C]//IEEE INFOCOM 2020-IEEE Conference on Computer Communications.IEEE,2020:2459-2468.
[10]HONGX,MA X,LI S,et al.A website fingerprint defense technology with low delay and controllable bandwidth[J].Computer Communications,2022,193:332-345.
[11]HENRIS,GARCIA-AVILES G,SERRANO P,et al.Protecting against Website Fingerprinting with Multihoming[C]//Proceedings on Privacy Enhancing Technologies.2020:89-110.
[12]DE LA CADENA W,MITSEVA A,HILLER J,et al.Trafficsliver:Fighting website fingerprinting attacks with traffic splitting[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:1971-1985.
[13]BARTON A,WRIGHT M.DeNASA:Destination-Naive AS-Awareness in Anonymous Communications[C]//Proceedings on Privacy Enhancing Technologies,2016:356-372.
[14]LYU M,ZHU Y F,LIN W.Dynamic Routing Algorithm Basedon Bandwidth of Anonymous Network[J].Journal of Information Engineering University,2019,20(5):591-596.
[15]FENG Q,XIA Y,YAO W,et al.Malicious Relay Detection forTor Network Using Hybrid Multi-Scale CNN-LSTM with Attention[C]//2023 IEEE Symposium on Computers and Communications(ISCC).IEEE,2023:1242-1247.
[16]ROCHET f,WAILSR,JOHNSON A,et al.CLAPS:Client-location-aware path selection in Tor[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:17-34.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发