计算机科学

计算机科学 ›› 2026, Vol. 53 ›› Issue (1): 395-403.doi: 10.11896/jsjkx.241200118

• 信息安全 • 上一篇    下一篇

基于威胁感知的Tor多路径选择

陈尚煜1, 扈红超1, 张帅1,2, 周大成1,2, 杨晓晗1,2   

  1. 1 信息工程大学信息技术研究所 郑州 450002;
    2 网络空间安全教育部重点实验室 郑州 450002
  • 收稿日期:2024-12-27 修回日期:2025-03-10 发布日期:2026-01-08
  • 通讯作者: 扈红超(1725059086@qq.com)
  • 作者简介:(13523413761@163.com)
  • 基金资助:
    国家自然科学基金(62072467);河南省重大科技专项(221100211200-02)

Tor Multipath Selection Based on Threaten Awareness

CHEN Shangyu1, HU Hongchao1, ZHANG Shuai1,2, ZHOU Dacheng1,2, YANG Xiaohan1,2   

  1. 1 Institute of Information Technology, University of Information Engineering, Zhengzhou 450002, China;
    2 Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou 450002, China
  • Received:2024-12-27 Revised:2025-03-10 Online:2026-01-08
  • About author:CHEN Shangyu,born in 2000,postgra-duate.His main research interests include cyber security and anonymous communication.
    HU Hongchao,born in 1982, professor,Ph.Dsupervisor.His main research interests include cloud computing security and cyber security.
  • Supported by:
    National Natural Science Foundation of China(62072467) and Major Science and Technology Special Projects of Henan Province(221100211200-02).

PDF (PC)

6

摘要: 随着机器学习和深度学习的发展应用,攻击者可以通过Tor用户链路上的恶意节点以及恶意AS对其进行流量分析,从而对Tor用户进行去匿名化攻击。目前,常见的针对流量分析攻击的防御方法有两类:一类是通过插入虚拟数据包,或者延迟真实数据包从而改变流量特征,这种方法会引入带宽和时延开销;另一类将用户流量分割并通过多个路径传输从而进行防御,这种方法缺少对电路上存在的恶意节点以及恶意AS的感知,当攻击者搜集到完整流量踪迹时,依旧难以抵御流量分析对Tor用户的去匿名化攻击。为了弥补多路径防御方法在路径选择上存在的缺乏威胁感知的问题,提出了融合恶意节点感知以及恶意AS感知的基于威胁感知的多路径选择算法。首先提出一种改进的节点距离度量的方法,然后使用改进后的距离度量,基于K-Mediods算法对节点进行聚类,提高了恶意节点的检测效果;之后改进了AS感知算法,提高了匿名性要求;最后融合恶意节点检测以及AS感知算法提出了一种基于威胁感知的多路径选择算法。实验结果表明,该算法不仅能抵抗多种流量分析攻击,而且保证了一定的Tor电路性能。

关键词: 匿名通信, 流量分析, 多路径, 恶意节点检测, AS感知

Abstract: With the development and application of machine learning and deep learning,attackers can conduct traffic analysis on malicious nodes and malicious AS on Tor user links,thus carrying out de-anonymization attacks on Tor users.At present,one of the common defense methods for traffic analysis attacks is to insert virtual packets or delay real packets to change traffic characteristics,which will introduce bandwidth and delay costs.The other type defends by dividing user traffic and transmitting it through multiple paths.This method lacks the perception of malicious nodes and malicious AS on the circuit.When an attacker collects a complete traffic trail,it is still difficult to resist the de-anonymization attack on Tor users by traffic analysis.In order to make up for the lack of threat awareness in the path selection of multi-path defense methods,a multi-path selection algorithm based on threat awareness is proposed,which integrates malicious node awareness and malicious AS awareness.Firstly,an improved method of node distance measurement is proposed,and then the improved distance measurement is used to cluster nodes based on K-Mediods algorithm,which improves the detection effect of malicious nodes.Then the AS sensing algorithm is improved to improve the anonymity requirement.Finally,a multi-path selection algorithm based on threat perception is proposed by combining malicious node detection and AS sensing algorithm.The experimental results show that the proposed algorithm can not only resist a variety of traffic analysis attacks,but also ensure certain performance requirements of Tor circuits.

Key words: Anonymous communication, Traffic analysis, Multipath, Malicious node detection, AS awareness

中图分类号: 

  • TP393.08
[1]KARUNANAYAKE I,AHMED N,MALANEY R,et al.De-anonymisation attacks on tor:A survey[J].IEEE Communications Surveys & Tutorials,2021,23(4):2324-2350.
[2]NASR M,BAHRAMALI A,HOUMANSADR A.Deepcorr:Strong flow correlation attacks on tor using deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Compu-ter and Communications Security.2018:1962-1976.
[3]OH S E,YANG T,MATHEWS N,et al.DeepCoFFEA:Improved flow correlation attacks on Tor via metric learning and amplification[C]//2022 IEEE Symposium on Security and Privacy(SP).IEEE,2022:1915-1932.
[4]AMINUDDIN M A I M,ZAABA Z F,SAMSUDIN A,et al.The rise of website fingerprinting on Tor:Analysis on techniques and assumptions[J].Journal of Network and Computer Applications,2023,212:103582.
[5]RAHMAN S M,SIRINAM P,MATHEWS N,et al.Tik-Tok:The Utility of Packet Timing in Website Fingerprinting Attacks[C]//Proceedings on Privacy Enhancing Technologies.2020:5-24.
[6]SIRINAM P,IMANI M,JUAREZ M,et al.Deep fingerprinting:Undermining website fingerprinting defenses with deep learning[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.2018:1928-1943.
[7]SHEN M,JI K,GAO Z,et al.Subverting website fingerprinting defenses with robust traffic representation[C]//32nd USENIX Security Symposium(USENIX Security 23).2023:607-624.
[8]XIAO X,ZHOU X,YANG Z,et al.A comprehensive analysis of website fingerprinting defenses on Tor[J].Computers & Security,2024,136:103577.
[9]ABUSNAINA A,JANG R,KHORMALI A,et al.Dfd:Adversarial learning-based approach to defend against website fingerprinting[C]//IEEE INFOCOM 2020-IEEE Conference on Computer Communications.IEEE,2020:2459-2468.
[10]HONG X,MA X,LI S,et al.A website fingerprint defense technology with low delay and controllable bandwidth[J].Computer Communications,2022,193:332-345.
[11]HENRI S,GARCIA-AVILES G,SERRANO P,et al.Protecting against Website Fingerprinting with Multihoming[C]//Proceedings on Privacy Enhancing Technologies.2020:89-110.
[12]DE LA CADENA W,MITSEVA A,HILLER J,et al.Trafficsliver:Fighting website fingerprinting attacks with traffic splitting[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:1971-1985.
[13]BARTON A,WRIGHT M.DeNASA:Destination-Naive AS-Awareness in Anonymous Communications[C]//Proceedings on Privacy Enhancing Technologies.2016:356-372.
[14]LYU M,ZHU Y F,LIN W.Dynamic Routing Algorithm Based on Bandwidth of Anonymous Network[J].Journal of Information Engineering University,2019,20(5):591-596.
[15]FENG Q,XIA Y,YAO W,et al.Malicious Relay Detection for Tor Network Using Hybrid Multi-Scale CNN-LSTM with Attention[C]//2023 IEEE Symposium on Computers and Communications(ISCC).IEEE,2023:1242-1247.
[16]ROCHET F,WAILS R,JOHNSON A,et al.CLAPS:Client-location-aware path selection in Tor[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:17-34.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市两江新区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发