【摘要】：隨著通信數(shù)據(jù)隱私保護(hù)需求的不斷增加,各種匿名通信技術(shù)也得到了快速發(fā)展,但是,在這項(xiàng)技術(shù)保護(hù)通信雙方個(gè)人信息的同時(shí),也使得利用簡(jiǎn)單數(shù)據(jù)包檢測(cè)進(jìn)行的網(wǎng)絡(luò)監(jiān)管變得更加困難。Shadowsocks作為新興的匿名通信軟件,因其速度快,易部署等優(yōu)點(diǎn),在國(guó)內(nèi)得到了廣泛了使用。現(xiàn)有的匿名流量識(shí)別的研究成果大多具有很強(qiáng)的針對(duì)性,在流量特征提取,方法建模等軟件識(shí)別技術(shù)方面具有很強(qiáng)的依賴性,而shadowsocks因?yàn)槭褂闷渥陨硭鶐У莫?dú)特協(xié)議,現(xiàn)有的方法很難對(duì)其進(jìn)行識(shí)別;同時(shí),當(dāng)前的大部分學(xué)術(shù)分析成果還停留在實(shí)驗(yàn)階段,并且高速網(wǎng)絡(luò)環(huán)境下匿名流量的數(shù)據(jù)集收集與構(gòu)造、大量混合流下網(wǎng)站指紋的分割等問(wèn)題仍沒(méi)有提出很好的解決辦法。因此,如何對(duì)shadowsocks流量進(jìn)行建模,如何解決高速網(wǎng)絡(luò)環(huán)境下匿名流量識(shí)別,是當(dāng)前國(guó)內(nèi)網(wǎng)絡(luò)安全領(lǐng)域亟待解決的問(wèn)題。本文在對(duì)以往相關(guān)研究成果進(jìn)行分析的基礎(chǔ)上,針對(duì)上述問(wèn)題,深入分析了shadowsocks匿名軟件的運(yùn)行機(jī)制,將其運(yùn)行過(guò)程和HTTP協(xié)議相結(jié)合,提出了多粒度啟發(fā)式流量識(shí)別方法和基于混合流分割的網(wǎng)站指紋識(shí)別算法。多粒度啟發(fā)式流量識(shí)別算法是從主機(jī)行為、數(shù)據(jù)流、隱藏信息等多方面檢測(cè)shadowsocks流量,達(dá)到過(guò)濾的目的。該方法可以解決因匿名流量占總數(shù)據(jù)流量比例小而導(dǎo)致數(shù)據(jù)集不平衡而帶來(lái)識(shí)別準(zhǔn)確性低的問(wèn)題�；诨旌狭鞣指畹木W(wǎng)站指紋識(shí)別算法是在多粒度啟發(fā)式流量識(shí)別方法的基礎(chǔ)上,選擇區(qū)分度高的網(wǎng)站指紋特征,將可疑混合流進(jìn)行聚類分割,解決混合流中單站點(diǎn)、多站點(diǎn)識(shí)別問(wèn)題,達(dá)到降低誤報(bào)率的目的。接著,本文分析了高速網(wǎng)絡(luò)環(huán)境下匿名流量識(shí)別所面臨的難點(diǎn),確定新系統(tǒng)要達(dá)到的目標(biāo),結(jié)合多粒度啟發(fā)式流量識(shí)別算法和基于混合流分割的網(wǎng)站指紋識(shí)別算法,設(shè)計(jì)并實(shí)現(xiàn)了高速網(wǎng)絡(luò)環(huán)境下shadowsocks匿名流量識(shí)別系統(tǒng),并詳細(xì)闡述了識(shí)別系統(tǒng)總體設(shè)計(jì)與詳細(xì)模塊設(shè)計(jì)。最后,本文利用多組不同的真實(shí)數(shù)據(jù)集,對(duì)多粒度啟發(fā)式流量識(shí)別算法和基于混合流分割的網(wǎng)站指紋識(shí)別算法分別進(jìn)行評(píng)估,通過(guò)和現(xiàn)有的方法,以及系統(tǒng)適應(yīng)性等方面對(duì)運(yùn)行結(jié)果進(jìn)行分析,驗(yàn)證了該算法的高準(zhǔn)確性;同時(shí),在高速網(wǎng)絡(luò)下,針對(duì)具體的模塊設(shè)計(jì)對(duì)高速網(wǎng)絡(luò)下shadowsocks匿名流量識(shí)別系統(tǒng)進(jìn)行測(cè)試,證明了該系統(tǒng)具有很高的識(shí)別準(zhǔn)確率。
[Abstract]:With the increasing demand for privacy protection of communication data, various anonymous communication technologies have been developed rapidly. However, while this technology protects the personal information of both sides of the communication, As a new anonymous communication software, Shadowsocks has been widely used in China because of its advantages of high speed and easy deployment. Most of the existing research results of anonymous traffic identification have strong pertinence, and have strong dependence on software recognition technology, such as traffic feature extraction, method modeling and so on. However, shadowsocks uses its own unique protocol. The existing methods are difficult to identify. At the same time, most of the current academic analysis results are still in the experimental stage, and the collection and construction of anonymous traffic data set in high-speed network environment, a large number of mixed flow website fingerprint segmentation and other problems have not been put forward a good solution. Therefore, how to model shadowsocks traffic and how to solve anonymous traffic identification in high-speed network environment is an urgent problem in the field of domestic network security. Based on the analysis of previous related research results, this paper analyzes the running mechanism of shadowsocks anonymous software, and combines its running process with HTTP protocol, aiming at the above problems. A multi-granularity heuristic traffic identification method and a web site fingerprint recognition algorithm based on mixed stream segmentation are proposed. Multi-granularity heuristic traffic recognition algorithm detects shadowsocks traffic from many aspects such as host behavior, data flow, hidden information and so on, to achieve the purpose of filtering. This method can solve the problem of low recognition accuracy caused by the imbalance of data set caused by the small proportion of anonymous traffic to total data traffic. The website fingerprint recognition algorithm based on mixed flow segmentation is based on the multi-granularity heuristic traffic identification method, selects the website fingerprint feature with high degree of distinction, and clusters the suspicious mixed flow to solve the problem of single site in the mixed flow. Multi-site identification problem to achieve the purpose of reducing false alarm rate. Then, this paper analyzes the difficulties faced by anonymous traffic identification in high-speed network environment, determines the objectives to be achieved by the new system, and combines multi-granularity heuristic traffic identification algorithm and website fingerprint identification algorithm based on mixed flow segmentation. The anonymous traffic identification system of shadowsocks in high-speed network environment is designed and implemented, and the overall design and detailed module design of the identification system are described in detail. Finally, this paper evaluates the multi-granularity heuristic traffic identification algorithm and the website fingerprint recognition algorithm based on mixed flow segmentation by using different sets of real data sets. The running results are analyzed from the aspects of system adaptability and so on, and the high accuracy of the algorithm is verified. At the same time, the anonymous traffic identification system of shadowsocks in high-speed network is tested according to the specific module design, which proves that the system has a high recognition accuracy.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2017
【分類號(hào)】：TP393.0

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 朱亞玲;張睿敏;;基于SSH框架的用戶信息管理的設(shè)計(jì)與實(shí)現(xiàn)[J];電腦知識(shí)與技術(shù);2016年09期

2 王玉雷;李玲娟;;一種密度和劃分結(jié)合的聚類算法[J];計(jì)算機(jī)技術(shù)與發(fā)展;2015年09期

3 顧曉丹;楊明;羅軍舟;蔣平;;針對(duì)SSH匿名流量的網(wǎng)站指紋攻擊方法[J];計(jì)算機(jī)學(xué)報(bào);2015年04期

4 龔建華;;JSON格式數(shù)據(jù)在Web開(kāi)發(fā)中的應(yīng)用[J];辦公自動(dòng)化;2013年20期

5 陳周國(guó);蒲石;祝世雄;;匿名網(wǎng)絡(luò)追蹤溯源綜述[J];計(jì)算機(jī)研究與發(fā)展;2012年S2期

6 張連成;王振興;苗甫;;網(wǎng)絡(luò)流量偽裝技術(shù)研究[J];計(jì)算機(jī)應(yīng)用研究;2011年07期

7 劉鑫;王能;;匿名通信綜述[J];計(jì)算機(jī)應(yīng)用;2010年03期

8 張勇;;基于ReliefF算法的模糊聚類新算法[J];華南金融電腦;2009年01期

9 時(shí)雷;虎曉紅;席磊;;樸素貝葉斯分類算法及其應(yīng)用研究[J];光盤技術(shù);2008年11期

10 鄧蕊;馬永軍;劉堯猛;;基于改進(jìn)交叉驗(yàn)證算法的支持向量機(jī)多類識(shí)別[J];天津科技大學(xué)學(xué)報(bào);2007年02期

相關(guān)博士學(xué)位論文 前1條

1 劉鑫;基于Tor網(wǎng)絡(luò)的匿名通信研究[D];華東師范大學(xué);2011年

相關(guān)碩士學(xué)位論文 前1條

1 吳家順;Website指紋識(shí)別攻擊與防護(hù)技術(shù)研究[D];南京理工大學(xué);2013年

，

本文編號(hào)：2345480