计算机应用 ›› 2020, Vol. 40 ›› Issue (6): 1685-1691.DOI: 10.11772/j.issn.1001-9081.2019111981

• 网络空间安全 • 上一篇    下一篇

基于图像纹理的网站指纹技术

张道维, 段海新   

  1. 清华大学 网络与信息安全实验室,北京 100084
  • 收稿日期:2019-11-21 修回日期:2019-12-18 出版日期:2020-06-10 发布日期:2020-06-18
  • 通讯作者: 张道维(1993—)
  • 作者简介:张道维(1993—),男,台湾台北人,硕士研究生,主要研究方向:网络安全、深度学习.段海新(1972—),男,山东济宁人,教授,博士,主要研究方向:网络安全、网络测量。

Website fingerprinting technique based on image texture

ZHANG Daowei, DUAN Haixin   

  1. Network and Information Security Lab, Tsinghua University, Beijing 100084, China
  • Received:2019-11-21 Revised:2019-12-18 Online:2020-06-10 Published:2020-06-18
  • Contact: ZHANG Daowei, born in 1993, M. S. candidate. His research interests include network security, deep learning.
  • About author:ZHANG Daowei, born in 1993, M. S. candidate. His research interests include network security, deep learning.DUAN Haixin, born in 1972, Ph. D., professor. His research interests include network security,network measurement.

摘要: 网站指纹技术能够让本地监听者通过审查用户与Tor入口节点之间的匿名流量从而追踪到该用户访问的具体网站。现有的研究方法只提取了匿名流量中的部分元数据来进行网站指纹的刻画,忽视了大量隐含的指纹信息。为此,提出了基于图像纹理和深度卷积神经网络的网站指纹技术Image-FP。首先,将匿名通信流量映射成RGB彩色图;然后,使用残差神经网络(ResNet)构造出能进行自主特征学习的网站指纹分类模型。在50个网站构成的封闭世界场景下,Image-FP能够取得97.2%的分类准确率,相较于最前沿的网站指纹攻击技术提高了0.4个百分点。而在更接近真实环境的开放世界场景中,Image-FP能够以100%的准确率识别出监控网站的流量,其准确性和鲁棒性更是远远高于其他指纹技术。实验结果表明,匿名流量图像化的技术能够更多地保留网站指纹的相关特征,并且在避免复杂特征工程的同时,能够进一步提高分类精度

关键词: 匿名网络, Tor, 网站指纹, 数据可视化, 卷积神经网络

Abstract: Website fingerprinting technique enables the local monitor to track which websites a user is visiting by capturing anonymous traffic between that user and the Tor (The onion router) entry nodes. Prior researches only extract part meta-data in the anonymous traffic to construct website fingerprints, and ignore much hidden fingerprint information inside the traffic. Therefore, a website fingerprinting technique named Image FingerPrinting (Image-FP) and based on deep convolutional neural network and image texture was proposed. Firstly, the anonymous communication traffic was mapped into Red-Green-Blue (RGB) images. Then, the Residual Network (ResNet) was used to construct the website fingerprinting model with automatic feature learning ability. In a closed-world scenario of 50 websites, Image-FP obtained classification accuracy of 97.2%, which is 0.4 percentage points higher than that of the state-of-the-art website fingerprinting attack technique. In the open-world scenario which is more realistic, Image-FP can identify the traffic of monitored websites with 100% accuracy, has the strongest accuracy and robustness among all fingerprinting techniques. The experimental results demonstrate that, the technique of converting anonymous traffic into images can preserve more features relevant to the website fingerprints, and further improve the classification accuracy while avoiding complex feature engineering

Key words: anonymous network, The onion router (Tor), website fingerprinting, data visualization, Convolutional Neural Network (CNN)

中图分类号: