Research On Traffic Confirmation Attack And Defense Based On Tor Network

With the rapid development of the internet,the network information age has had a tremendous impact on people's lives.When people enjoy the convenience of the internet,the protection of user privacy information has gradually attracted people's attention at the same time.The existing researches show that although the anonymous communication system represented by Tor network can protect user's communication information security to a certain extent,its security is still questioned.Research on how to improve the security and manageability of hidden services and how to defend against the attacks in Tor network is still imminent.To solve these problems,this thesis presents a scheme that can transparently crack user's anonymity in hidden services and two different defense schemes for different attacks in Tor network.Firstly,we analyzed the hidden service provided by Tor network,based on this,we proposed a scheme that can reveal the real IP address of clients of hidden service using protocol feature in Tor network,which can crack the client's anonymity of hidden service without any traces.The experimental result shows that this scheme not only guarantees 100%recognition rate of the overall characteristic traffic by combining the traffic characteristics inherent in Tor network with the traffic characteristics constructed by hidden service,but also makes the attack have more extensive application scenarios.Secondly,we re-implemented an existing attack based on traffic slot characteristics for malicious behavior in Tor network.Then,through the analysis of the features and principles of the attack,we proposed a scheme that can detect the malicious traffic and defend the attack using middle router in Tor circuit.The experimental results show that this scheme can not only ensure the abnormal traffic identification rate of 100%,but also eliminate the malicious features that the traffic may carry.On the other hand,it does not increase the traffic transmission time too.Finally,considering that there are a large number of attacks based on protocol features in Tor circuit building process,we proposed a defense scheme for those attacks,which can confuse the traffic features in circuit building process.The experimental result shows that the traffic confusion process can directly cause the malicious entry onion router to fail to accurately identify the number of protocol features,and lead to the failure of the attack.