Research On Darknet Traffic Detection And Analysis Method Based On Data Augmentation And Deep Learning

With the continuous development of anonymous communication technology and the increasing awareness of people’s privacy protection,the trend of people accessing anonymous networks is gradually increasing.However,as a bridge for anonymous communication,such as The Second-generation Onion Router(Tor),Invisible Internet Project(I2P),Freenet,and other anonymous communication tools,their sophistication and high level of secrecy greatly protect the privacy of users,and they also become tools for criminals to hide their whereabouts in the darknet.Faced with the threat of illegal activities in the darknet,it is imperative to trace the darknet traffic to strengthen network supervision.In recent years,darknet traffic detection and analysis methods based on machine learning and deep learning have gradually replaced traditional detection methods,greatly improving the efficiency and accuracy.Although the research on existing darknet traffic detection and analysis methods has made some progress,there are still some problems:1)Darknet traffic is extremely rare in the massive network traffic,and the unbalanced data distribution brings difficulties and challenges to the accuracy of darknet traffic tracking and traceability;2)The existing website fingerprinting attack methods have the problem of low accuracy in the closed world,while in the open world,a large number of unmonitored website samples need to be added to train the attack model,not only increasing the training cost,but also having poor generalization ability.In view of the above two problems,the main work and contributions of this thesis are as follows:1)In view of the scarcity of darknet traffic samples,this thesis proposes an data augmentation method named Chebyshev Distance-based Between-Class Learning(CDBC),which is used for darknet traffic detection.CDBC selects mutually different sample pairs by calculating the nearest neighbors of small samples,generating inter-class samples and labels to enhance the classification boundary of few-shots,which effectively improves the detection performance of the classifier.Based on a variety of machine learning classification models,we can achieve 99.99%accuracy of darknet traffic detection and 99.34%accuracy of darknet application traffic detection;2)In view of the shortcomings of low accuracy and weak generalization ability of existing website fingerprinting attack methods,a website fingerprinting attack method based on deep learning named Deep Learning and Reconstruction-based Website Fingerprinting Attack(DRFP)is proposed.DRFP enhances the sample representation ability of monitoring websites by using structure of convolutional neural networks and autoencoders,respectively reaching accuracy of 97.92%,90.39%and 60.66%on an undefended and two defended datasets in the closed world setting.Also,DRFP improves the generalization ability of the model based on the extreme value theory and the open set recognition.Although any unmonitored website samples not added in the training set,DRFP reaches TPR(Ture Posite Rate)of 95.18%,84.51%and 51.96%on an undefended dataset and two defended datasets in the open world setting,exceeding the mainstream website fingerprinting attack model.