Research And Implementation Of Encrypted Traffic Analysis For Tor Entrance And Exit Nodes

With the improvement of people’s security awareness,more and more network traffic is converted into encrypted traffic,and the analysis of encrypted traffic has been widely concerned.Tor is the largest anonymous communication network,which protects traffic with various anonymization policies based on encrypted traffic,making it difficult to obtain better analysis results with conventional encrypted traffic analysis techniques.On the one hand,targeting different types of traffic can help improve the overall performance of the Tor network.On the other hand,there are many abusive behaviors in Tor such as attacks and crawlers,which lead to more effort for exit node contributors to deal with potential legal issues.Therefore,it is of great importance to analyze and study Tor encrypted traffic.First of all,this paper provides a brief overview of the principles of Tor anonymous communication networks,and a comparative analysis of the key points that make Tor encrypted traffic different from conventional network traffic.Apart from that,this paper also presents the current research progress in the field of Tor encrypted traffic analysis at home and abroad.Secondly,this paper introduces the DeepFM model into the field of Tor encrypted traffic for feature crossover work.Based on this,the SFF model supporting serialization is proposed,that combines the advantages of DeepFM in feature crossover and LSTM in serialization processing,thus reducing the complexity of the existing model in feature processing.The parameters such as sampling method and learning rate of SFF model are selected from experimental,and results show that SFF model has a certain degree of improvement compared with the existing models.Finally,this paper proposes a Tor Real-Time Encrypted Traffic Validator scheme(Tor-RETV)to address the problem that Tor encrypted traffic analysis models are difficult to measure in realtime scenarios.And TorRETV prototype system was implemented based on this scheme.The scheme allows model prediction at the entry guard node,while traffic can be collected at the exit node for comparison.Since the Tor network has huge throughput and random circuit construction,the similarity between entry and exit traffic can be used as a measure of model merit.LSTM model and SFF model are tested separately,and the results shows that the scheme can validate the Tor encrypted traffic analysis model using realtime traffic at the entry guard node and exit nodes,which can visually evaluate the model’s strengths and weaknesses in terms of effectiveness and real-time performance.