Tor Guard Node Detection And Protection Method Research

Tor is currently the world’s most popular low-latency anonymous communication network,which not only provides anonymity to users,but also supports the deployment of hidden services.Although hidden services protect users’ privacy,they also foster a large number of illegal and criminal behaviors,so the research of anonymity for hidden services is of great significance.The guard node is the first node in the Tor communication link,which is directly connected to the server and knows the IP address of the hidden service.If the guard node information used by the hidden service is discovered,further attacks can be launched against it to achieve de-anonymization.Most current guard node discovery attacks require idealized control of nodes or endpoints in the Tor link,along with active modification of the network environment in conjunction with traffic attacks,which is not only difficult to implement but also resource-intensive.The goal of this thesis is to achieve detection of guard nodes based on bandwidth statistics with bandwidth attacks in mind,and to propose corresponding protection methods for detection behavior.The research results of this thesis are as follows:(1)To address the problem of high false alarm rate of detection methods,this thesis studies the measurement and publishing mechanism of Tor consensus bandwidth,and analyzes the characteristics of natural fluctuations of Tor consensus bandwidth.The purpose of doing so is to distinguish attack perturbations from natural fluctuations in the detection method and reduce the false alarm rate.The experimental results show that the overall fluctuation of consensus bandwidth of guard nodes is small,and its mostly between 2% and 12%;node flags are related to the fluctuation range,but there is no correlation between total bandwidth,uptime,individual bandwidth and natural fluctuation.(2)A method for detecting guard nodes based on bandwidth statistics is implemented with a bandwidth attack in mind.In this thesis,we first construct the detection framework and design four detection methods using various statistical features such as mean,relative standard deviation,and coefficient of variation,and finally evaluate the detection effectiveness by comparing with the two existing methods under different attack settings.The experimental results show that the false alarm rate of the detection method is decreasing as the attack traffic and the number of attack rounds increase,and the fusion method using the homogeneity of variance test and the paired t test proposed in this thesis improves the effectiveness of target guard node detection.(3)A differential privacy-based consensus bandwidth data protection method is proposed to cope with the guard node detection behavior in this thesis.The method adds Gaussian noise to the observation bandwidth collection module and Laplace noise to the consensus bandwidth protection module,and determines the scale parameters of the noise according to the node selection probability and attack traffic variation.The results show that: under the premise of satisfying differential privacy,the number of false positive nodes obtained by the detection method increases,and the attacker cannot discover the target guard node based on the anomalous bandwidth;meanwhile,the bandwidth data is still highly available according to the two measures of root mean square error and query distortion.