Hidden Service Identification And Localization In I2P Anonymous Network

Anonymous network such as Tor and I2P are well designed to provide enhanced communication privacy for users.However,the anonymous network is abused to carry out illegal activities,which have posed severe threat on the security of countries,enterprises and individuals.At present,a lot of research works are performed on the regulations of Tor network,while few existing related works on I2 P are studied.As a result,the abuse problems of I2 P anonymous network should be carefully investigated.To address this issue,we study the hidden service identification and localization in the I2 P anonymous network.First,an I2 P floodfill capturing probability model is first built and then a floodfill deployment algorithm based on the model is designed to assist us to deliberately deploy controlled floodfills over the netDB so as to maximize the number of captured floodfill routers every day.Second,active protocol probers are implemented to identify the application type of I2 P hidden service.Then,by analyzing I2 P network protocol,we leverage the ambiguous functionalities of Lease Set to propose a hidden service location method.Finally,we design and implement a prototype system of hidden service identification and localization of I2 P anonymous network.The specific research work includes the following three aspects:(1)We investigate the topology discovery and hidden service discovery method in the I2 P anonymous network.First,the uneven distribution of floodfills in Kad DHT is proved by collecting a number of routers empirically and analyzing the distributions of routers.Then,the floodfill capturing probability model is proposed in terms of the floodfill routing and metadata uploading mechanisms.Finally,a controlled floodfill deployment algorithm is devised based on the model to select the locations for deploying the penetrated floodfills.Experimental results demonstrate that with same configurations,the average number of router collected daily is2,085 more than that using the official capturing approach.On this basis,we propose an I2 P hidden service identification approach.By analyzing the handshake mechanism of various applications,we can identify the application type of I2 P hidden service through active protocol probers.Identified application types include susi-mail(SMTP,POP3),eepsite,i2 p Snark,IRC and muwire.(2)We propose the hidden service location approach in the I2 P anonymous network.First,we analyze the mechanisms how the I2 P hidden service works.Second,we find that the metadata(i.e.,Lease Set)has ambiguous functionalities,including uploading the Lease Set of hidden service to net DB for client querying and sending LeaseSet of client to the hidden service for building its outbound tunnel.Finally,an I2 P hidden service location method based on the differential feedbacks of quering Lease Set is designed to effectively locate the real network address of the hidden service.Experimental results show that the attack success rate is over95%,the accuracy of real IP address identification of target hidden services is 100% while the false positive rate is 0%.(3)According to the above research results,a prototype system of hidden service identification and localization of I2 P anonymous network is designed and implemented.The prototype system consists of three parts: network resources,data acquisition and visualization,including six modules: data transmission,data storage,data analysis,hidden service identification,hidden service localization and visualization.Finally,the system is deployed in a real environment and the functionalities of the prototype system is verified.In summary,we study the hidden service identification and localization in I2 P anonymous network respectively.On this basis,the prototype system of hidden service identification and localization in I2 P anonymous network is implemented,and the research work can provide important technical support to mitigate the abuse issues in the I2 P anonymous network.