2016 master's thesis, "Research and Realization of Tor Anonymous Communication Identification Method Based on Meek"
52 views
Skip to first unread message
David Fifield
Dec 12, 2017, 3:28:40 PM12/12/17
to traff...@googlegroups.com
Is anyone able to get a copy of this paper? It seems to be a
Chinese-language master's thesis on the subject of detecting
Tor-in-meek. I can't figure out the page to see if the paper is actually
downloadable.
http://cdmd.cnki.com.cn/Article/CDMD-10004-1016120870.htm
Here is a Google Translate of the abstract.
Research and Realization of Tor Anonymous Communication Identification Method Based on Meek
With the rapid development of Internet technology, the problem
of network security has become increasingly prominent. The
emergence of anonymous communication technology to make up for
the lack of traditional network security, which hidden by the
identity of the communication or communication between the two
parties, thus providing users with privacy protection. However,
anonymous communication technology may also be used by malicious
users to carry out illegal network activities while protecting
the normal user privacy information. Therefore, it is of great
importance to identify anonymous traffic and monitor its
effectiveness. Tor is currently the most widely used anonymous
communication system. In order to resist traffic analysis and
network supervision, Tor introduced a variety of transmission
plug-ins to confuse their traffic. Meek, Tor's transport
plug-in, disguises Tor's traffic as traffic to the cloud
services platform. On the one hand, Meek uses forward-domain
technology to forward traffic through third-party servers so
that the delivery looks like it's going to another site; on the
other hand, Meek uses browser-based proxy-based encryption to
establish HTTPS Tunnel traffic transfer, thus hiding Tor TLS
fingerprint features. The main content of this paper is based on
Meek's analysis and detection of Tor's anonymous traffic. Based
on this topic, the following four aspects are specifically
explored: (1) Described in detail the working principle of Tor
anonymous communication system, including cell structure,
Virtual circuit establishment and data transmission methods.
After the system expounded Meek flow confusion technology works,
including pre-domain technology and browser-based proxy
encryption technology. (2) Tor anonymous traffic based on Meek
was captured in the experimental environment, and its
characteristics were analyzed, including the analysis of
connection characteristics, the analysis of static
characteristics of data packets, the statistical characteristics
of data flow and the analysis of dynamic characteristics of data
flow. Based on this, the traffic characteristics of Meek are
summarized. After that, combined with the existing traffic
identification technology, a method of Tor anonymous
communication identification based on flow characteristics is
proposed. (3) According to the traffic characteristics of Meek,
a fragmented model of Meek flow is proposed. Then combined with
SVM technology, a Tor based anonymous communication
identification and classification method based on SVM is
proposed. Based on SVM-based Tor anonymous communication
identification method, Tor traffic and non-Tor traffic are
distinguished to recognize Tor anonymous traffic. Tor-based
Anonymous communication classification method based on Tor
traffic, Tor traffic classification. (4) The above two methods
of identification and classification are systematically designed
and implemented, and the algorithm is optimized according to the
experimental results. The experimental results show that the
above methods can effectively identify Tor traffic based on Meek
and have high accuracy and performance.
Chinese-language master's thesis on the subject of detecting
Tor-in-meek. I can't figure out the page to see if the paper is actually
downloadable.
http://cdmd.cnki.com.cn/Article/CDMD-10004-1016120870.htm
Here is a Google Translate of the abstract.
Research and Realization of Tor Anonymous Communication Identification Method Based on Meek
With the rapid development of Internet technology, the problem
of network security has become increasingly prominent. The
emergence of anonymous communication technology to make up for
the lack of traditional network security, which hidden by the
identity of the communication or communication between the two
parties, thus providing users with privacy protection. However,
anonymous communication technology may also be used by malicious
users to carry out illegal network activities while protecting
the normal user privacy information. Therefore, it is of great
importance to identify anonymous traffic and monitor its
effectiveness. Tor is currently the most widely used anonymous
communication system. In order to resist traffic analysis and
network supervision, Tor introduced a variety of transmission
plug-ins to confuse their traffic. Meek, Tor's transport
plug-in, disguises Tor's traffic as traffic to the cloud
services platform. On the one hand, Meek uses forward-domain
technology to forward traffic through third-party servers so
that the delivery looks like it's going to another site; on the
other hand, Meek uses browser-based proxy-based encryption to
establish HTTPS Tunnel traffic transfer, thus hiding Tor TLS
fingerprint features. The main content of this paper is based on
Meek's analysis and detection of Tor's anonymous traffic. Based
on this topic, the following four aspects are specifically
explored: (1) Described in detail the working principle of Tor
anonymous communication system, including cell structure,
Virtual circuit establishment and data transmission methods.
After the system expounded Meek flow confusion technology works,
including pre-domain technology and browser-based proxy
encryption technology. (2) Tor anonymous traffic based on Meek
was captured in the experimental environment, and its
characteristics were analyzed, including the analysis of
connection characteristics, the analysis of static
characteristics of data packets, the statistical characteristics
of data flow and the analysis of dynamic characteristics of data
flow. Based on this, the traffic characteristics of Meek are
summarized. After that, combined with the existing traffic
identification technology, a method of Tor anonymous
communication identification based on flow characteristics is
proposed. (3) According to the traffic characteristics of Meek,
a fragmented model of Meek flow is proposed. Then combined with
SVM technology, a Tor based anonymous communication
identification and classification method based on SVM is
proposed. Based on SVM-based Tor anonymous communication
identification method, Tor traffic and non-Tor traffic are
distinguished to recognize Tor anonymous traffic. Tor-based
Anonymous communication classification method based on Tor
traffic, Tor traffic classification. (4) The above two methods
of identification and classification are systematically designed
and implemented, and the algorithm is optimized according to the
experimental results. The experimental results show that the
above methods can effectively identify Tor traffic based on Meek
and have high accuracy and performance.
Will
Dec 12, 2017, 3:44:43 PM12/12/17
to Network Traffic Obfuscation
Here's a link to the online viewer for it:
if you register, you can download the .caj, but why you would want to, I'm not sure - the file format is a PDF knockoff that can only be viewed using the (windows only afaik) software.
--Will
--
You received this message because you are subscribed to the Google Groups "Network Traffic Obfuscation" group.
To unsubscribe from this group and stop receiving emails from it, send an email to traffic-obf+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tom
Dec 13, 2017, 2:51:32 AM12/13/17
to traff...@googlegroups.com
I uploaded it to Google Drive if you need:
David Fifield
Jan 7, 2018, 12:02:19 AM1/7/18
to traff...@googlegroups.com
On Tue, Dec 12, 2017 at 12:28:35PM -0800, David Fifield wrote:
> Is anyone able to get a copy of this paper? It seems to be a
> Chinese-language master's thesis on the subject of detecting
> Tor-in-meek. I can't figure out the page to see if the paper is actually
> downloadable.
> http://cdmd.cnki.com.cn/Article/CDMD-10004-1016120870.htm
Cheers, thanks everybody for your replies. Sorry for not responding
> Is anyone able to get a copy of this paper? It seems to be a
> Chinese-language master's thesis on the subject of detecting
> Tor-in-meek. I can't figure out the page to see if the paper is actually
> downloadable.
> http://cdmd.cnki.com.cn/Article/CDMD-10004-1016120870.htm
sooner.
Reply all
Reply to author
Forward
0 new messages