Composite Tor traffic features extraction method of webpage in actual network flow based on SDN
Website fingerprinting (WF) methods for Tor webpage traffic are often based on the separated Tor traffic or even the separated Tor webpage traffic.However, distinguishing Tor traffic from the original traffic of the actual network and Tor webpage traffic from the Tor traffic costs amount of computat...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2022-03-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022056/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539961307791360 |
|---|---|
| author | Hongping YAN Qiang ZHOU Shihao WANG Wang YAO Liukun HE Liangmin WANG |
| author_facet | Hongping YAN Qiang ZHOU Shihao WANG Wang YAO Liukun HE Liangmin WANG |
| author_sort | Hongping YAN |
| collection | DOAJ |
| description | Website fingerprinting (WF) methods for Tor webpage traffic are often based on the separated Tor traffic or even the separated Tor webpage traffic.However, distinguishing Tor traffic from the original traffic of the actual network and Tor webpage traffic from the Tor traffic costs amount of computation, which is more difficult than the WF attack itself.According to the current architecture of the Internet and the characteristics of network traffic converging to regional central nodes, the bi-directional statistical feature (BSF) was proposed for distinguishing Tor traffic through the intra-domain global perspective provided by the SDN structure of the central node and the node information disclosed by the Tor network.Furthermore, a hidden feature extraction method for Web traffic based on lifted structure fingerprinting (LSF) was proposed, and a composited Tor-webpage-identification traffic feature (CTTF) was proposed based on BSF and LSF deep features.For solving the problem of traffic training data scarcity, a traffic data augmentation method based on translation was proposed, which made the augmented traffic data as consistent as the Tor traffic data captured in the real working environment.The experimental results show that the identification rate based on CTTF can be improved by about 4% compared with using only the original data features.When there is less training data, the classification accuracy is improved more obvious after using the traffic data augmentation method, and the false positive rate can be effectively reduced. |
| format | Article |
| id | doaj-art-2c40948078bb4799a1dbb0652300f065 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2022-03-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-2c40948078bb4799a1dbb0652300f0652025-01-14T06:29:07ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2022-03-0143768759392897Composite Tor traffic features extraction method of webpage in actual network flow based on SDNHongping YANQiang ZHOUShihao WANGWang YAOLiukun HELiangmin WANGWebsite fingerprinting (WF) methods for Tor webpage traffic are often based on the separated Tor traffic or even the separated Tor webpage traffic.However, distinguishing Tor traffic from the original traffic of the actual network and Tor webpage traffic from the Tor traffic costs amount of computation, which is more difficult than the WF attack itself.According to the current architecture of the Internet and the characteristics of network traffic converging to regional central nodes, the bi-directional statistical feature (BSF) was proposed for distinguishing Tor traffic through the intra-domain global perspective provided by the SDN structure of the central node and the node information disclosed by the Tor network.Furthermore, a hidden feature extraction method for Web traffic based on lifted structure fingerprinting (LSF) was proposed, and a composited Tor-webpage-identification traffic feature (CTTF) was proposed based on BSF and LSF deep features.For solving the problem of traffic training data scarcity, a traffic data augmentation method based on translation was proposed, which made the augmented traffic data as consistent as the Tor traffic data captured in the real working environment.The experimental results show that the identification rate based on CTTF can be improved by about 4% compared with using only the original data features.When there is less training data, the classification accuracy is improved more obvious after using the traffic data augmentation method, and the false positive rate can be effectively reduced.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022056/traffic discoverytraffic classificationstatistical featuredata augmentation |
| spellingShingle | Hongping YAN Qiang ZHOU Shihao WANG Wang YAO Liukun HE Liangmin WANG Composite Tor traffic features extraction method of webpage in actual network flow based on SDN Tongxin xuebao traffic discovery traffic classification statistical feature data augmentation |
| title | Composite Tor traffic features extraction method of webpage in actual network flow based on SDN |
| title_full | Composite Tor traffic features extraction method of webpage in actual network flow based on SDN |
| title_fullStr | Composite Tor traffic features extraction method of webpage in actual network flow based on SDN |
| title_full_unstemmed | Composite Tor traffic features extraction method of webpage in actual network flow based on SDN |
| title_short | Composite Tor traffic features extraction method of webpage in actual network flow based on SDN |
| title_sort | composite tor traffic features extraction method of webpage in actual network flow based on sdn |
| topic | traffic discovery traffic classification statistical feature data augmentation |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2022056/ |
| work_keys_str_mv | AT hongpingyan compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn AT qiangzhou compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn AT shihaowang compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn AT wangyao compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn AT liukunhe compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn AT liangminwang compositetortrafficfeaturesextractionmethodofwebpageinactualnetworkflowbasedonsdn |