基于信息熵的匿名流量检测方法

doi:10.15966/j.cnki.dnydx.2023.05.008

全文: PDF( KB)
输出: BibTeX | EndNote (RIS)

摘要匿名网络通信可以有效保护个人隐私和数据安全，但是也因其隐蔽性容易被不法分子利用逃避网络审查和从事各种非法活动。匿名流量协议特征隐蔽，流量特征混淆，检测识别难度大。为加强对匿名流量的监管，提出了一种基于信息熵的匿名流量检测方法。通过对网络会话的数据包熵值特征的分析，以加密报文序列的熵值作为分类器的输入特征，并结合极度梯度提升树（XGBoost）分类算法，实现对匿名流量的检测。不同于现有的以协议特征和流量特征为基础的匿名流量特征检测识别方法，该方法提取流量自身特性进行研究。实验结果表明，该方法识别准确率达98%，可以准确有效识别匿名流量。

	服务
	把本文推荐给朋友
	加入引用管理器
	E-mail Alert
	RSS
	（）
	作者相关文章

关键词 ：匿名通信, 流量识别, Shadowsocks, 信息熵

Abstract：Anonymous communication can effectively protect personal privacy and data security, but it is also used by criminals to evade network censorship and engage in various illegal activities because of its concealment. The characteristics of anonymous traffic protocols are concealed, traffic characteristics are confused, and detection of anonymous traffic is difficult. In order to strengthen the supervision of anonymous traffic, this paper proposes an anonymous traffic detection method based on entropy estimation. Through the analysis of the packet entropy characteristics of the network session, the entropy value of the encrypted message sequence is used as the input feature of the classifier, and combined with the eXtreme Gradient Boosting Tree (XGBoost) algorithm, the detection of anonymous traffic is realized. Different from the existing anonymous traffic feature detection methods based on protocol features and traffic features, this method extracts the characteristics of the traffic itself for research. The experimental results show that the accuracy of this method can reach 98%.

Key words： anonymous communication traffic detection Shadowsocks entropy estimation

年卷期日期: 2023-05-10 出版日期: 2024-01-24

引用本文:

尹禛. 基于信息熵的匿名流量检测方法[J]. 电脑与电信, 2023, 1(5): 58-.
YIN Zhen. An Anonymous Traffic Detection Method Based on Entropy Estimation. Computer & Telecommunication, 2023, 1(5): 58-.

链接本文:

https://www.computertelecom.com.cn/CN/10.15966/j.cnki.dnydx.2023.05.008 或 https://www.computertelecom.com.cn/CN/Y2023/V1/I5/58