مروری تحلیل ترافیک شبکه‌ گمنام‌ساز پارس با استفاده از یادگیری ماشین

همایون, حامد; دهقانی, مهدی; اکبری, حمید

مروری تحلیل ترافیک شبکه‌ گمنام‌ساز پارس با استفاده از یادگیری ماشین

نوع مقاله : مقاله پژوهشی

نویسندگان

¹ دانشجوی دانشگاه امام حسین علیه السلام

² عضو هیئت علمی

³ استادیار دانشگاه جامع امام حسین(ع)

چکیده

گمنامی یکی از ارکان حریم خصوصی در محیط اینترنت به شمار می‌‌‌‌آید که رعایت آن توسط دولت‌‌‌‌ها و سرویس‌‌‌‌های خدماترسانی امری ضروری است. تشخیص ترافیک عبوری از یک شبکه، به منزله تشخیص ماهیت آن ترافیک است و اگر این ترافیک، ترافیک یک گمنام‌ساز باشد به این معنی است که در شبکه اطلاعات محرمانه در حال رد و بدل شدن است و این به معنی خدشه وارد شدن به گمنامی است. رده‌بندی ترافیک، یک روش بسیار قوی در داده‌کاوی است که کاربردهای فراوانی دارد. از جمله این کاربردها می‌‌‌‌توان به مدیریت ترافیک با استفاده از شناسایی ترافیک عبوری از شبکه اشاره نمود. در این تحقیق با استفاده از روش‌های داده‌کاوی، در گام اول، میزان تفکیک‌پذیری گمنام‌ساز پارس (که یک گمنام‌ساز بومی است) با ترافیک گمنام‌سازهای مسیریاب پیازی، پروژه اینترنت نامرئی، جاندو و ترافیک HTTPS، و در گام دوم و در یک بررسی عمیق‌تر، میزان تفکیک‌پذیری ترافیک چهار سرویس متفاوت درون گمنام‌ساز پارس مورد بررسی قرار گرفت. نتایج این آزمایش‌ها در گام اول، رده‌بندی با دقت 100% و در گام دوم، دقت بالای 95% را (با استفاده از الگوریتم جنگل تصادفی) نشان می‌دهد. علاوه بر آن، با رتبه‌بندی ویژگی‌های استفاده شده در هر آزمایش، میزان تاثیرگذاری این ویژگی‌ها بر دقت کل و زمان ساخت مدل بررسی شده است.

کلیدواژه‌ها

20.1001.1.20086849.1400.12.2.1.9

عنوان مقاله [English]

Pars Anonymity Network Traffic Flow Analysis Using Machine Learning

نویسندگان [English]

Mehdi Dehghani ²
H. Akbari ³

² Teacher

³ Assistant Professor of Imam Hossein University

چکیده [English]

Anonymity is one of the fundamentals of privacy in the internet that should be strictly considered by governments and ISPs. Network traffic flow detection, is considered as detecting the nature of this traffic; Thus, if the traffic of an anonymizer is detected, it means that classified data is being transmitting throw the network, which in return is a great flaw in the anonymity system. Traffic classification - which has various applications - is one of the most powerful methods in datamining. Traffic management via detecting network traffic flow, is viewed as one of these applications. In this research, by using datamining techniques, in the first step the detection rate of Pars Anonymizer (as a domestic anonymizer) is assessed in compare with The Onion Router, Invisible Internet Project, JonDo and HTTPS Traffic, and at the next step, in a more detailed way, the classification rate of four different services in the desired anonymizer was studied. Results suggest that the classification accuracy rate of these experiments at the first step is 100% and at the next step -with the use of Random Forest algorithm- is 95%. In addition, by evaluating the used specifications in every experiment, the effectiveness of these specifications on the overall accuracy and the model build time was assessed.

کلیدواژه‌ها [English]

Anonymity
Anonymity Network
Data Mining
Classification
Machine Learning
Traffic Analysis

مراجع

[1]

A. Pfitzmann and M. Hansen, “Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management–A Consolidated Proposal for Terminology,” Fachterminologie Datenschutz und Datensicherheit, pp. 111–144, 2008.##

[2]

V. Paxson, “Bro: a System for Detecting Network Intruders in Real-Time,” Computer Networks,
pp. 2435–2463, 1999.##

[3]

“Bro intrusion Detection System-Bro Overview,” [Online]. Available: http://bro-ids.org.
[Accessed 24 April 2019].##

[4]

“Snort-The de Facto Standard for Intrusion detection/prevention,” 14 August 2007. [Online]. Available: http://www.snort.org.
[Accessed 18 April 2019].##

[5]

L. Stewart, G. Armitage, P. Branch, and S. Zander, “An Architecture For Automated Network Control of Qos over Consumer Broadband Links,” in Ieee International Region 10 Conference (Tencon 05), Melbourne, Australia, November 2005.##

[6]

D. Herrmann, R. Wendolsky, and H. Federrath, “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with The Multinomial Naïve-Bayes Classifier,” in Acm Workshop on Cloud Computing Security (Ccsw), pp. 31–42, 2009.##

[7]

D. Herrmann, “Online privacy: Attacks and Defenses,” it-Information Technology, vol. 57, no. 2, pp. 133-137, 2015.##

[8]

A. Panchenko, L. Niessen, A. Zinnen, and T. Engel, “Website fingerprinting in onion routing based anonymization networks,” ACM 10th annual Workshop on Privacy in the Electronic Society(WPES), pp. 103–114, 2011.##

[9]

J. Barker, P. Hannay And P. Szewczyk, “Using Traffic Analysis To Identify The Second Generation Onion Router,” in 9th Ieee/Ifip International Conference on Embedded and Ubiquitous Computing (Euc), pp. 72–78, 2011.##

[10]

M. AlSabah, K. S. Bauer, and I. Goldberg, “Enhancing Tor’s Performance Using Real-Time Traffic Classification,” in ACM Conference on Computer and Communications security (CCS), pp. 73–84, 2012.##

[11]

M. Alsabah and I. Goldberg, “Performance and Security Improvements for Tor: A Survey,” ACM Comput. Surv, vol. 49, no. 2, pp. 1-38, 2015.##

[12]

A. Almubayed, J. Atoum, and A. Hadi, “A Model for Detecting Tor Encrypted Traffic Using Supervised Machine Learning,” MECS, 2015.##

[13]

A. Springall, C. De Vito, and S.-H. S. Huang, “Per Connection Server-Side Identification of Connections Via Tor,” in IEEE 29th International Conference on Advanced Information Networking and Applications (AINA), pp. 727–734, 2015.##

[14]

K. Shahbar and N. Zincir-Heywood, “Benchmarking Two techniques for Tor Classification: Flow level and Circuit Level Classification,” in IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1–8, 2014.##

[15]

K. Shahbar, Analysis of Multilayer-Encryption Anonymity Networks, Ph.D. Thesis, Dalhousie University Halifax, Nova Scotia, 2017.##

[16]

K. Shahbar and N. Zincir-Heywood, “Packet Momentum for Identificationof Anonymity Networks,” Journal of Cyber Security and Mobility, vol. 6, pp. 27-56, 2017.##

[17]

K. Shahbar and N. Zincir-Heywood, “Traffic flow Analysis of Tor Pluggable Transports,” in Ieee 11th International Conference on Network and Service Management(CNSM), pp. 178–181, 2015.##

[18]

K. Shahbar and N. Zincir-Heywood, “An analysis of Tor pluggable transports under adversarial conditions,” in Ieee Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2017.##

[19]

K. Shahbar And N. Zincir-Heywood, “Effects of Shared Bandwidth on Anonymity of The I2p Network Users,” Ieee Symposium on Security And Privacy, Workshop on Traffic Measurements For Cybersecurity (Wtmc), 2017.##

[20]

A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, “Anonymity Services Tor, I2p, Jondonym Classifying In The Dark,” In Ieee Transactions on Dependable and Secure Computing, 2018.##

[21]

S. Lee, S. -H. Shin, and B. -H. Roh, “Classification of Freenet Traffic Flow Based on Machine Learning,” Journal of Communications, vol. 13, no. 11, pp. 654-660, 2018.##

[22]

K. Shahbar and N. Zincir-Heywood, “Anon17: Network Traffic Dataset of Anonymity Services,” Dalhousie University, Halifax, Canada, 2017.##

[23]

S. O. Akinola and O. J. Oyabugbe, “Accuracies and Training Times of Data Mining Classification Algorithms: An Empirical Comparative Study,” Journal of Software Engineering and Applications, pp. 470-477, 2015.##

[24]

S. Burschka and B. Dupasquier, “Tranalyzer: Versatile high performance network taffic analyzer,” IEEE Symposium Series ob Computatinal Intelligence (SSCI), pp. 1-8, 2016.##