网站指纹识别与防御研究综述  被引量：4

作　　者：邹鸿程 苏金树[1] 魏子令 赵宝康[1] 夏雨生 赵娜 ZOU Hong-Cheng;SU Jin-Shu;WEI Zi-Ling;ZHAO Bao-Kang;XIA Yu-Sheng;ZHAO Na(College of Computer,National University of Defense Technology,Changsha 410073;Department of Information Science and Technology,Changsha Normal University,Changsha 410100)

机构地区：[1]国防科技大学计算机学院,长沙410073 [2]长沙师范学院信息科学与工程学院,长沙410100

出　　处：《计算机学报》2022年第10期2243-2278,共36页Chinese Journal of Computers

基　　金：国家重点研发计划项目(2018YFB0204301);国家自然科学基金面上项目(61972412);湖南省科技创新计划(2020RC2047);湖南省教育厅科学研究一般项目(19C0140);长沙师范学院校级课题(2019xjzkpy16)资助.

摘　　要：随着互联网的普及,人们越来越多地通过浏览网站获取消息、社交娱乐或者从事商业活动.用户的浏览兴趣往往暴露了个人的隐私.为了保护自己的浏览隐私,人们开始通过集成了隐私增强技术的网络来访问网站.然而,网站指纹识别与防御的研究成果表明通过隐私增强技术来保护用户访问网站的隐私已不再安全.因此,该研究引发了学术界和产业界的广泛关注.为此,本文以系统化网站指纹研究为目标和牵引,围绕网站指纹研究的最新成果,首先概述了网站指纹研究的基本概念、识别假设、威胁模型、防御模型和研究意义,随后分两节分别详细论述了网站指纹识别和防御的评价指标、分类方法和主要研究成果.在此基础上,本文对网站指纹识别和防御的相关研究分为主体研究和辅助研究两个方面进行论述,置重点于主体研究部分.具体地,在识别方向,对其主体研究即识别方法按照相似度判别法、传统机器学习方法和深度学习方法等三种类别展开阐述,再进一步细分为具体的数学模型进行讨论分析;在防御方向,对其主体研究即防御方法则按照网络层防御、应用层防御和复合层防御进行划分,然后根据各种防御方法具体使用的防御模式进行二次分类,并进行比较综述.最后,本文提出了网站指纹研究面临的三大挑战,并对未来的研究方向进行了展望.With the popularity of the Internet,more and more people browse websites to obtain news,social entertainment or engage in business activities.The user’s browsing interest often exposes personal privacy.To protect their browsing privacy,people begin to visit websites through a network integrated with privacy-enhancing technologies.Under this background,the research of website fingerprinting is proposed and studied widely.It includes two perspectives,namely website fingerprinting identification and defense.Website fingerprinting identification is a kind of traffic analysis technique.It enables a local adversary to identify a target user’s browsing websites without decrypting packets or modifying the traffic.In a general process of identification,the adversary first collects the traffic of the target user,then extracts a set of alternative traffic features,such as packet lengths,packet directions,packet statistics,and so on.The selected features together with the labels(i.e.,true websites)are input into a given mathematical model to learn the optimal parameters automatically.After training,the model can predict the labels of the unknown traffic with high accuracy by similarly extracting its features like the training phase.To date,researchers have proposed a large number of identification methods by combining different models with various kinds of features.To lessen the threat of website fingerprinting identification,researchers try to obfuscate the key traffic features in various ways,including packet padding,link padding,traffic splitting,and so on.The kind of research is called website fingerprinting defense in the literature.Obviously,the defense methods will introduce extra bandwidth or time overhead to a different degree,even requiring modifying the code of the explorer or web server.These great limit their application in reality.Nevertheless,these defense methods enrich the variety of privacy-enhancing technologies.Moreover,some of them are the candidates to be integrated into Tor.However,none of them can

关 键 词：网络空间安全 网站指纹 流量分析 隐私保护 应用安全 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]