基于数据增强与流数据处理的Tor流量分析模型  被引量：1

作　　者：席荣康 蔡满春[1] 芦天亮[1] XI Rongkang;CAI Manchun;LU Tianliang(School of Information and Network Security,People's Public Security University of China,Beijing 100032,China)

机构地区：[1]中国人民公安大学信息网络安全学院,北京100032

出　　处：《计算机工程》2023年第3期177-184,共8页Computer Engineering

基　　金：中国人民公安大学2022年基科费项目(2022JKF02009);国家重点研发计划“公共安全风险防控与应急技术装备”重点专项(20200017)。

摘　　要：Tor流量分析技术为打击利用Tor匿名通信工具从事的暗网犯罪活动提供了技术支撑,但目前存在数据难于收集、数据集不平衡、模型抗概念漂移能力差等问题。提出一种结合堆叠去噪自编码器和在线序列极限学习机的Tor流量分析模型。对原始Tor PACP包进行分割、去噪处理并提取特征序列。在此基础上,将一维序列转化为可视化灰度图并输入改进多尺寸深度卷积生成对抗网络,生成Tor流量样本以平衡数据集,利用堆叠降噪自动编码器进行序列降维并将特征输入在线序列极限学习机实现Tor匿名流量的在线流识别。实验结果表明,改进多尺寸深度卷积生成对抗网络可用于提升数据集质量并提高模型识别率约2.8个百分点,结合在线序列极限学习机和堆叠去噪自编码器的流量分析模型准确率可达95.7%,识别效率较传统卷积神经网络和长短期记忆网络模型有较大提升。Tor anonymous traffic identification technology provides a mechanism to combat illegal and criminal activities in the dark network using Tor anonymous communication tools.However,some challenges exist,such as data collection difficulties,unbalanced datasets,and the poor ability of the Tor analysis model to detect and adapt to conceptual drift.First,the collected original Tor PCAP traffic is segmented,denoised,and processed into byte sequences.Then,one-dimensional sequences are transformed into visual grayscale images and input to an improved multi-size Deep Convolution Generate Adversarial Network(DCGAN)to generate Tor traffic samples for data balancing.Finally,a Stacked Denoising Auto-Encoder(SDAE)is used for sequence dimensionality reduction,and the extracted features are input to an Online Sequential Extreme Learning Machine(OS-ELM)to realize the online flow recognition of Tor traffic.The experimental results show that the improved DCGAN can be used to improve the quality of data sets and improve the model recognition rate by about 2.8 percentage points.The accuracy of the traffic analysis model combined with OS-ELM and SDAE can reach 95.7%,and the recognition efficiency is greatly improved compared with traditional Convolutional Neural Network(CNN)and Long Short-Term Memory(LSTM)network models.

关 键 词：洋葱路由 概念漂移 流数据挖掘 数据增强 深度卷积生成对抗网络 堆叠去噪自动编码器 在线序列极限学习机 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]