基于可控重连的Tor流量隐蔽

以往的Tor(The Onion Router)流量隐蔽方案(Pluggable Transports,PT)使用对通信数据的混淆或伪装等手段来躲避检测,但仍无法隐藏TCP连接层面的流量特征,如连接时长和数据包大小,应用机器学习等检测方法仍能识别出Tor流量。对此,提出面向Tor的可控重连算法,从连接层面开展了Tor流量隐蔽的研究工作,即对PT客户端与服务端之间的TCP通信进行定时断开和重连,实现对连接时长的精细控制,同时控制数据包的大小使之与正常流量分布接近。实验证明,在局域网环境下,该算法能以秒级精度控制连接时长,并生成大小符合正常流量分布的数据包,有助于提升Tor流量隐蔽的效果。

TOR TRAFFIC CONCEALMENT BASED ON CONTROLLABLE RECONNECTION

Previous Tor traffic concealment schemes(Pluggable Transports,PT)avoids detection by obfuscating or encrypting Tor traffic,but they cannot hide the traffic characteristics at the TCP connection level,such as connection duration and packet size.Tor traffic can still be identified by machine learning and other detection methods.In view of this situation,the paper presents a controllable reconnection algorithm for Tor,and the Tor traffic concealment is studied at the connection level.PT system gained fine control of connection time by disconnecting and reconnecting the TCP communication periodically between the PT client and the PT server.Besides,the size of packet was modified to make it close to normal traffic distribution.Experimental results show that the algorithm can control the connection time with the accuracy of seconds under the LAN environment,and generate data packets with size similar to the normal traffic distribution,which can help improve the effect of Tor traffic concealment.