中圖分類號(hào)：TP393.06文獻(xiàn)標(biāo)識(shí)碼：ADOI:10.19358/j.issn.2097-1788.2023.12.007
引用格式：楊剛，姜舟，張嬌婷，等.融合協(xié)議信息的TOR匿名網(wǎng)絡(luò)流量識(shí)別方法［J］.網(wǎng)絡(luò)安全與數(shù)據(jù)治理，2023，42（12）：41-47.

TOR anonymity network traffic recognition method integrating protocol information fusion

Abstract： Traffic analysis in the TOR（The Onion Router） anonymous network has become a challenging task. With the iterative updates of TOR′s obfuscation techniques, the introduction of the OBFS4 obfuscation protocol has made it increasingly difficult to detect TOR traffic. This paper provided a detailed study of TOR′s behavioral features, incorporating features of the OBFS4(ObjectBased File System4) obfuscation protocol algorithm to enhance the capability of detecting obfuscated traffic. In addition, this paper constructed a dataset covering various tunnel types, including web browsing, video streaming, and chat, to conduct experiments.The results show that the proposed method has significant effect on TOR traffic detection tasks based on the OBFS4 obfuscation protocol. The use of the lightGBM model has achieved the best detection performance, with an accuracy of 9889% when combining protocol features. Our approach was tested on various versions of TOR traffic, and the accuracy in detecting different versions of TOR traffic exceeded 97% in all cases.

Key words : TOR; obfuscation protocol features; behavioral features；lightGBM