CN115242674A - Hidden service tracking system based on Tor protocol time sequence characteristics - Google Patents
Hidden service tracking system based on Tor protocol time sequence characteristics Download PDFInfo
- Publication number
- CN115242674A CN115242674A CN202210876836.2A CN202210876836A CN115242674A CN 115242674 A CN115242674 A CN 115242674A CN 202210876836 A CN202210876836 A CN 202210876836A CN 115242674 A CN115242674 A CN 115242674A
- Authority
- CN
- China
- Prior art keywords
- signal
- record
- module
- tor
- hidden service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a hidden service tracking system based on Tor protocol time sequence characteristics, and relates to the field of tracking and tracing in Tor anonymous networks. The system comprises a signal sending module, a signal detection module, a task issuing module, a record receiving module and a record matching module. The Tor client running the hidden service is tracked more accurately by sending a signal in the circuit leading to the hidden service with the help of the timing characteristics of the Tor protocol, the signal carrying sufficient information. The invention can accurately, stably and efficiently track a plurality of hidden services.
Description
Technical Field
The invention relates to the field of tracking and tracing in a Tor anonymous network, in particular to a hidden service tracking system based on Tor protocol time sequence characteristics.
Background
As the internet has been deeply integrated into the lives of people, privacy and security have become the focus of attention. The traditional cryptography technology can ensure the integrity and confidentiality of user data transmitted on the network, but cannot hide the identity information of the user. In order to protect the privacy of the user, the anonymous communication technology is generated by using a relay node to forward data between the user and a server to mask the identity of the user, so that the anonymous communication effect is achieved.
The Tor (The online Router, onion Router) anonymous network is one of The most popular anonymous communication technologies, and provides a hidden service mechanism to enable a service provider to provide services to The outside world without exposing its own real IP address. The essence of the hidden service is that a plurality of relay nodes are randomly selected to establish a circuit between the Tor client and the Tor server, and data interacted between the Tor client and the Tor server are forwarded by the relay nodes. In the communication process, interactive data are encrypted, all relay nodes on the circuit do not know transmission content, and meanwhile the Tor client and the Tor server do not know the identity of each other. The hidden service has good anonymity, and is often used by illegal personnel to implement illegal criminal activities, which brings great obstruction to network law enforcement departments.
For hidden service tracking, the academics propose a plurality of tracking methods, and the core idea of the methods is to establish a circuit leading to a Tor service end and send a special signal on the circuit to prompt relay nodes on the circuit that their neighbor nodes may operate hidden services. If the relay node controlled by the tracker happens to be selected as the node on the circuit and is directly connected with the server, the relay node receiving the signal can confirm that the neighbor node is the Tor server running the hidden service, and therefore the hidden service tracking task is completed.
The existing hidden service tracking method has some defects, including that the amount of information carried by the signal is small, the signal is susceptible to interference from external factors, and the method for sending the signal is too complex. This makes the tracker have a high probability of mistakenly identifying the node as the Tor server, and cannot track a plurality of Tor servers at the same time, which finally results in low tracking efficiency. The existing method has no tracking method which is high in accuracy and strong in robustness and can simultaneously track a plurality of Tor service terminals.
Therefore, those skilled in the art are dedicated to develop a hidden service tracking system based on the Tor protocol timing characteristic, which can accurately, stably and efficiently track a plurality of hidden services.
Disclosure of Invention
In view of the above defects in the prior art, the technical problem to be solved by the present invention is how to implement a hidden service tracking system that has high accuracy, strong stability and supports multi-target tracking.
In order to achieve the aim, the invention provides a hidden service tracking system based on Tor protocol time sequence characteristics, which comprises a signal sending module, a signal detection module, a task issuing module, a record receiving module and a record matching module, wherein the signal sending module is used for sending a signal to a server;
the signal sending module is used for receiving a signal sending task issued by the task issuing module, establishing a circuit leading to a hidden server, sending a series of special data packets in the circuit to represent a signal, and reporting a signal sending record to the recording receiving module;
the signal detection module is deployed to a relay node of the Tor anonymous network in advance, continuously detects a special signal in a circuit passing through the signal detection module, records related information of a neighbor node if the circuit has the signal, and reports a signal detection record to the record receiving module;
the task issuing module receives a hidden service list containing the hidden service to be tracked, continuously issues tasks to the signal sending module and requires the signal sending module to circularly send special signals to the hidden service to be tracked;
the record receiving module continuously receives the records reported by the signal sending module and the signal detecting module and stores the two records in corresponding databases;
and the record matching module extracts the signal sending record and the signal detection record from the database, matches the signals stored in the two records and outputs the successfully matched record to the user.
Further, the method comprises the following steps:
step 1, a tracker inputs a list containing hidden services to be tracked to a task issuing module;
step 2, the task issuing module generates a signal sending task for each hidden service to be tracked and issues the task to the signal sending module;
step 3, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends a signal on the circuit, packages the sent signal and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
step 4, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 5, the signal detection module continuously detects signals in the circuit, if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 6, the record receiving module receives the signal detection record and stores the record into a detection record database;
and 7, sequentially processing each detection record in the detection record database by the record matching module, searching the transmission records with the same signal from the transmission record database for the detection record, and presenting the matched transmission record and the detection record to a user to complete the hidden service tracking task.
Further, the step 3 comprises the following steps:
step 3.1, the signal sending module controls the Tor client to establish an idle circuit leading to the client running the hidden service Tor;
3.2, the signal sending module randomly generates a signal, wherein the signal has 32 signal units, including a signal unit 0 and a signal unit 1;
3.3, the signal sending module sends each signal unit in the signal in sequence until all the signal units are sent; for sending the semaphore unit 0, it controls the Tor client to send a RELAY _ BEGIN _ NOPORT packet and waits to receive a RELAY _ END packet; in order to send the signal unit 1, the Tor client is controlled to continuously send two RELAY _ BEGIN _ NOPORT data packets and waits for receiving two RELAY _ END data packets;
and 3.4, the signal sending module stores the successfully sent signals and the corresponding hidden services in a signal sending record and uploads the signal sending record to the record receiving module.
Further, the task issuance module requires the signaling module to cyclically signal hidden services in the trace list.
Further, the task issuing module assigns a number to each signal sending module, the first 8 signal units of the signal are consistent with the binary value of the number, and the last 24 signal units of the signal are a random combination of 0 and 1.
Further, after the signal sending module finishes sending the signal, the circuit is disconnected and a signal sending record is generated.
Further, the signaling record includes a hidden service identifier, a transmitted signal, a transmission start time, and a transmission end time.
Further, the signal detection module judges whether the relay node is running or not after being started, and if the relay node exits, the signal detection module performs cleaning work and ends.
Further, each time the relay node receives a data packet from another node, the relay node sends the data packet quadruple to the signal detection module.
Further, the data packet quadruple comprises a circuit identifier to which the data packet belongs, a data packet type, an arrival time and a transmission direction.
In a preferred embodiment of the present invention, the present invention provides a hidden service tracking system based on the Tor protocol timing characteristics, which can accurately, stably and efficiently track a plurality of hidden services.
The invention provides a hidden service tracking system based on Tor protocol time sequence characteristics, which comprises:
and the signal sending module is used for receiving the signal sending task issued by the task issuing module, establishing a circuit leading to the hidden server, sending a series of special data packets in the circuit to represent a signal, reporting the signal sending record to the recording receiving module.
And the signal detection module is deployed to the relay node of the Tor anonymous network in advance, continuously detects special signals in a circuit passing through the signal detection module, records the related information of the neighbor node if the signal exists in the circuit, and reports a signal detection record to the record receiving module.
And the task issuing module receives a hidden service list containing a plurality of to-be-tracked services, continuously issues tasks to the signal sending module and requires the signal sending module to circularly send special signals to the to-be-tracked hidden services.
And the record receiving module is used for continuously receiving the records reported by the signal sending module and the signal detecting module and storing the two records into corresponding databases.
And the record matching module is used for extracting the signal sending record and the signal detection record from the database, matching the signals stored in the two records and outputting the successfully matched record to a user.
In a tracking system, the invention designs a set of signal sending, detecting and matching algorithms. The implementation process of the algorithm comprises the following steps:
step 101, a tracker inputs a list containing a plurality of hidden services to be tracked into a task issuing module;
102, a task issuing module generates a signal sending task for each hidden service to be tracked and issues the task to the signal sending module;
103, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends a signal on the circuit, packages the sent signal and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
step 104, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 105, the signal detection module continuously detects signals in the circuit, and if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 106, the record receiving module receives the signal detection record and stores the record into a detection record database;
and step 107, the record matching module sequentially processes each detection record in the detection record database, searches for a transmission record with the same signal from the transmission record database for one detection record, and presents the matched transmission record and detection record to a user to complete the hidden service tracking task.
In the above steps, the signaling module implements a signaling algorithm by means of the timing characteristics of the Tor protocol, and the implementation of the algorithm includes the following steps:
103-1, controlling a Tor client to establish an idle circuit leading to the client running the hidden service Tor by a signal sending module;
103-2, the signal sending module randomly generates a signal, wherein the signal has 32 signal units, including a signal unit 0 and a signal unit 1;
103-3, the signal sending module sends each signal unit in the signal in sequence until all the signal units are sent; for sending the semaphore unit 0, it controls the Tor client to send a RELAY _ BEGIN _ NOPORT packet and waits to receive a RELAY _ END packet; in order to send the signal unit 1, the Tor client is controlled to continuously send two RELAY _ BEGIN _ NOPORT data packets and waits for receiving two RELAY _ END data packets;
and 103-4, the signal sending module stores the successfully sent signals and the corresponding hidden services in a signal sending record and uploads the signal sending record to the signal receiving module.
Compared with the prior art, the invention has the following obvious substantive characteristics and remarkable advantages:
1. according to the hidden service tracking system based on the Tor protocol time sequence characteristics, the signal is sent in the circuit leading to the hidden service by means of the Tor protocol time sequence characteristics, the signal can carry sufficient information, and a tracker can more accurately track the Tor client operating the hidden service.
2. The hidden service tracking system has strong robustness and can effectively resist the influence caused by network transmission delay jitter and network congestion.
3. The hidden service tracking system is clear in structural division, easy to implement, and capable of being rapidly deployed in a Tor anonymous network and generating effects;
4. the hidden service tracking system supports the simultaneous tracking of a plurality of hidden services, different tracking tasks cannot interfere with each other before, and meanwhile, the tracking tasks cannot be influenced by other Tor users.
5. The hidden service tracking system based on the Tor protocol time sequence characteristic can accurately, stably and efficiently track a plurality of hidden services.
The conception, the specific structure and the technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, the features and the effects of the present invention.
Drawings
FIG. 1 is a schematic diagram of a hidden service tracking system according to a preferred embodiment of the present invention;
FIG. 2 is a flow diagram illustrating the operation of the task publication module according to a preferred embodiment of the present invention;
FIG. 3 is a flow chart illustrating the operation of the signaling module according to a preferred embodiment of the present invention;
FIG. 4 is a flow chart illustrating the operation of the signal detection module according to a preferred embodiment of the present invention;
FIG. 5 is a flow chart of the operation of the record receiving module according to a preferred embodiment of the present invention;
FIG. 6 is a flow chart of the operation of the record matching module according to a preferred embodiment of the present invention.
Detailed Description
The technical contents of the preferred embodiments of the present invention will be more clearly and easily understood by referring to the drawings attached to the specification. The present invention may be embodied in many different forms of embodiments and the scope of the invention is not limited to the embodiments set forth herein.
In the drawings, structurally identical elements are represented by like reference numerals, and structurally or functionally similar elements are represented by like reference numerals throughout the several views. The size and thickness of each component shown in the drawings are arbitrarily illustrated, and the present invention is not limited to the size and thickness of each component. The thickness of the components may be exaggerated where appropriate in the figures to improve clarity.
The invention provides a hidden service tracking system based on Tor protocol time sequence characteristics, which consists of a task issuing module, a signal sending module, a signal detection module, a record receiving module and a record matching module. The signal detection module and the relay node are deployed in advance into the Tor anonymous network by a tracker so that the signal detection module and the relay node can be selected as nodes on a circuit by a Tor service end running hidden service, and therefore the signal detection module can detect signals.
The general structure of the hidden service system is shown in fig. 1:
the tracker prepares a list containing several hidden services to be tracked and inputs the tracking list to the task issuing module. The task issuing module processes the hidden services in the trace list cyclically, it generates a signalling task for each hidden service and then distributes the task to an available signalling module.
After receiving the task containing the hidden service, the signal sending module establishes a circuit leading to the hidden service, generates a signal and sends the signal to the hidden service through the previously established circuit. After the signal is sent, the signal sending module closes the circuit, and then reports the sent signal and other related information to the recording and receiving module.
The signal detection module is bound with the relay node, the tracker is deployed in the Tor anonymous network in advance, and the tracker can deploy the signal detection module and the relay node as many as possible so as to improve the tracking success probability. The main task of the signal detection module is to detect signals in the circuit passing through the signal detection module, and if any signal is detected, the signal detection module reports the detected signal and related information to the recording receiving module.
And finally, the record matching module performs signal matching according to the data reported by the signal sending module and the signal detection module. If it finds the reported sending signal and the detection signal consistent, it may locate the real IP address of the darknet website, thereby presenting the tracking result to the tracker.
FIG. 2 illustrates the workflow of the task publication module: after starting, the task issuing module enters a loop, the head of the loop judges whether a user selects to exit, if so, the module is ended, otherwise, the task issuing module enters the main body of the loop. In the loop body, the task issuing module takes out a hidden service from the hidden service tracking list input by the tracker (the list pointer automatically points to the next hidden service after taking out), and finds a free available signaling module. And then the task issuing module generates a signal sending task and requires the signal sending module to send a signal to the hidden service. After the task is released, the task releasing module judges whether the tail of the tracking list is reached, if the tail is reached, the task releasing module returns to the head of the tracking list and switches to the head of the cycle, and the task of the next round of signal sending is continuously released. In the above process, the task issuing module requests the signal sending module to cyclically send a signal to the hidden service in the tracking list. This is because, when a signal is sent to the hidden service at a single time, the signal detection module is not necessarily selected as a relay node on the circuit by the Tor service side, and thus the signal cannot be detected. And sending signals to the hidden service for multiple times, wherein the signal detection module can be selected as a node on a circuit when a certain signal sending task is executed, so that the signals can be detected and positioned to the Tor service end, and a tracking task is completed.
The working flow of the signal sending module is shown in fig. 3: after starting, the system waits for receiving an instruction and carries out corresponding action according to the received quit instruction and the signal sending task instruction. When the signal sending module receives the signal sending task instruction, it first generates a signal, the length of which is fixed to 32 (or may be set to other values), that is, a signal is composed of 32 signal units (signal unit 0 or signal unit 1). Each signal sending module is assigned with a unique number by the task issuing module, the first 8 signal units of the signal are consistent with the binary value of the number, and the last 24 signal units of the signal are random combination of 0 and 1. Therefore, signals generated by different signal transmitting modules do not collide, and signals generated by the same signal transmitting module for multiple times are different.
Next, the signaling module establishes a circuit leading to the hidden service, sequentially extracts one signal unit from the generated signal, transmits a corresponding number of delay _ BEGIN _ port packets and waits for receiving the same number of delay _ END packets, and repeats the above operations until all signal units are transmitted. Wherein, the signal unit 0 corresponds to 1 RELAY _ BEGIN _ no packet and 1 RELAY _ END packet; the signal unit 1 corresponds to 2 RELAY _ BEGIN _ port packets and 2 RELAY _ END packets. Responding to the RELAY _ BEGIN _ NOPORT packet with a RELAY _ END packet is a timing feature of the Tor protocol.
After the signal transmission is finished, the signal transmission module disconnects the circuit and generates a signal transmission record: < hidden service identifier, transmitted signal, transmission start time, transmission end time >, and upload transmission record to record receiving module. And finally, the signal sending module enters a command receiving state and waits for the next command.
Fig. 4 depicts the operational flow of the signal detection module: after the relay node is started, whether the relay node still operates or not is judged, and if the relay node exits, the relay node performs cleaning work and ends; otherwise, it waits for a data packet from the receiving relay node. The relay node is adapted to send a quadruple (representing a packet) of < the circuit identifier to which the packet belongs, the type of the packet, the arrival time, and the transmission direction > to the signal detection module whenever it receives a packet from another node. The signal detection module maintains a circuit record for each circuit that contains the quadruples of all transmitted packets on the circuit. After receiving the data packet sent by the relay node, the signal detection module adds the data packet to the corresponding circuit record.
Next, the signal detection module processes each circuit record in a loop, and determines whether the circuit is in a shutdown state by determining whether a DESTROY packet exists in the circuit record. If the circuit has been shut down, it attempts to detect a signal from the circuit. Once the signal is detected, the signal detection module reports a detection record to the record receiving module: < last node IP address, detected signal, signal start time, signal end time > and delete the corresponding circuit record. The last node refers to a node that initiates a circuit establishment request to the relay node. And after the signal detection module finishes processing all circuit records, returning to a state of waiting for receiving the data packet, and continuing to process the next batch.
The work flow of the recording and receiving module is simple, as shown in fig. 5: when receiving a signal transmission record reported by a signal transmission module, the device stores the record into a transmission record database; and when receiving the signal detection record reported by the signal detection module, storing the record into a detection record database.
FIG. 6 illustrates the workflow of the record matching module, which is responsible for matching the send record with the detect record. The record matching module has a parameter δ representing the upper limit of time it takes for one side of the circuit to transmit a packet to the other side, the value of which is set to 3 seconds. After starting, the record matching module enters a loop to monitor and detect whether a new record appears in the record database. Every time a new detection record arrives, the record matching module extracts the signal with the starting time t s The signal end time is t e And the detected signal is sig. Subsequently, it searches the transmission record database for a location satisfying the signal transmission start time position (t) s -δ,t s ) The signal transmission end time is (t) e -δ,t e ) And the transmitted signal is equal to the transmission record of the three conditions sig. If there is a transmission record satisfying the above condition and the last node IP address stored in the detection record does not belong to any known relay node, it can be determined that the real IP address of the hidden service in the transmission record is the detection recordAnd measuring the IP address in the record, and outputting the result to the tracker by the record matching module.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concept. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (10)
1. A hidden service tracking system based on Tor protocol time sequence characteristics is characterized by comprising a signal sending module, a signal detection module, a task issuing module, a record receiving module and a record matching module;
the signal sending module is used for receiving a signal sending task issued by the task issuing module, establishing a circuit leading to a hidden server, sending a series of special data packets in the circuit to represent a signal, reporting the signal and sending a record to the record receiving module;
the signal detection module is deployed to a relay node of the Tor anonymous network in advance, continuously detects a special signal in a circuit passing through the signal detection module, records related information of a neighbor node if the circuit has the signal, and reports a signal detection record to the record receiving module;
the task issuing module receives a hidden service list containing the service to be tracked, issues tasks to the signal sending module continuously, and requires the signal sending module to send special signals to the hidden service to be tracked circularly;
the record receiving module continuously receives the records reported by the signal sending module and the signal detecting module and stores the two records in corresponding databases;
and the record matching module extracts the signal sending record and the signal detection record from the database, matches the signals stored in the two records and outputs the successfully matched record to the user.
2. The Tor protocol timing behavior based hidden service tracking system of claim 1, comprising the steps of:
step 1, a tracker inputs a list containing hidden services to be tracked into a task issuing module;
step 2, the task issuing module generates a signal sending task for each hidden service to be tracked and issues the task to the signal sending module;
step 3, for each signal sending task, the signal sending module establishes a circuit leading to the corresponding hidden service, sends a signal on the circuit, packages the sent signal and the corresponding hidden service in a signal sending record, and uploads the signal sending record to the record receiving module;
step 4, the record receiving module receives the signal sending record and stores the record into a sending record database;
step 5, the signal detection module continuously detects signals in the circuit, if the signals exist in the circuit, the signals and neighbor nodes in the circuit are packaged into a signal detection record, and the signal detection record is reported to the record receiving module;
step 6, the record receiving module receives the signal detection record and stores the record into a detection record database;
and 7, sequentially processing each detection record in the detection record database by the record matching module, searching the transmission records with the same signal from the transmission record database for the detection record, and presenting the matched transmission record and the detection record to a user to complete the hidden service tracking task.
3. The Tor protocol timing behavior based hidden service tracking system of claim 2 wherein said step 3 comprises the steps of:
step 3.1, the signal sending module controls the Tor client to establish an idle circuit leading to the client running the hidden service Tor;
3.2, the signal sending module randomly generates a signal, wherein the signal has 32 signal units, including a signal unit 0 and a signal unit 1;
3.3, the signal sending module sends each signal unit in the signal in sequence until all the signal units are sent; for sending the semaphore unit 0, it controls the Tor client to send a RELAY _ BEGIN _ NOPORT packet and waits to receive a RELAY _ END packet; in order to send the signal unit 1, the Tor client is controlled to continuously send two RELAY _ BEGIN _ NOPORT data packets and waits for receiving two RELAY _ END data packets;
and 3.4, the signal sending module stores the successfully sent signals and the corresponding hidden services in a signal sending record and uploads the signal sending record to the record receiving module.
4. The Tor protocol timing behavior-based hidden service tracking system of claim 1, wherein the task issuance module is to require the signaling module to cyclically signal hidden services in the tracking list.
5. The Tor protocol timing behavior based hidden service tracking system of claim 3, wherein the task orchestration module assigns a number to each signaling module, the first 8 signal elements of the signal being consistent with a binary value of the number, and the last 24 signal elements of the signal being a random combination of 0 and 1.
6. The Tor protocol timing behavior based hidden service tracking system of claim 1 wherein the signaling module disconnects the circuit and generates a signaling record after signaling is completed.
7. The Tor protocol timing behavior-based hidden service tracking system of claim 6, wherein the signaling record comprises a hidden service identifier, a signaled, a transmission start time, a transmission end time.
8. The Tor protocol timing characteristic based hidden service tracking system of claim 1, wherein the signal detection module determines whether the relay node is operational after startup and if the relay node has exited, performs a cleaning operation and ends.
9. The Tor protocol timing characteristic based hidden service tracking system of claim 1, wherein the relay node sends packet quads to the signal detection module whenever it receives packets from other nodes.
10. The Tor protocol timing behavior based hidden service tracking system of claim 9, wherein the packet quadruple comprises a circuit identifier to which a packet belongs, a packet type, an arrival time, a transmission direction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210876836.2A CN115242674B (en) | 2022-07-25 | 2022-07-25 | Hidden service tracking system based on Torr protocol time sequence characteristic |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210876836.2A CN115242674B (en) | 2022-07-25 | 2022-07-25 | Hidden service tracking system based on Torr protocol time sequence characteristic |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115242674A true CN115242674A (en) | 2022-10-25 |
| CN115242674B CN115242674B (en) | 2023-08-04 |
Family
ID=83674721
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210876836.2A Active CN115242674B (en) | 2022-07-25 | 2022-07-25 | Hidden service tracking system based on Torr protocol time sequence characteristic |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115242674B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005043938A (en) * | 2003-07-22 | 2005-02-17 | Fuji Xerox Co Ltd | Access controller and its method |
| CN102624706A (en) * | 2012-02-22 | 2012-08-01 | 上海交通大学 | Method for detecting DNS (domain name system) covert channels |
| CN102664881A (en) * | 2012-04-13 | 2012-09-12 | 东南大学 | Method for positioning hidden service under hypertext transfer protocol 1.1 |
| CN102664904A (en) * | 2012-05-16 | 2012-09-12 | 东南大学 | Hidden file transfer service positioning method in passive mode |
| US20170012942A1 (en) * | 2014-04-11 | 2017-01-12 | Nant Holdings Ip, Llc | Fabric-Based Anonymity Management, Systems and Methods |
| CN107276978A (en) * | 2017-04-25 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method |
| CN108494769A (en) * | 2018-03-21 | 2018-09-04 | 广州大学 | The source tracing method of service is hidden in a kind of Tor Anonymizing networks |
| CN110493369A (en) * | 2019-08-27 | 2019-11-22 | 王晓阳 | Method, system and the detection device that a kind of pair of concealment electronic equipment is detected |
| CN111131145A (en) * | 2019-11-08 | 2020-05-08 | 西安电子科技大学 | Management query system and method for hiding communication key nodes |
| CN113938299A (en) * | 2021-10-12 | 2022-01-14 | 北京哈工创新计算机网络与信息安全技术研究中心 | Transaction tracing method for hidden service node of bit currency |
-
2022
- 2022-07-25 CN CN202210876836.2A patent/CN115242674B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005043938A (en) * | 2003-07-22 | 2005-02-17 | Fuji Xerox Co Ltd | Access controller and its method |
| CN102624706A (en) * | 2012-02-22 | 2012-08-01 | 上海交通大学 | Method for detecting DNS (domain name system) covert channels |
| CN102664881A (en) * | 2012-04-13 | 2012-09-12 | 东南大学 | Method for positioning hidden service under hypertext transfer protocol 1.1 |
| CN102664904A (en) * | 2012-05-16 | 2012-09-12 | 东南大学 | Hidden file transfer service positioning method in passive mode |
| US20170012942A1 (en) * | 2014-04-11 | 2017-01-12 | Nant Holdings Ip, Llc | Fabric-Based Anonymity Management, Systems and Methods |
| CN107276978A (en) * | 2017-04-25 | 2017-10-20 | 中国科学院信息工程研究所 | A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method |
| CN108494769A (en) * | 2018-03-21 | 2018-09-04 | 广州大学 | The source tracing method of service is hidden in a kind of Tor Anonymizing networks |
| CN110493369A (en) * | 2019-08-27 | 2019-11-22 | 王晓阳 | Method, system and the detection device that a kind of pair of concealment electronic equipment is detected |
| CN111131145A (en) * | 2019-11-08 | 2020-05-08 | 西安电子科技大学 | Management query system and method for hiding communication key nodes |
| CN113938299A (en) * | 2021-10-12 | 2022-01-14 | 北京哈工创新计算机网络与信息安全技术研究中心 | Transaction tracing method for hidden service node of bit currency |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115242674B (en) | 2023-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11122067B2 (en) | Methods for detecting and mitigating malicious network behavior and devices thereof | |
| CN109302346B (en) | Method and device for transmitting data flow | |
| KR20200033090A (en) | An apparatus for network monitoring and method thereof, and system | |
| CN110474818B (en) | Block chain network sniffer, network sniffing method and optimization method | |
| CN108900374B (en) | Data processing method and device applied to DPI equipment | |
| EP3128713B1 (en) | Page push method and system | |
| JP2007325154A (en) | Management device which investigates route state of network, and network system thereof | |
| CN114024972B (en) | Long connection communication method, system, device, equipment and storage medium | |
| CN102045300A (en) | Detecting method, device and system of botnet | |
| US8161555B2 (en) | Progressive wiretap | |
| CN107872396A (en) | Communication means, processing equipment, terminal device and server with overtime control | |
| Zali et al. | Real-time attack scenario detection via intrusion detection alert correlation | |
| CN112738109A (en) | Web attack detection method and device | |
| CN109286594A (en) | The processing method and processing device of address analysis protocol message | |
| CN109525620B (en) | Message pushing system, method and device | |
| CN101741745A (en) | Method and system for identifying application traffic of peer-to-peer network | |
| CN109962879B (en) | Security defense method and controller for distributed reflective denial of service (DRDoS) | |
| CN115242674A (en) | Hidden service tracking system based on Tor protocol time sequence characteristics | |
| US11115290B2 (en) | Network monitoring of time synchronization protocols using convolutional neural networks | |
| US7283475B2 (en) | Fractal dimension analysis for data stream isolation | |
| CN110351273B (en) | Method, device and system for network tracking long chain attack | |
| CN101753456A (en) | Method and system for detecting flow of peer-to-peer network | |
| CN112822208A (en) | Internet of things equipment identification method and system based on block chain | |
| Zali et al. | Real-time intrusion detection alert correlation and attack scenario extraction based on the prerequisite-consequence approach | |
| CN111600808A (en) | Information processing method and device for instant messaging |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |