面向暗网抑制的普适性安全理论研究构想和成果展望

黄诚; 丁建伟; 赵佳鹏; 陈周国; 时金桥

doi:10.12454/j.jsuese.202400800

您当前的位置：

首页 >

文章列表页 >

面向暗网抑制的普适性安全理论研究构想和成果展望

聚焦国家重点研发计划 | 更新时间：2025-01-17

- 面向暗网抑制的普适性安全理论研究构想和成果展望
- Towards a Universal Security Framework for Darknet Suppression: Conceptual Foundations and Future Prospects
- 工程科学与技术 2025年57卷第1期页码：1-10
- 作者机构：
  
  1.四川大学网络空间安全学院，四川成都 610065
  2.中国电子科技集团公司第三十研究所，四川成都 610093
  3.北京邮电大学网络空间安全学院，北京 100876
- 作者简介：
  
  [ "", "黄诚（1987—），男，副教授，博士. 研究方向：网络空间安全. E-mail：codesec@scu.edu.cn" ]
- 基金信息：
  
  国家重点研发计划项目（2023YFB3106600）
- DOI：10.12454/j.jsuese.202400800
  中图分类号： TP309.1
- 收稿日期：2024-10-07，
  
  修回日期：2024-12-16，
  
  网络出版日期：2024-12-25，
  
  纸质出版日期：2025-01-20
- 稿件说明：
移动端阅览
黄诚,丁建伟,赵佳鹏,等.面向暗网抑制的普适性安全理论研究构想和成果展望[J].工程科学与技术,2025,57(1):1–10

Huang Cheng,Ding Jianwei,Zhao Jiapeng,et al.Towards a universal security framework for darknet suppression: Conceptual foundations and future prospects[J].Advanced Engineering Sciences,2025,57(1):1–10
黄诚,丁建伟,赵佳鹏,等.面向暗网抑制的普适性安全理论研究构想和成果展望[J].工程科学与技术,2025,57(1):1–10 DOI： 10.12454/j.jsuese.202400800.

Huang Cheng,Ding Jianwei,Zhao Jiapeng,et al.Towards a universal security framework for darknet suppression: Conceptual foundations and future prospects[J].Advanced Engineering Sciences,2025,57(1):1–10 DOI： 10.12454/j.jsuese.202400800.

摘要

近年来，匿名网络及其架构上的“暗网”因其强隐蔽、高匿名、抗追溯的特性，成为传递敏感信息、实施网络攻击及开展网络犯罪的重要工具，给国家安全和社会稳定带来严重威胁。为应对暗网治理中通信行为隐蔽难识别、网络拓扑跳变难绘制、陷阱节点部署难伪装等挑战，本文旨在研究面向暗网抑制的普适性安全理论。本研究的关键科学问题凝练为：强对抗机制下结构信息缺失的动态时变网络行为刻画与推理问题。为突破以上问题，拟从基础理论、应用技术和示范系统3个层面开展研究，实现1个框架、3个方法、1个系统等五大研究内容。具体为：一是，建立面向暗网流量差异性与行为共性的协同量化理论框架，提出异构暗网普适性特征与差异化要素表征、统一安全量化、生态脆弱图构建及推理理论，解决网络结构复杂多样、通信行为动态多变的暗网可抑制性量化评估问题；二是，提出基于凸优化问题求解的流量实时轻量化识别方法，通过构建基于自身相似性关联的小流抽样模型与基于高斯核函数和多模态优化的暗网流量识别与业务分类模型，实现对暗网流量的实时、轻量化精准识别与分类；三是，提出基于行为不变性的多网络全时域连接预测与通连关系绘制方法，在统一安全量化理论的基础上，对跨位点连接进行表示，在动态网络中过滤无关连接后进行多网络全时域连接预测，并绘制通连关系，实现局部观测条件下暗网通连的多点全局关联；四是，提出基于局部观测暗网通连最优化的陷阱节点部署与溯源方法，实现部分可控节点条件下的暗网追踪溯源；五是，研发面向真实暗网场景的实时流量检测与溯源示范应用系统，并在相关执法单位进行落地应用，实现对暗网犯罪的精准治理。并且，详细阐述了协同量化理论构建、轻量化暗网流量识别、连接预测与通连关系绘制、陷阱部署与溯源机理、示范应用系统等五大任务的技术路线。通过本文的基础理论研究、技术应用和系统示范验证，推动暗网治理的理论发展，提升抑制暗网的效率，具有重要的社会与经济效益。

Abstract

Significance

In recent years

anonymous networks and their underlying darknet have become vital tools for transmitting sensitive information

conducting cyberattacks

and engaging in cybercrime due to their strong concealment

high anonymity

and resistance to traceability. These characteristics pose serious threats to national security and social stability. This project researches a universal security theory for darknet suppression to address the challenges of darknet governance

such as difficulties in identifying concealed communication behaviors

mapping dynamic network topologies

and disguising trap node deployments.

Progress

The main content includes: 1) Establishing a collaborative quantitative theoretical framework focused on darknet traffic differences and behavioral commonalities. This involves proposing heterogeneous darknet universal characteristics

differentiated element representations

unified security quantification

and ecological vulnerability graph construction theories. These approaches address the challenge of quantifying darknet suppressibility

which remains complicated by diverse network structures and dynamic communication behaviors. 2) Proposing a real-time lightweight traffic detection method based on solving convex optimization problems. This involves constructing a small flow sampling model based on self-similarity associations and a darknet traffic identification and service classification model using Gaussian kernel functions and multimodal optimization. This method enables precise

real-time identification and classification of darknet traffic. 3) Introducing a multi-network full-time domain connection prediction and relationship mapping method based on behavioral invariance. This approach represents cross-point connections and filters out irrelevant connections in dynamic networks to predict multi-network full-time domain connections and map relationships

achieving multi-point global associations of darknet connections under local observation conditions. 4) Proposing a trap node deployment and tracing optimization method for darknet connections based on local observations

enabling tracking and tracing of the darknet under conditions of partially controllable nodes. 5) Developing a real-time traffic detection and tracing demonstration system for real-world darknet scenarios

which law enforcement agencies implement to achieve precise governance of darknet-related crimes.

Conclusions and Prospects

This project significantly contributes to darknet governance by developing a quantitative framework for analyzing and managing darknet traffic. The proposed real-time lightweight traffic detection method enhances law enforcement’s ability to identify and classify darknet activities. In addition

these methods for predicting multi-network connections and optimizing trap node deployment improve tracking capabilities in complex environments. Future work focuses on refining these methodologies and exploring additional dimensions of darknet behavior to strengthen efforts in combating illicit online activities

generating meaningful social and economic benefits.

关键词

Keywords

references

Weimann G.Terrorist migration to the darknet[J].Perspectives on Terrorism,2016,10(3):40–44.

Dingledine R,Mathewson N,Syverson P.Tor:The second-generation onion router[C]//Proceedings of the 13th USENIX Security Symposium.San Diego:USENIX Association,2004:303–320.

Goldschlag D,Reed M,Syverson P.Onion routing[J].Communications of the ACM,1999,42(2):39–41.

Ali A,Khan M,Saddique M,et al.TOR vs I2P:A comparative study[C]//Proceedings of the 2016 IEEE International Conference on Industrial Technology(ICIT).Taipei:IEEE,2016:1748–1751.

Angel Y,Winter P.obfs4(the obfourscator).[EB/OL].(2019–01–15)[2024–12–15].https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/blob/HEAD/doc/obfs4-spec.txt.

Liu Shaoteng,Zhang Yuechen,Li Wenbo,et al.Video-P2P:Video editing with cross-attention control[C]//Proceedings of the 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).Seattle:IEEE,2024:8599–8608.

Ma Zhanyou,Yan Miao,Wang Rong,et al.Performance analysis of P2P network content delivery based on queueing model[J].Cluster Computing,2024,27(3):2901–2915.

Kiffer L,Rajaraman R.Stability of P2P networks under greedy peering(full version)[EB/OL].(2024–02–22)[2024–12–15].https://arxiv.org/abs/2402.14666v1.

Chen Zhicong,Jardine E,Liu Xiaofan,et al.Seeking anonymity on the Internet:The knowledge accumulation process and global usage of the Tor network[J].New Media&Society,2024,26(2):1074–1095.

Abdo J B,Hossain L.Modeling the invisible internet[M]//Complex Networks& Their Applications Ⅻ.Cham:Springer,2024:359–370.

Chao Daichong,Xu Dawei,Gao Feng,et al.A systematic survey on security in anonymity networks:Vulnerabilities,attacks,defenses,and formalization[J].IEEE Communications Surveys&Tutorials,2024,26(3):1775–1829.

Sakib N,Wuthier S,Zhang Kelei,et al.From slow propagation to partition:Analyzing Bitcoin over anonymous routing[C]//Proceedings of the 2024 IEEE International Conference on Blockchain and Cryptocurrency(ICBC).Dublin:IEEE,2024:377–385.

Clarke I,Sandberg O,Wiley B,et al.Freenet:A distributed anonymous information storage and retrieval system[M]//Anonymity 2000,LNCS 2009.Berlin:Springer,2001:46–66.

王良民,倪晓铃,赵蕙.网络层匿名通信协议综述[J].网络与信息安全学报,2020,6(1):11–26.]

Wang Liangmin,Ni Xiaoling,Zhao Hui.Survey of network-layer anonymous communication protocols[J].Chinese Journal of Networkand Information Security,2020,6(1):11–26

Soykan M,Bölük P S.Tor network detection by using machine learning and artificial neural network[C]//Proceedings of the 2021 International Symposium on Networks,Computers and Communications(ISNCC).Dubai:IEEE,2021:1–4.

Wails R,Sun Yixin,Johnson A,et al.Tempest:Temporal dynamics in anonymity systems[J].Proceedings on Privacy Enhancing Technologies,2018,2018(3):22–42.

Jansen R,Johnson A.Safely measuring Tor[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2016:1553–1567.

陈子涵,程光,徐子恒,等.互联网加密流量检测、分类与识别研究综述[J].计算机学报,2023,46(5):1060–1085.]

Chen Zihan,Cheng Guang,Xu Ziheng,et al.A survey on Internet encrypted traffic detection,classification and identification[J].Chinese Journal of Computers,2023,46(5):1060–1085

Sharma M,Kumar N,Singh V P,et al.Hybrid intelligent feature selector framework for darknet traffic classification[J].Multimedia Tools and Applications,2024,83(14):40337–40360.

Ding Jianwei,Chen Zhouguo.Watermark based Tor cross-domain tracking system for Tor network traceback[M]//Security and Privacy in New Computing Environments .Cham:Springer,2021:54–73.

Wang Meiqi,Li Yanzeng,Wang Xuebin,et al.2ch-TCN:A website fingerprinting attack over Tor using 2-channel temporal convolutional networks[C]//Proceedings of the 2020 IEEE Symposium on Computers and Communications(ISCC).Rennes:IEEE,2020:1–7.

Guan Zhong,Xiong Gang,Li Zhen,et al.ResTor:A pre-processing model for removing the noise pattern in flow correlation[C]//Proceedings of the 2020 IEEE Symposium on Computers and Communications(ISCC).Rennes:IEEE,2020:1–6.

Sarkar D,Vinod P,Yerima S Y.Detection of Tor traffic using deep learning[C]//Proceedings of the 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications(AICCSA).Antalya:IEEE,2020:1–8.

杜捷,何永忠,杜晔.基于改进IPD质心的Tor网络流水印检测方法[J].网络与信息安全学报,2019,5(4):91–98.]

Du Jie,He Yongzhong,Du Ye.Improved method of Tor network flow watermarks based on IPD interval[J].Chinese Journal of Network and Information Security,2019,5(4):91–98

Buitrago López A,Pastor–Galindo J,Gómez Mármol F.Updated exploration of the Tor network:Advertising,availability and protocols of onion services[J].Wireless Networks,2024,30(9):7527–7541.

Li Ji,Gu Chunxiang,Zhang Xieli,et al.AttCorr:A novel deep learning model for flow correlation attacks on Tor[C]//Proceedings of the 2021 IEEE International Conferenceon Consumer Electronics and Computer Engineering(ICCECE).Guangzhou:IEEE,2021:427–430.

Oh S E,Yang Taiji,Mathews N,et al.DeepCoFFEA:Improved flow correlation attacks on Tor via metric learning and amplification[C]//Proceedings of the 2022 IEEE Symposium on Security and Privacy(SP).San Francisco:IEEE,2022:1915–1932.

dos Reis E F,Teytelboym A,ElBahrawy A,et al.Identifying key players in dark web marketplaces through Bitcoin transaction networks[J].Scientific Reports,2024,14:2385.

Sun Yuchen,Luo Xiangyang,Wang Han,et al.A method for identifying Tor users visiting websites based on frequencydomain fingerprinting of network traffic[J].Security and Communication Networks,2022,2022:3306098.

Xia Pengcheng,Yu Zhou,Wang Kailong,et al.The devil behind the mirror:Tracking the campaigns of cryptocurrency abuses on the dark web[EB/OL].(2024–04–07)[2024–12–15].https://arxiv.org/abs/2401.04662v2.

浏览量

317

下载量

CNKI被引量

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据