Powered by OpenAIRE graph
Found an issue? Give us feedback
Claim

This Research product is the result of merged Research products in OpenAIRE.

You have already added 0 works in your ORCID record related to the merged Research product.

Выявление доступа к запрещенным сайтам путём анализа трафика Tor с помощью методов машинного обучения

выпускная квалификационная работа специалиста
descriptionPublicationkeyboard_double_arrow_right Other literature type 01 Jan 2020 Russian Publisher:Санкт-Петербургский политехнический университет Петра Великого

doi: 10.18720/spbpu/3/2020/vr/vr20-5092

Выявление доступа к запрещенным сайтам путём анализа трафика Tor с помощью методов машинного обучения

Abstract

Тема выпускной квалификационной работы: "Выявление доступа к запрещенным сайтам путём анализа трафика Tor с помощью методов машинного обучения". Данная работа посвящена анализу применимости методов машинного обучения для деанонимизации трафика сети Tor. Задачи, которые решались в ходе исследования: 1) проведение анализа архитектуры сети Tor; 2) проведение анализа существующих методов машинного обучения; 3) проведение анализа методов сокращения количества метрик сетевых пакетов; 4) проведение экспериментов с различными методами машинного обучения; 5) проведение анализа качества обнаружения сетевых пакетов, содержащих запросы к запрещенным сайтам. В данной работе была собрана выборка с трафиком к запрещенным и легитимным сайтам. Для получения метрик сайта использовался инструмент CICFlowMeter, позволяющий получить временные характеристики. Для проведения экспериментов с методами машинного обучения и методами сокращения размерности использовался инструмент Weka. В результате методом RandomForest в комбинации с WrapperSubsetEval достигается максимальная точность в 98%. Так же были проведены эксперименты по определению конкретного сайта. Наилучший результат с точностью в 69% был достигнут с помощью алгоритма RandomForest. Данные результаты могут быть применены в системах, фильтрующих трафик на стороне провайдера.

The subject of the graduate qualification work is “Identify access to banned sites by analyzing Tor traffic using machine learning methods”. The given work is devoted to the analysis of the applicability of machine learning methods to deanonymize Tor network traffic. The research set the following goals: 1) analyzing the architecture of the Tor network; 2) analyzing existing machine learning methods; 3) analyzing methods for selecting features network packets; 4) conducting experiments with various machine learning methods; 5) analyzing the quality of detection of network packets containing requests to banned sites. In this work, a sample was collected with traffic to banned and legitimate sites. To get site metrics, we used the CICFlowMeter tool, which allows us to get temporary characteristics. The Weka tool was used to conduct experiments with machine learning methods and selection features methods. As a result, the RandomForest method in combination with WrapperSubsetEval achieves a maximum accuracy of 98%. Experiments were also conducted to determine a specific site. The best result with 69% accuracy was achieved using the RandomForest algorithm. These results can be applied in systems that filter traffic on the provider side.

Keywords

Машинное обучение, Информационные системы, методы сокращения параметров трафика tor, traffic analysis, методы классификации weka, Информация, анализ трафика, feature selection of tor traffic, weka classification methods

  • BIP!
    Impact byBIP!
    citations
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
citations
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average
Related to Research communities
Energy Planning
Knowmad Institut
Upload OA version
Are you the author? Do you have the OA version of this publication?
uploadUpload now!