CN107276978A - A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method - Google Patents

A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method Download PDF

Info

Publication number
CN107276978A
CN107276978A CN201710278624.3A CN201710278624A CN107276978A CN 107276978 A CN107276978 A CN 107276978A CN 201710278624 A CN201710278624 A CN 201710278624A CN 107276978 A CN107276978 A CN 107276978A
Authority
CN
China
Prior art keywords
finger print
print information
service
main frame
anonymizing networks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710278624.3A
Other languages
Chinese (zh)
Other versions
CN107276978B (en
Inventor
王学宾
谭庆丰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201710278624.3A priority Critical patent/CN107276978B/en
Publication of CN107276978A publication Critical patent/CN107276978A/en
Application granted granted Critical
Publication of CN107276978B publication Critical patent/CN107276978B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/146Tracing the source of attacks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of Anonymizing networks of Intrusion Detection based on host fingerprint and hides service source tracing method, and its step includes:1) the main frame finger print information storehouse of global ip v4 address spaces is built;The finger print information and set identifier of network service of the finger print information of each of which main frame by all operations on the host;2) finger print information that Anonymizing networks hide the open port of service is extracted;The finger print information that each of which Anonymizing networks hide service is hidden the finger print information and set identifier for servicing open all of the port by this;3) finger print information that the Anonymizing networks of said extracted hide service is matched in the main frame finger print information storehouse of the global ip v4 address spaces, traced to the source with realizing that Anonymizing networks hide service.It the method increase Anonymizing networks and hide the efficiency that service is traced to the source, while can be widely applied to criminal offence of the strike using Anonymizing networks.

Description

A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method
Technical field
Traced to the source direction, more particularly to a kind of anonymity of Intrusion Detection based on host fingerprint the present invention relates to information security field network attack Network concealed service source tracing method.
Background technology
Anonymous communication technology is widely used in the various aspects of internet as a kind of main privacy enhancement technology, existing Some anonymous communication technologies mainly change message by repeatedly storage forwarding (utilizing Mix networks and Onion Routing) Outward appearance (message delay, out of order, message filling etc.), and the corresponding relation between the flush mechanism elimination message of Mix networks is utilized, from And secret protection is provided for online user, typical low time delay anonymous communication system includes Tor, I2P etc..
These anonymous communication systems provide not only the protection to the identity information of Internet user, while realizing pair The identity information protection of ISP, they allow user to provide net on the premise of being not leaked ensuring server ip Network is serviced.The hiding network service that these are implemented on anonymous communication system by we is referred to as " darknet ".Such as Tor Hidden Service, I2P Eepsites.
However, the unique anonymity of the Anonymizing networks such as Tor is while normal users privacy is protected, be also terrorist, The illegal transaction such as rumour producer, network attack person and drugs, pornographic is provided convenience.The report of Card Buskie laboratory shows It has been shown that, Tor darknets are into the sanctuary of Botnet, Malware commander server and network black market, since 2013, hide Hide in the illegal service increasing fast of Tor networks, Card Buskie laboratory has discovered that at least 900 illegal service (bags Include drug trade website silk road, Botnet zombie etc.) Tor networks are used, employ 5500 service relay sections altogether Point and 1000 Egress nodes.Research finds have up to 32% anonymous service to be related to pornographic and drugs in Tor networks and hand over Easily.In addition, anonymous communication instrument is typically used to transmission sensitive information, issue rumour etc., such as:Harvard student is dissipated by Tor Bomb rumour is broadcast, graceful in Wiki leakage is exactly rather that, by Tor network exchange sensitive informations, Snowdon uses the operation based on Tor System Tails transmits information.
The current method traced to the source for the hiding service of Anonymizing networks is mainly based upon passive flow point analysis or protocol bug Method, also has a few thing to have studied a kind of anonymity crack method based on the attribute such as unique ID in configuration, web page contents.Base Attacker is needed while controlling the Ingress node (Entry of Anonymizing networks link in the anonymity breaking techniques of main passive flow point analysis Guard), so as to monitor that Internet user enters Anonymizing networks Ingress node and hides the Ingress node of service, then using hideing The method that the time of name network traffics and bag size characteristic are associated, although this method has very high accuracy, is attacked The person of hitting can control the probability of the entrance and exit node of Anonymizing networks very low simultaneously, and protocol bug method is usually also opened Hair personnel repair.
The content of the invention
Service source tracing method is hidden it is an object of the invention to provide a kind of Anonymizing networks of Intrusion Detection based on host fingerprint, this method is carried High Anonymizing networks hide the efficiency that service is traced to the source, while can be widely applied to the criminal offence of strike utilization Anonymizing networks.
For above-mentioned purpose, the technical solution adopted in the present invention is:
A kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method, and its step includes:
1) the main frame finger print information storehouse of global ip v4 address spaces is built;The fingerprint of each of which main frame (IPv4 addresses) The finger print information and set identifier of network service of the information by all operations on the host;
2) finger print information that Anonymizing networks hide the open port of service is extracted;Each of which Anonymizing networks hide service Finger print information the finger print information and set identifier of the open all of the port of service is hidden by this;
3) Anonymizing networks of said extracted are hidden to main frame of the finger print information in the global ip v4 address spaces of service Matched, traced to the source with realizing that Anonymizing networks hide service in finger print information storehouse.
Further, step 1) in using a kind of Internet (IPv4 address spaces) main frame fingerprint mask method come Build the main frame finger print information storehouse of global ip v4 address spaces.
Further, the main frame fingerprint mask method of the Internet refers to:For each main frame, pass through Zmap network scanners recognize the port that the main frame is opened, and extract the fingerprint letter of the network service of operation on the host Breath.
Further, the finger print information of the network service refers to the cryptographic Hash of network service institute intrinsic information.
Further, step 1) and step 2) described in finger print information include HTTP, HTTPS, SSH, IMAP (s), POP3 (s), the finger print information of BitCoin network services.
Further, step 3) it is middle using finger print information method for quickly querying the hideing said extracted based on inverted index The finger print information of the network concealed service of name is matched in the main frame finger print information storehouse of the global ip v4 address spaces.
Further, the finger print information method for quickly querying based on inverted index refers to:To step 1) middle acquisition Each main frame finger print information, using the finger print information of each network port as keyword, main frame as codomain build fall arrange Search index dictionary, and the query steps 2 in the inverted index queries dictionary) the middle hiding fingerprint serviced of the Anonymizing networks extracted Information, the corresponding Query Result of all finger print informations is done to occur simultaneously obtaining the IPv4 address sets that Anonymizing networks hide service.
The beneficial effects of the present invention are:The present invention provides a kind of hiding service of Anonymizing networks of Intrusion Detection based on host fingerprint and traced to the source Method, this method gathers the finger print information of each IPv4 host address first with large scale network main frame scan method, comes Build the main frame finger print information storehouse of global ip v4 address spaces;Secondly, the finger print information that Anonymizing networks hide service is extracted, and Matched in the main frame finger print information storehouse of global ip v4 address spaces, illustrate that the service of hiding is located at certain if the match is successful On individual IPv4 addresses, so as to crack its anonymity, tracing to the source for the service of hiding is realized.This method has the following advantages that:
1st, carry out the hiding service of Anonymizing networks using main frame finger print information to trace to the source, it is not necessary to control any section of Anonymizing networks Point, reduces Anonymizing networks and hides the charge costs that service is traced to the source;
2nd, main frame finger print information and Anonymizing networks are hidden service finger print information and easily obtained, it is not necessary to appointing in Anonymizing networks What flow information, solves the problems, such as data acquisition;
3rd, this method need only to main frame finger print information and Anonymizing networks hide service finger print information can carry out anonymity Property crack, significantly reduce Anonymizing networks and hide the difficulty traced to the source of service.
Brief description of the drawings
Fig. 1 is that a kind of Anonymizing networks of Intrusion Detection based on host fingerprint of the invention hide service source tracing method flow chart.
Fig. 2 hides the process schematic of the IPv4 addresses of service for present invention inquiry Anonymizing networks.
Fig. 3 hides service source tracing method idiographic flow for the Anonymizing networks of the Intrusion Detection based on host fingerprint of one embodiment of the invention Figure.
Embodiment
To enable the features described above and advantage of the present invention to become apparent, special embodiment below, and coordinate institute's accompanying drawing work Describe in detail as follows.
The present invention provides a kind of Anonymizing networks of Intrusion Detection based on host fingerprint and hides service source tracing method, as shown in figure 1, its step Including:
1) the main frame finger print information storehouse of global ip v4 address spaces is built.
The present invention proposes a kind of main frame fingerprint mask method of Internet, i.e., for each main frame, pass through The network scanners such as Zmap, recognize the port that the main frame is opened, extract operation HTTP on the host, HTTPS, SSH, The finger print information of the network services such as IMAP (s), POP3 (s), BitCoin;The finger print information of each of which main frame is by all fortune The finger print information and set identifier of the network service of row on the host.And the network service finger print information that the present invention is extracted is The cryptographic Hash of the intrinsic information of the network service of a certain main frame, the finger print information does not change with the change of time and client Become, such as HTTP Server type, version, protocol header, HTTPS Server type, version, protocol header, certificate information, SSH public key information etc., its main frame fingerprint generating algorithm (i.e. algorithm 1) is as shown in table 1.The algorithm is by all openings of each main frame Port network service finger print information union be used for uniquely mark the main frame, its target output be by main frame and certain fingerprint Information aggregate is associated, and is formed<IPv4,C>The information bank of form, and then build the main frame fingerprint of global ip v4 address spaces Information bank;Wherein IPv4 is used to identify main frame, and C is used for the set of fingerprint information for identifying the main frame.
2) finger print information that Anonymizing networks hide service is extracted.
The present invention proposes a kind of finger print information extracting method that service is hidden towards Anonymizing networks, to extract Anonymizing networks Hide the finger print information of service.Service is hidden for Anonymizing networks, whether is survived by a certain hiding service of quick scanning recognition, And verify whether particular port opens, then extract the finger print information of open port;Each of which Anonymizing networks hide clothes The finger print information of business is hidden the finger print information and set identifier of the open all of the port of service by this.The finger print information of the extraction Include the finger print information of the network service such as HTTP, HTTPS, SSH, IMAP (s), POP3 (s), BitCoin.Its Anonymizing networks is hidden Service fingerprint generating algorithm (i.e. algorithm 2) as shown in table 2.The algorithm hides each Anonymizing networks the port of all openings of service Network service finger print information union be used for uniquely mark the Anonymizing networks hide service, its target output be by anonymous net The network service of hiding is associated with certain set of fingerprint information, is formed<Onion,F>The information bank of form;Wherein Onion is used to mark Know Anonymizing networks and hide service, F is used to identify the set of fingerprint information that the Anonymizing networks hide service.
Table 1:Main frame fingerprint generating algorithm
Table 2:Anonymizing networks hide service fingerprint generating algorithm
3) Anonymizing networks of said extracted are hidden to main frame of the finger print information in the global ip v4 address spaces of service Matched in finger print information storehouse;Illustrate that the Anonymizing networks service of hiding is located on some IPv4 address if the match is successful, So as to crack its anonymity, realize that Anonymizing networks hide tracing to the source for service.
Table 3:Set up the main frame finger print information Inversed File Retrieval Algorithm of global ip v4 address spaces
Table 4:Anonymizing networks hide service finger print information Fast Match Algorithm
The present invention proposes a kind of Anonymizing networks and hides service finger print information Fast Match Algorithm, by hideing for said extracted The finger print information of the network concealed service of name is matched in the main frame finger print information storehouse of the global ip v4 address spaces.The calculation Method is the finger print information method for quickly querying based on inverted index, i.e., to step 1) in obtain each main frame finger print information, Using the finger print information of each network port as keyword, main frame as codomain build inverted index queries dictionary, and fallen at this Arrange query steps 2 in search index dictionary) the middle hiding finger print information serviced of the Anonymizing networks extracted, by all finger print informations pair The Query Result answered, which does to occur simultaneously, obtains the IPv4 address sets that Anonymizing networks hide service.It sets up global ip v4 address spaces Main frame finger print information Inversed File Retrieval Algorithm (i.e. algorithm 3) as shown in table 3, hide service finger print information Rapid matching and calculate by Anonymizing networks Method (i.e. algorithm 4) is as shown in table 4.The input of wherein algorithm 3 is step 1) build global ip v4 address spaces main frame fingerprint Information bank, to each main frame in main frame finger print information storehouse, using the finger print information of each network port as keyword, main frame make Inverted index queries dictionary is built for codomain, facilitates and is inquired about.The inverted index queries dictionary will have identical fingerprints information Host ip v4 address sets as current finger print information codomain, when give some Anonymizing networks hide service finger print information When, by inquiring about the inverted index queries dictionary, the finger print information can be obtained within a short period of time corresponding all possible Host ip v4 address sets, are greatly enhanced search efficiency.The input of algorithm 4 is the fingerprint letter that some Anonymizing networks hides service Set F is ceased, to each finger print information f in set F, the inverted index queries dictionary that search algorithm 3 is built successively refers to all The corresponding Query Result of line information carries out intersection set operation, then obtains the IPv4 address sets S that the Anonymizing networks hide service.
Fig. 2 is refer to, this Figure illustrates the set of fingerprint information F that a given Anonymizing networks hide service, the inquiry whole world The main frame finger print information storehouse output Anonymizing networks of IPv4 address spaces hide the process of service IPv4 addresses, and the F is anonymous net Network hides the set of fingerprint information of service, and each finger print information is represented using f.For example some Anonymizing networks service of hiding is opened 22nd, 443,80 3 ports, the finger print information of three ports uses f respectively1、f2、f3Represent.By three finger print informations respectively from base Corresponding IPv4 set is inquired about in the inverted index queries dictionary that the main frame finger print information storehouse of global ip v4 address spaces is built, S is denoted as respectively1、S2、S3, then it is then S that the Anonymizing networks, which hide the corresponding IPv4 addresses of service,1∩S2∩S3
The inventive method, other Anonymizing networks such as I2P Anonymizing networks are illustrated by taking Tor Anonymizing networks as an example below Key step, method it is all consistent with Tor Anonymizing networks.
Fig. 3 is refer to, for Tor Anonymizing networks, is comprised the following steps using the inventive method:
The first step, builds the main frame finger print information storehouse of global ip v4 address spaces;It is specifically included:
1) add blacklist, i.e., for before Alex rankings 1,000,000 domain name corresponding to IPv4 addresses setting blacklist, with Skip the scanning of these IPv4 addresses.
2) common port (such as HTTP, HTTPS, SSH, the IMAP to IPv4 address spaces such as Open-Source Tools Zmap are utilized (s), POP3 (s), BitCoin) carry out the whole network scanning.
3) it is based on step 1), the scanning validation of protocol level is further carried out to each IPv4 ports opened, to extract Protocol characteristic code, such as the HTTPS agreements for No. 443 ports extract its certificate information.
4) the main frame finger print information storehouse of global ip v4 address spaces is built, and is set up using Redis clusters with each network The finger print information of port as keyword, main frame as codomain inverted index queries dictionary, wherein setting up global ip v4 addresses The main frame finger print information Inversed File Retrieval Algorithm (i.e. algorithm 3) in space is as shown in table 3.
Second step:Extract the finger print information that Anonymizing networks hide service;It is specifically included:
1) the common port that each Anonymizing networks hides service is quickly scanned.
2) it is based on step 1), each Anonymizing networks are hidden with the scanning that the open port of service further carries out protocol level Checking, to extract protocol characteristic code, such as the HTTPS agreements for No. 443 ports extract its certificate information.
3) according to step 2) Anonymizing networks that extract hide the condition code generation finger print information of service, and Anonymizing networks are hidden The service of Tibetan is associated with its set of fingerprint information, is designated as<Onion,F>, wherein Onion represent Anonymizing networks hide service, F It is the set of fingerprint information that the Anonymizing networks hide service, each finger print information is represented using f.For example some Anonymizing networks is hidden Service has opened 22,443,80 3 ports, and the finger print information of three ports uses f respectively1、f2、f3Represent.
3rd step:The Anonymizing networks of said extracted are inquired about from the main frame finger print information storehouse of the global ip v4 address spaces Hide the finger print information of service.The Anonymizing networks are inquired about using algorithm 3 and hide the IPv4 addresses corresponding to servicing, and are hidden with cracking it Name property, realizes that Anonymizing networks hide tracing to the source for service.
Implement to be merely illustrative of the technical solution of the present invention rather than be limited above, the ordinary skill people of this area Member can modify or equivalent substitution to technical scheme, without departing from the spirit and scope of the present invention, this hair Bright protection domain should be to be defined described in claims.

Claims (7)

1. a kind of Anonymizing networks of Intrusion Detection based on host fingerprint hide service source tracing method, its step includes:
1) the main frame finger print information storehouse of global ip v4 address spaces is built;The finger print information of each of which main frame is by all operations The finger print information and set identifier of network service on the host;
2) finger print information that Anonymizing networks hide the open port of service is extracted;Each of which Anonymizing networks hide the finger of service Line information is hidden the finger print information and set identifier of the open all of the port of service by this;
3) Anonymizing networks of said extracted are hidden to main frame fingerprint of the finger print information in the global ip v4 address spaces of service Matched, traced to the source with realizing that Anonymizing networks hide service in information bank.
2. the method as described in claim 1, it is characterised in that step 1) the middle main frame fingerprint mark side using Internet Method builds the main frame finger print information storehouse of global ip v4 address spaces.
3. method as claimed in claim 2, it is characterised in that the main frame fingerprint mask method of the Internet refers to: For each main frame, the port that the main frame is opened is recognized by Zmap network scanners, and extract operation on the host Network service finger print information.
4. method as claimed in claim 2, it is characterised in that the finger print information of the network service refers to that network service is consolidated There is the cryptographic Hash of information.
5. the method as described in claim 1, it is characterised in that step 1) and step 2) described in finger print information include HTTP, HTTPS, SSH, IMAP (s), POP3 (s), the finger print information of BitCoin network services.
6. the method as described in claim 1, it is characterised in that step 3) it is middle quick using the finger print information based on inverted index Querying method refers to the finger print information that the Anonymizing networks of said extracted hide service in the main frame of the global ip v4 address spaces Matched in line information bank.
7. method as claimed in claim 6, it is characterised in that the finger print information method for quickly querying based on inverted index Refer to:To step 1) in the finger print information of each main frame that obtains, using the finger print information of each network port as keyword, master Machine builds inverted index queries dictionary, and the query steps 2 in the inverted index queries dictionary as codomain) the middle anonymity extracted The finger print information of network concealed service, does common factor by the corresponding Query Result of all finger print informations and obtains the hiding service of Anonymizing networks IPv4 address sets.
CN201710278624.3A 2017-04-25 2017-04-25 A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint Active CN107276978B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710278624.3A CN107276978B (en) 2017-04-25 2017-04-25 A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710278624.3A CN107276978B (en) 2017-04-25 2017-04-25 A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint

Publications (2)

Publication Number Publication Date
CN107276978A true CN107276978A (en) 2017-10-20
CN107276978B CN107276978B (en) 2019-12-03

Family

ID=60074005

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710278624.3A Active CN107276978B (en) 2017-04-25 2017-04-25 A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint

Country Status (1)

Country Link
CN (1) CN107276978B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110825950A (en) * 2019-09-25 2020-02-21 中国科学院信息工程研究所 Hidden service discovery method based on meta search
CN111628993A (en) * 2020-05-26 2020-09-04 中国电子科技集团公司第五十四研究所 Network spoofing defense method and device based on host fingerprint hiding
CN111801925A (en) * 2018-02-13 2020-10-20 区块链控股有限公司 Block chain based system and method for propagating data in a network
CN112887329A (en) * 2021-02-24 2021-06-01 北京邮电大学 Hidden service tracing method and device and electronic equipment
CN115242674A (en) * 2022-07-25 2022-10-25 上海交通大学 Hidden service tracking system based on Tor protocol time sequence characteristics
CN115296891A (en) * 2022-08-02 2022-11-04 中国电子科技集团公司信息科学研究院 Data detection system and data detection method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101252592A (en) * 2008-04-14 2008-08-27 ***电信传输研究所 Method and system for tracing network source of IP network
CN102045163A (en) * 2009-10-15 2011-05-04 中兴通讯股份有限公司 Source-tracing method and system for anonymous communication
CN105430109A (en) * 2015-10-30 2016-03-23 电子科技大学 Internet data center IP address searching method based on flow behavior characteristics
CN105915505A (en) * 2016-03-31 2016-08-31 中国科学院信息工程研究所 Anonymous network user traceablility method based on TCP/IP side channel
CN106506274A (en) * 2016-11-08 2017-03-15 东北大学秦皇岛分校 A kind of efficient single bag source tracing method of dynamic extending

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101252592A (en) * 2008-04-14 2008-08-27 ***电信传输研究所 Method and system for tracing network source of IP network
CN102045163A (en) * 2009-10-15 2011-05-04 中兴通讯股份有限公司 Source-tracing method and system for anonymous communication
CN105430109A (en) * 2015-10-30 2016-03-23 电子科技大学 Internet data center IP address searching method based on flow behavior characteristics
CN105915505A (en) * 2016-03-31 2016-08-31 中国科学院信息工程研究所 Anonymous network user traceablility method based on TCP/IP side channel
CN106506274A (en) * 2016-11-08 2017-03-15 东北大学秦皇岛分校 A kind of efficient single bag source tracing method of dynamic extending

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111801925A (en) * 2018-02-13 2020-10-20 区块链控股有限公司 Block chain based system and method for propagating data in a network
CN111801925B (en) * 2018-02-13 2023-04-18 区块链控股有限公司 Block chain based system and method for propagating data in a network
CN110825950A (en) * 2019-09-25 2020-02-21 中国科学院信息工程研究所 Hidden service discovery method based on meta search
CN110825950B (en) * 2019-09-25 2022-05-17 中国科学院信息工程研究所 Hidden service discovery method based on meta search
CN111628993A (en) * 2020-05-26 2020-09-04 中国电子科技集团公司第五十四研究所 Network spoofing defense method and device based on host fingerprint hiding
CN111628993B (en) * 2020-05-26 2022-01-21 中国电子科技集团公司第五十四研究所 Network spoofing defense method and device based on host fingerprint hiding
CN112887329A (en) * 2021-02-24 2021-06-01 北京邮电大学 Hidden service tracing method and device and electronic equipment
CN115242674A (en) * 2022-07-25 2022-10-25 上海交通大学 Hidden service tracking system based on Tor protocol time sequence characteristics
CN115242674B (en) * 2022-07-25 2023-08-04 上海交通大学 Hidden service tracking system based on Torr protocol time sequence characteristic
CN115296891A (en) * 2022-08-02 2022-11-04 中国电子科技集团公司信息科学研究院 Data detection system and data detection method
CN115296891B (en) * 2022-08-02 2023-12-22 中国电子科技集团公司信息科学研究院 Data detection system and data detection method

Also Published As

Publication number Publication date
CN107276978B (en) 2019-12-03

Similar Documents

Publication Publication Date Title
CN107276978B (en) A kind of hiding service source tracing method of the Anonymizing networks of Intrusion Detection based on host fingerprint
Singh et al. Issues and challenges in DNS based botnet detection: A survey
Le et al. Phishdef: Url names say it all
Azeez et al. Identifying phishing attacks in communication networks using URL consistency features
Kontaxis et al. Detecting social network profile cloning
US20210258791A1 (en) Method for http-based access point fingerprint and classification using machine learning
Yu et al. Modeling malicious activities in cyber space
CN110493208A (en) A kind of DNS combination HTTPS malice encryption method for recognizing flux of multiple features
Besel et al. Full cycle analysis of a large-scale botnet attack on Twitter
CN114866486B (en) Encryption traffic classification system based on data packet
Danezis Traffic Analysis of the HTTP Protocol over TLS
CN105939327A (en) Auditing log generation method and device
Zhong et al. Stealthy malware traffic-not as innocent as it looks
Singh et al. Detection and prevention of phishing attack using dynamic watermarking
US8910281B1 (en) Identifying malware sources using phishing kit templates
Xu et al. Obfuscated tor traffic identification based on sliding window
Dhanalakshmi et al. Detection of phishing websites and secure transactions
Sundaresan et al. Profiling underground merchants based on network behavior
Vara et al. Based on URL feature extraction identify malicious website using machine learning techniques
Gupta et al. Abusing phone numbers and cross-application features for crafting targeted attacks
Parekh et al. Spam URL detection and image spam filtering using machine learning
US12041076B2 (en) Detecting visual similarity between DNS fully qualified domain names
Yazhmozhi et al. Natural language processing and Machine learning based phishing website detection system
Egan et al. An evaluation of lightweight classification methods for identifying malicious URLs
Khadir et al. Efforts and Methodologies used in Phishing Email Detection and Filtering: A Survey.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant