Jiangtao Zhai, Kaijie Zhang, Xiaolong Zeng, Yufei Meng, Guangjie Liu
{"title":"FlowCorrGCN: Enhancing Flow Correlation Through Graph Convolutional Networks and Triplet Networks","authors":"Jiangtao Zhai, Kaijie Zhang, Xiaolong Zeng, Yufei Meng, Guangjie Liu","doi":"10.1155/2024/8823511","DOIUrl":null,"url":null,"abstract":"<div>\n <p>Anonymous network tracing is a significant research subject in the field of network security, and flow correlation technology serves as a fundamental technique for deanonymizing network traffic. Existing flow correlation techniques are considered ineffective and unreliable when applied on a large scale because they exhibit high false-positive rates or require impractically long periods of traffic observation to achieve reliable correlations. To address this issue, this paper proposed an innovative flow correlation approach for the typical and most widely used Tor anonymous network by combining graph convolutional neural networks with triplet networks. Our proposed method involves extracting features such as packet intervals, packet lengths, and directions from Tor network traffic and encoding each flow into a graph representation. The integration of triplet networks enhances the internode relationships, which can effectively fuse flow representations with node associations. The graph convolutional neural network extracts features from the input graph topology, mapping them to distinct representations in the embedding space, thus effectively distinguishing different Tor flows. Experimental results demonstrate that with a false-positive rate as low as 0.1%, the correlation accuracy reaches 86.4%, showcasing a 5.1% accuracy improvement compared to the existing state-of-the-art methods.</p>\n </div>","PeriodicalId":14089,"journal":{"name":"International Journal of Intelligent Systems","volume":null,"pages":null},"PeriodicalIF":5.0000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1155/2024/8823511","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Intelligent Systems","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1155/2024/8823511","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Anonymous network tracing is a significant research subject in the field of network security, and flow correlation technology serves as a fundamental technique for deanonymizing network traffic. Existing flow correlation techniques are considered ineffective and unreliable when applied on a large scale because they exhibit high false-positive rates or require impractically long periods of traffic observation to achieve reliable correlations. To address this issue, this paper proposed an innovative flow correlation approach for the typical and most widely used Tor anonymous network by combining graph convolutional neural networks with triplet networks. Our proposed method involves extracting features such as packet intervals, packet lengths, and directions from Tor network traffic and encoding each flow into a graph representation. The integration of triplet networks enhances the internode relationships, which can effectively fuse flow representations with node associations. The graph convolutional neural network extracts features from the input graph topology, mapping them to distinct representations in the embedding space, thus effectively distinguishing different Tor flows. Experimental results demonstrate that with a false-positive rate as low as 0.1%, the correlation accuracy reaches 86.4%, showcasing a 5.1% accuracy improvement compared to the existing state-of-the-art methods.
匿名网络追踪是网络安全领域的一个重要研究课题,而流量相关技术则是对网络流量进行去匿名化处理的基本技术。现有的流量相关技术在大规模应用时被认为是无效和不可靠的,因为它们表现出很高的假阳性率,或者需要不切实际的长时间流量观察才能实现可靠的相关性。为解决这一问题,本文提出了一种创新的流量关联方法,通过将图卷积神经网络与三重网络相结合,适用于典型的、应用最广泛的 Tor 匿名网络。我们提出的方法包括从 Tor 网络流量中提取数据包间隔、数据包长度和方向等特征,并将每个流量编码为图表示。三重网络的整合增强了节点间的关系,可以有效地将流量表示与节点关联融合在一起。图卷积神经网络从输入的图拓扑中提取特征,将其映射到嵌入空间中的不同表示,从而有效区分不同的 Tor 流量。实验结果表明,假阳性率低至 0.1%,相关性准确率达到 86.4%,与现有的先进方法相比,准确率提高了 5.1%。
期刊介绍:
The International Journal of Intelligent Systems serves as a forum for individuals interested in tapping into the vast theories based on intelligent systems construction. With its peer-reviewed format, the journal explores several fascinating editorials written by today''s experts in the field. Because new developments are being introduced each day, there''s much to be learned — examination, analysis creation, information retrieval, man–computer interactions, and more. The International Journal of Intelligent Systems uses charts and illustrations to demonstrate these ground-breaking issues, and encourages readers to share their thoughts and experiences.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
