In order to effectively supervise, trace, and obtain evidence of cybercrime activities, an effective flow identification method for SS is needed. This allows criminals to engage in data theft, pornography, and Internet Illegal cyber activities such as attacks and dark web transactions provide convenience. Thus it is often used to penetrate firewalls and bypass supervision and review. SS is simple to deploy, has good communication quality, strong anonymity, high security, and is not easy to be monitored. A typical anonymous proxy system is Shadowsocks (SS). In anonymous communication technology, anonymous proxy is a secure communication technology that uses cloud virtual private server (VPS) to encrypt user communication data and hide user identity. This includes technologies such as the Transport Layer Security (TLS), Virtual Private Network (VPN) and anonymous communication. In order to protect data security and privacy in network data communications, more and more traffic is encrypted for transmission. Therefore, research on mobile Internet security and mobile Internet traffic analysis is very important. For many people, mobile devices are their only way to connect to the Internet. By the end of 2019, 3.8 billion people are expected to use mobile Internet . According to relevant statistics, nearly half of the world’s population uses mobile networks. In recent years, more and more users are using the mobile Internet. On the data sets collected by different smart phones, our work has achieved an accuracy of 80.4%, which has certain practicality. Experimental results show that our system can achieve an accuracy of 94.5% on the same smart phone. This feature can effectively reduce the impact on smart phone differences without reducing the accuracy of the same individual device application traffic recognition, while maintaining the characteristics of the application as much as possible, thereby greatly improve our traffic recognition the robustness of the system. In this paper, we propose an application over Shadowsocks’s traffic identification system, which adds the sliding window JS divergence feature on the basis of the traditional statistics and distribution based on traffic packet length and timestamp. If there is a traffic identification system that can identify applications over Shadowsocks, it can greatly facilitate the supervision, traceability, and evidence collection of cybercrime activities. As an effective tool for penetrating firewalls and bypassing supervision and censorship, Shadowsocks is widely used, and there are also illegal network activists.
0 Comments
Leave a Reply. |