網路攻防──暗網流量偵測

溫明浩　陳柏文　徐彥旻　周晁德

黃平瑋　蔡盺宇　劉記良�　

Outline

• Motivation&Background
• Framework
• Contribution&Conclusion

​

Overall Tor usage has more than �doubled from 2012-2013 to 2015.

Problems with Dark Web

Child pornography

Guns

Trading of endangered species

​

Drugs

​

Network Packet

​

​

• A network packet is a formatted unit of data carried by a packet-switched network.
• A packet consists of control information
• Header & Payload.

​

​

Packet Detection

​

• Selected Feature
• Task A : Flow IAT Min, Bwd IAT Std, Bwd IAT Mean, Bwd IAT Max
• Task B : Flow Duration, Flow Bytes/s, Flow IAT Mean, Flow IAT Max, � Flow IAT Min, Fwd IAT Mean, Fwd IAT Max, Fwd IAT Min, � Bwd IAT Min�IAT : inter-arrival time

Reference : Characterization of Tor Traffic using Time based Features, 2017

Packet Classification

​

• Machine Learning methods
• KNN
• Decision Tree
• Random Forest

​

Content

• Problem Description
• Methods
• Packet Detection
• Packet Classification
• Source code structure
• Experiment & Result
• Contribution

Source Code Structure

• ​

Content

• Problem Description
• Methods
• Packet Detection
• Packet Classification
• Source code structure
• Experiment & Result
• Contribution

Experiment

​

​

​

​

(our work / paper work)

​

Framework

Responsive web design(RWD)

Flow analysis

EXPRESS

REACT

• EXPRESS calls Python
• Python yields prediction and generates JSON format files
• EXPRESS reads JSON format files and passes them to REACT

EXPRESS

REACT

Online Flow analysis

EXPRESS

REACT

• Use tcpdump to dump pcap periodically
• EXPRESS calls Python
• Python yields prediction and generates JSON format files
• EXPRESS reads JSON format files and passes them to REACT

EXPRESS

REACT

Contribution&Conclusion

​

​

• Dark Web flow detection as a web service
• Intuitive interface for users
• On-line tracking mode

DEMO TIME!

QA