Hidden Service Circuit Reconstruction Attacks Based on Middle Node Traffic Analysis

Abstract

Traffic analysis is widely considered as an attack posing a threat to anonymity of the communication and may reveal the real identity of the users. In this paper, a novel anonymous circuit reconstruction attack method that correlates the circuit traffic is proposed. This method then reconstructs a complete communication tunnel using the location of middle nodes found between the hidden and client services. The attack process includes independent determination of the location of the malicious nodes. A traffic correlation framework of AutoEncoder + CNN + BiLSTM is established, based on the Generative Adversarial Networks (GAN) model. BiLSTM applies the packet size and packet interval features of bidirectional traffic and combines the reconstruction loss function with the discrimination loss function to achieve correlated traffic evaluation. After balancing the reconstruction loss and discrimination loss scores, the simulation results confirm that the identification performance of the proposed system is higher than the advanced models.