基于距离的网络活动相关性框架，用于击败匿名重叠

IF 8.1 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Sciences Pub Date : 2024-10-17 DOI:10.1016/j.ins.2024.121559

{"title":"基于距离的网络活动相关性框架，用于击败匿名重叠","authors":"","doi":"10.1016/j.ins.2024.121559","DOIUrl":null,"url":null,"abstract":"<div><div>As the effectiveness of modern Internet-based anonymization infrastructures grows, law enforcement agencies are experiencing a progressive erosion of their surveillance capabilities. This can severely undermine their efforts to prevent and investigate various types of unlawful activities, potentially increasing the impunity of organized criminal networks. Balancing the legitimate privacy needs of individuals with the imperative to maintain public safety and combat criminal behavior in the digital world remains a complex tradeoff for both policymakers and technologists who need to find a systematic and reliable way to link the traffic traces associated with criminal activities to their anonymized origins. Accordingly, this paper presents a simple but very effective de-anonymization approach capable of associating traffic traces captured at the edge of the overlay infrastructures, in correspondence with the true origins, to those captured in correspondence with the destinations. The approach is based on determining the minimum-distance pairs within a complete bipartite graph in which the traffic traces are the nodes. Experiments with different distance functions, applied in varied ways, show that the resulting framework appears to be a promising solution that is scalable and easily deployable on real-life network equipment.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":null,"pages":null},"PeriodicalIF":8.1000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A distance-based network activity correlation framework for defeating anonymization overlays\",\"authors\":\"\",\"doi\":\"10.1016/j.ins.2024.121559\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>As the effectiveness of modern Internet-based anonymization infrastructures grows, law enforcement agencies are experiencing a progressive erosion of their surveillance capabilities. This can severely undermine their efforts to prevent and investigate various types of unlawful activities, potentially increasing the impunity of organized criminal networks. Balancing the legitimate privacy needs of individuals with the imperative to maintain public safety and combat criminal behavior in the digital world remains a complex tradeoff for both policymakers and technologists who need to find a systematic and reliable way to link the traffic traces associated with criminal activities to their anonymized origins. Accordingly, this paper presents a simple but very effective de-anonymization approach capable of associating traffic traces captured at the edge of the overlay infrastructures, in correspondence with the true origins, to those captured in correspondence with the destinations. The approach is based on determining the minimum-distance pairs within a complete bipartite graph in which the traffic traces are the nodes. Experiments with different distance functions, applied in varied ways, show that the resulting framework appears to be a promising solution that is scalable and easily deployable on real-life network equipment.</div></div>\",\"PeriodicalId\":51063,\"journal\":{\"name\":\"Information Sciences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":8.1000,\"publicationDate\":\"2024-10-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Sciences\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0020025524014737\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"0\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025524014737","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

随着基于互联网的现代匿名基础设施的有效性不断提高，执法机构的监控能力正在逐步削弱。这可能会严重削弱他们预防和调查各类非法活动的努力，有可能使有组织犯罪网络更加逍遥法外。平衡个人的合法隐私需求与维护公共安全和打击数字世界犯罪行为的必要性，对于政策制定者和技术专家来说仍然是一个复杂的权衡问题，他们需要找到一种系统可靠的方法，将与犯罪活动相关的流量痕迹与其匿名来源联系起来。因此，本文提出了一种简单但非常有效的去匿名化方法，能够将在重叠基础设施边缘捕获的与真实来源相对应的流量轨迹与捕获的与目的地相对应的流量轨迹联系起来。该方法的基础是确定一个完整的双向图中的最小距离对，其中的流量轨迹是节点。以不同方式应用不同距离函数的实验表明，由此产生的框架似乎是一种很有前途的解决方案，可在现实生活中的网络设备上进行扩展和轻松部署。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A distance-based network activity correlation framework for defeating anonymization overlays

As the effectiveness of modern Internet-based anonymization infrastructures grows, law enforcement agencies are experiencing a progressive erosion of their surveillance capabilities. This can severely undermine their efforts to prevent and investigate various types of unlawful activities, potentially increasing the impunity of organized criminal networks. Balancing the legitimate privacy needs of individuals with the imperative to maintain public safety and combat criminal behavior in the digital world remains a complex tradeoff for both policymakers and technologists who need to find a systematic and reliable way to link the traffic traces associated with criminal activities to their anonymized origins. Accordingly, this paper presents a simple but very effective de-anonymization approach capable of associating traffic traces captured at the edge of the overlay infrastructures, in correspondence with the true origins, to those captured in correspondence with the destinations. The approach is based on determining the minimum-distance pairs within a complete bipartite graph in which the traffic traces are the nodes. Experiments with different distance functions, applied in varied ways, show that the resulting framework appears to be a promising solution that is scalable and easily deployable on real-life network equipment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.