Tor is an anonymous Internet communication system based on the second generation of onion routing network protocol. Using Tor is really difficult to trace the users Internet activity: this is the reason why the usage of Tor is intended in order to protect the privacy of users, their freedom and the ability to conduct confidential communications without being monitored. Tor is even more used by cyber-criminals in order to cover their illegal activities: the Tor community has observed, for instance an alarming increase in the number of malware that abuse of the popular anonymizing network to hide their command and control infrastructures. In this paper we present a technique able to identify whether an host is generating Tor-related traffic. We resort to well-known machine learning algorithms in order to evaluate the effectiveness of the proposed feature set in a real world environment. In addition we demonstrate that the proposed method is able to recognize the kind of activity (e.g., email or P2P applications) the user under analysis is doing on the Tor network.

Tor traffic analysis and detection via machine learning techniques

Vercelli, Gianni
2017

Abstract

Tor is an anonymous Internet communication system based on the second generation of onion routing network protocol. Using Tor is really difficult to trace the users Internet activity: this is the reason why the usage of Tor is intended in order to protect the privacy of users, their freedom and the ability to conduct confidential communications without being monitored. Tor is even more used by cyber-criminals in order to cover their illegal activities: the Tor community has observed, for instance an alarming increase in the number of malware that abuse of the popular anonymizing network to hide their command and control infrastructures. In this paper we present a technique able to identify whether an host is generating Tor-related traffic. We resort to well-known machine learning algorithms in order to evaluate the effectiveness of the proposed feature set in a real world environment. In addition we demonstrate that the proposed method is able to recognize the kind of activity (e.g., email or P2P applications) the user under analysis is doing on the Tor network.
File in questo prodotto:
File Dimensione Formato  
08258487.pdf

accesso chiuso

Tipologia: Documento in versione editoriale
Dimensione 97.27 kB
Formato Adobe PDF
97.27 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11567/898067
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 24
  • ???jsp.display-item.citation.isi??? 10
social impact