A Survey on Tor Encrypted Traffic Monitoring

Tor (The Onion Router) is an anonymity tool that is widely used worldwide. Tor protect its user privacy against surveillance and censorship using strong encryption and obfuscation techniques which makes it extremely difficult to monitor and identify users’ activity on the Tor network. It also implements strong defense to protect the users against traffic features extraction and website fingerprinting. However, the strong anonymity also became the heaven for criminal to avoid network tracing. Therefore, numerous of research has been performed on encrypted traffic analyzing and classification using machine learning techniques. This paper presents survey on existing approaches for classification of Tor and other encrypted traffic. There is preliminary discussion on machine learning approaches and Tor network. Next, there are comparison of the surveyed traffic classification and discussion on their classification properties.

[1]  Muharram Mansoorizadeh,et al.  Real-time identification of three Tor pluggable transports using machine learning techniques , 2018, The Journal of Supercomputing.

[2]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[3]  Stefan Lindskog,et al.  Spoiled Onions: Exposing Malicious Tor Exit Relays , 2014, Privacy Enhancing Technologies.

[4]  Yifan Yu,et al.  TIFAflow: enhancing traffic archiving system with flow granularity for forensic analysis in network security , 2013 .

[5]  Ran Liu,et al.  Investigation of machine learning based network traffic classification , 2017, 2017 International Symposium on Wireless Communication Systems (ISWCS).

[6]  Alfredo Cuzzocrea,et al.  Tor traffic analysis and detection via machine learning techniques , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[7]  Guanglu Sun,et al.  Internet Traffic Classification Based on Incremental Support Vector Machines , 2018, Mob. Networks Appl..

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[9]  Omer Gurewitz,et al.  Traffic Classification Based on Zero-Length Packets , 2018, IEEE Transactions on Network and Service Management.

[10]  Ming Yang,et al.  A novel application classification attack against Tor , 2015, Concurr. Comput. Pract. Exp..

[11]  Hui Xiong,et al.  Service Usage Classification with Encrypted Internet Traffic in Mobile Messaging Apps , 2016, IEEE Transactions on Mobile Computing.

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Pavel Celeda,et al.  A survey of methods for encrypted traffic classification and analysis , 2015, Int. J. Netw. Manag..

[14]  Jun Zhang,et al.  Internet Traffic Classification Using Constrained Clustering , 2014, IEEE Transactions on Parallel and Distributed Systems.

[15]  Zhi-Hua Zhou,et al.  Tri-training: exploiting unlabeled data using three classifiers , 2005, IEEE Transactions on Knowledge and Data Engineering.

[16]  Hamid H. Jebur,et al.  Machine Learning Techniques for Anomaly Detection: An Overview , 2013 .

[17]  Jie Cao,et al.  An accurate traffic classification model based on support vector machines , 2017, Int. J. Netw. Manag..

[18]  Mark A. Girolami,et al.  An empirical analysis of the probabilistic K-nearest neighbour classifier , 2007, Pattern Recognit. Lett..

[19]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[20]  Mark van Staalduinen,et al.  Authorship Analysis on Dark Marketplace Forums , 2015, 2015 European Intelligence and Security Informatics Conference.

[21]  José Everardo Bessa Maia,et al.  NTCS: A real time flow-based network traffic classification system , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[22]  Ian Goldberg,et al.  Enhancing Tor's performance using real-time traffic classification , 2012, CCS.

[23]  Prateek Mittal,et al.  Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting , 2011, CCS '11.

[24]  Shingo Ata,et al.  Application identification from encrypted traffic based on characteristic changes by encryption , 2011, 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR).

[25]  Sergey Avdoshin,et al.  Anonymity of Tor: Myth and Reality , 2016, CEE-SECR '16.

[26]  J. Aldridge,et al.  Delivery dilemmas: How drug cryptomarket users identify and seek to reduce their risk of detection by law enforcement. , 2017, The International journal on drug policy.

[27]  Angelos D. Keromytis,et al.  Detecting Traffic Snooping in Tor Using Decoys , 2011, RAID.

[28]  Liehuang Zhu,et al.  Classification of Encrypted Traffic With Second-Order Markov Chains and Application Attribute Bigrams , 2017, IEEE Transactions on Information Forensics and Security.

[29]  Liu Yang,et al.  A hierarchical classification approach for tor anonymous traffic , 2017, 2017 IEEE 9th International Conference on Communication Software and Networks (ICCSN).

[30]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[31]  Davide Balzarotti,et al.  The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services , 2017, WWW.

[32]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[33]  James C. Bezdek,et al.  Pattern Recognition with Fuzzy Objective Function Algorithms , 1981, Advanced Applications in Pattern Recognition.

[34]  Han Li Research and Implementation of an Anomaly Detection Model Based on Clustering Analysis , 2010, 2010 International Symposium on Intelligence Information Processing and Trusted Computing.

[35]  Jalal Omer Atoum,et al.  A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning , 2015 .

[36]  A. Nur Zincir-Heywood,et al.  Benchmarking two techniques for Tor classification: Flow level and circuit level classification , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[37]  Marius Kloft,et al.  Toward Supervised Anomaly Detection , 2014, J. Artif. Intell. Res..

[38]  Julian Broséus,et al.  A geographical analysis of trafficking on a popular darknet market. , 2017, Forensic science international.

[39]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[40]  Vladimir Vapnik,et al.  An overview of statistical learning theory , 1999, IEEE Trans. Neural Networks.

[41]  Antonio Pescapè,et al.  Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark , 2017, 2017 29th International Teletraffic Congress (ITC 29).