A User Prediction and Identification System for Tor Networks Using ARIMA Model

Due to the amount of anonymity afforded to users of the Tor infrastructure, Tor has become a useful tool for malicious users. With Tor, the users are able to compromise the non-repudiation principle of computer security. Also, the potentially hackers may launch attacks such as DDoS or identity theft behind Tor. For this reason, there are needed new systems and models to detect the intrusion in Tor networks. In this paper, we present the application of Autoregression Integrated Moving Average (ARIMA) for prediction of user behavior in Tor networks. We constructed a Tor server and a Deep Web browser (Tor client) in our laboratory. Then, the client sends the data browsing to the Tor server using the Tor network. We used Wireshark Network Analyzer to get the data and then used the ARIMA model to make the prediction. The simulation results show that proposed system has a good prediction of user behavior in Tor networks.

[1]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[2]  Munindar P. Singh The pragmatic web , 2002, IEEE Internet Computing.

[3]  Jer Lang Hong Deep web data extraction , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[4]  Milos Manic,et al.  Neural Network based Intrusion Detection System for critical infrastructures , 2009, 2009 International Joint Conference on Neural Networks.

[5]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[6]  Mansoor Alam,et al.  A Deep Learning Approach for Network Intrusion Detection System , 2016, EAI Endorsed Trans. Security Safety.

[7]  Sufyan T. Faraj Al-Janabi,et al.  A Neural Network Based Anomaly Intrusion Detection System , 2011, 2011 Developments in E-systems Engineering.

[8]  Heidar A. Malki,et al.  Network Intrusion Detection System Using Neural Networks , 2008, 2008 Fourth International Conference on Natural Computation.

[9]  Zhen Ling,et al.  TorWard: Discovery of malicious traffic over Tor , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[10]  Paul F. Syverson A peel of onion , 2011, ACSAC '11.

[11]  Nick Mathewson,et al.  Deploying Low-Latency Anonymity: Design Challenges and Social Factors , 2007, IEEE Security & Privacy.

[12]  David Stupples ICITST-2013: Keynote speaker 2: Security challenge of TOR and the deep web , 2013, ICITST.

[13]  Host-based Ids Neural Networks For Intrusion Detection And Its Applications , 2012 .

[14]  Chen Xi,et al.  Wind speed forecasting based on EEMD and ARIMA , 2015, 2015 Chinese Automation Congress (CAC).

[15]  Liu Xin,et al.  Design Improvement for Tor against Low-Cost Traffic Attack and Low-Resource Routing Attack , 2009, 2009 WRI International Conference on Communications and Mobile Computing.

[16]  Munindar P. Singh Deep Web Structure , 2002, IEEE Internet Comput..

[17]  Keith W. Ross,et al.  Waiting for Anonymity: Understanding Delays in the Tor Overlay , 2010, 2010 IEEE Tenth International Conference on Peer-to-Peer Computing (P2P).