Multilevel Identification and Classification Analysis of Tor on Mobile and PC Platforms

In digitalized and automated systems, more and more intelligent devices have become an import part of industrial Internet of Things (IIOT). However, the lack of security in IIOT makes people facing unprecedented threats from the Dark web. Traffic classification is an important means to prevent anonymous attacks. However, the growing usage of smartphones in daily life is deeply changing the nature of network traffic, which makes traffic classification more challenging. In this article, we propose a Tor traffic identification and multilevel classification framework based on network flow features, which realizes the identification of anonymous traffic (L1), traffic types (L2) of anonymous traffic, and applications (L3) on a mobile and a PC platform, respectively. We further analyze differences between the mobile and the PC platform. We conclude that the impact of time-related features is higher than that of the nontime-related features on the mobile platform, while it is opposite on the PC platform. And it is more difficult to identify and classify Tor types (L2) and specific Tor applications (L3) on the mobile platform than on the PC platform, including using different number of features and early identification and classification.

[1]  Nicholas Hopper,et al.  Shadow: Running Tor in a Box for Accurate and Efficient Experimentation , 2011, NDSS.

[2]  Stuart E. Madnick,et al.  A Systems Theoretic Approach to the Security Threats in Cyber Physical Systems Applied to Stuxnet , 2018, IEEE Transactions on Dependable and Secure Computing.

[3]  Wenbo He,et al.  I know what you did on your smartphone: Inferring app usage over encrypted data traffic , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[4]  Matthew Smith,et al.  SoK: Lessons Learned from Android Security Research for Appified Software Platforms , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[5]  Franz Josef Radermacher,et al.  Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference (Judea Pearl) , 1990, SIAM Rev..

[6]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[7]  Kim-Kwang Raymond Choo,et al.  HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets , 2019, IEEE Transactions on Information Forensics and Security.

[8]  Antonio Pescapè,et al.  Traffic Classification of Mobile Apps through Multi-Classification , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[9]  Robert E. Crossler,et al.  Dealing with digital traces: Understanding protective behaviors on mobile devices , 2019, J. Strateg. Inf. Syst..

[10]  Pedro M. Domingos,et al.  On the Optimality of the Simple Bayesian Classifier under Zero-One Loss , 1997, Machine Learning.

[11]  Weijia Jia,et al.  A New Cell-Counting-Based Attack Against Tor , 2012, IEEE/ACM Transactions on Networking.

[12]  Giuseppe Aceto,et al.  Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark (Web) , 2020, IEEE Transactions on Dependable and Secure Computing.

[13]  Gianluigi Me,et al.  Discovering Hidden Relations Between Tor Marketplaces Users , 2017, 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[14]  Micah Sherr,et al.  ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation , 2011, CSET.

[15]  Khalid Shahbar,et al.  Anon 17 : Network Traffic Dataset of Anonymity Services , 2017 .

[16]  Antonio Pescapè,et al.  Multi-classification approaches for classifying mobile app traffic , 2018, J. Netw. Comput. Appl..

[17]  William W. Cohen Fast Effective Rule Induction , 1995, ICML.

[18]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[19]  A. Nur Zincir-Heywood,et al.  How far can we push flow analysis to identify encrypted anonymity network traffic? , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.

[20]  H. Kyburg Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference by Judea Pearl , 1991 .

[21]  Fabio Martinelli,et al.  Tor traffic analysis and identification , 2017, 2017 AEIT International Annual Conference.

[22]  Bruno Sinopoli,et al.  Detecting Integrity Attacks on SCADA Systems , 2014, IEEE Transactions on Control Systems Technology.

[23]  Giuseppe Aceto,et al.  Mobile Encrypted Traffic Classification Using Deep Learning: Experimental Evaluation, Lessons Learned, and Challenges , 2019, IEEE Transactions on Network and Service Management.

[24]  Domenico Ciuonzo,et al.  A Dive into the Dark Web: Hierarchical Traffic Classification of Anonymity Tools , 2020, IEEE Transactions on Network Science and Engineering.

[25]  Packet Momentum for Identification of Anonymity Networks , 2017 .

[26]  Li Tong,et al.  Research on Cyber Crime Threats and Countermeasures about Tor Anonymous Network Based on Meek Confusion Plug-in , 2017, 2017 International Conference on Robots & Intelligent System (ICRIS).

[27]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[28]  Renata Teixeira,et al.  Traffic classification on the fly , 2006, CCRV.

[29]  Antonio D. Masegosa,et al.  A Taxonomy of Traffic Forecasting Regression Problems From a Supervised Learning Perspective , 2019, IEEE Access.

[30]  Andrew W. Moore,et al.  Discriminators for use in flow-based classification , 2013 .