Darknet Traffic Analysis: Examining How the ADABOOST Algorithm Affects the Classification of Onion Service Traffic Given Modified Tor Traffic
Main Article Content
Abstract
In order to shape and monitor traffic, it is necessary to classify network traffic. The significance of privacy-preserving technology has increased in the last twenty years due to the growth of privacy concerns. One common method of remaining anonymous while surfing the web is to join the Tor network. This will allow you to remain anonymous while also supporting anonymous services called Onion Services. The problem is that government and law enforcement organizations often take advantage of this anonymity, particularly with Onion Services, and end up de-anonym zing its users. This paper's emphasis is on three primary contributions in an effort to discover the capability to categorize Onion Service traffic. Separating Onion Service communication from regular Tor traffic is our first objective. With over 99% accuracy, our methods can detect Onion Service traffic. On the other hand, Tor traffic may have its information leaking concealed by making a
Few adjustments. We assess the efficacy of our methods in light of these changes to Tor traffic in our second contribution. According to our experiments, under these circumstances, the Onion Services traffic becomes less distinct, with an accuracy decrease of over 15% seen in some instances. We conclude by determining and assessing the effect of the most important feature combinations on our classification task.
Downloads
Metrics
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
References
R. Dingledine, N. Mathewson, and P. Sigerson, ‘‘Tor: The second generation onion router,’’ in Proc. 13th USENIX Secure. Sump. (SSYM), San Diego, CA, USA, Aug. 2004, pp. 303–320.
M. Al Sabah, K. Bauer, and I. Goldberg, ‘‘Enhancing Tor’s performance using real-time traffic classification,’’ in Proc. ACM Conf. Compute. Common. Secure. (CCS), New York, NY, USA, Oct. 2012, pp. 73–84.
A. H. Lashkar, G. D. Gil, M. S. I. Mamun, and A. A. Ghobadi, ‘‘Characterization of Tor traffic using time based features,’’ in Proc. 3rd Int. Conf. Inf. Syst. Secure. Privacy (ICISSP), Porto, Portugal, Feb. 2017, pp. 253–262.
M. Kim and A. Analgen, ‘‘Tor traffic classification from raw packet header using convolutional neural network,’’ in Proc. 1st IEEE Int. Conf. Know. Innova. Invention (ICKII), Juju Island, South Korea, Jul. 2018, pp. 187–190.
G. He, M. Yang, J. Luo, and X. GU, ‘‘Inferring application type information from Tor encrypted traffic,’’ in Proc. 2nd Int. Conf. Adv. Cloud Big Data (CBD), Washington, DC, USA, Nov. 2014, pp. 220–227.
A. Monteiro, D. Cuonzo, G. Ace to, and A. Escape, ‘‘Anonymity services tor, I2P, Mononym: Classifying in the dark (web),’’ IEEE Trans. Dependable Secure Compute., vol. 17, no. 3, pp. 662–675, May 2020.
(May 2017). Wry Ransomware Analysis. Accessed: Apr. 26, 2023. [Online]. Available: https://www.secureworks.com/research/wcryransomware-analysis
(Jul. 2019). Keeping a Hidden Identity: Miraa C&Cs in Tor Network. Accessed: Apr. 26, 2023. [Online]. Available: https://blog.trendmicro. Com/trendlabs-security-intelligence/keeping-a-hidden-identity-mirai-ccsin-tor-network/
(Nov. 2014). Global Action against Dark Markets on Tor Network. Accessed: Aug. 4, 2020. [Online]. Available: https://www.europol. europa.eu/newsroom/news/global-action-against-dark-markets-tornetwork
M. Juarez, M. Imani, M. Perry, C. Diaz, and M. Wright, ‘‘toward an efficient website fingerprinting defines,’’ in Proc. 21st Eur. Sump. Res. Compute. Secure. (ESORICS), Heraklion, Greece, Sep. 2016, pp. 27–46.
T. Wang and I. Goldberg, ‘‘Walkie-talkie: An efficient defines against passive website fingerprinting attacks,’’ in Proc. 26th USENIX Secure. Sump. (SEC), Vancouver, BC, Canada, Aug. 2017, pp. 1375–1390.
W. De la Cadena, A. Mitzva, J. Hiller, J. Penkyamp, S. Reuter, J. Filter, T. Engel, K. Where, and A. Pachinko, ‘‘Traffic Sliver: Fighting website fingerprinting attacks with traffic splitting,’’ in Proc. ACM SIGSAC Conf. Compute. Common. Secure. (CCS), New York, NY, USA, Nov. 2020, pp. 1971–1985.
J. Hayes and G. Danzi’s, ‘‘k-fingerprinting: A robust scalable website fingerprinting technique,’’ in Proc. 25th USENIX Conf. Secure. Sump. (SEC), Austin, TX, USA, Aug. 2016, pp. 1187–1203.
X. Bai, Y. Zhang, and X. Nau, ‘‘Traffic identification of Tor and web mix,’’ in Proc. 8th Int. Conf. Intel. Syst. Design Appl. (ISDA), Kaohsiung, Taiwan, vol. 1, Nov. 2008, pp. 548–551.
O. Berthold, H. Federate, and S. Koppel, ‘‘Web Mixes: A system for anonymous and unobservable Internet access,’’ in Proc. Int. Workshop Design Issues Anonymity Unobservability, in Lecture Notes in Computer Science, vol. 2009, H. Federate, Ed., Berkeley, CA, USA, Jul. 2000, pp. 115–129.