Inferring Application Type Information from Tor Encrypted Traffic
Tor is a famous anonymity communication system for preserving users online privacy.It supports TCP applications and packs application data into encrypted equal-sized cells to hide some private information of users,such as the running application type(Web,P2P,FTP,Others).The known of application types is harmful because they can be used to reduce the anonymity set and facilitate other attacks.However,unfortunately,the current Tor design cannot conceal certain application behaviors.For example,P2P applications usually upload and download files simultaneously and this behavioral feature is also kept in Tor traffic.Motivated by this observation,we investigate a new attack against Tor,traffic classification attack,which can recognize application types from Tor traffic.An attacker first carefully selects some flow features,e.g.,burst volumes and directions to represent the application behaviors and takes advantage of some efficient machine learning algorithm to model different types of applications.Then these established models can be used to classify targets Tor traffic and infer its application type.We have implemented the traffic classification attack on Tor and our experiments validate the feasibility and effectiveness of the attack.
traffic classification profile HMM anonymous communication Tor privacy
Gaofeng He Ming Yang Junzhou Luo Xiaodan Gu
China Electric Power Research Institute Nanjing,P.R.China School of Computer Science and Engineering Southeast University Nanjing,P.R.China
国际会议
2014 2nd International Conference on Advanced Cloud and Big Data (CBD 2014)(2014年先进云计算和大数据国际会议)
安徽黄山
英文
220-227
2014-11-20(万方平台首次上网日期,不代表论文的发表时间)