Browse > Article
http://dx.doi.org/10.33778/kcsa.2021.21.3.031

Classification of Tor network traffic using CNN  

Lim, Hyeong Seok (국방대학교 국방과학학과)
Lee, Soo Jin (국방대학교 국방과학학과)
Publication Information
Convergence Security Journal / v.21, no.3, 2021 , pp. 31-38 More about this Journal
Abstract
Tor, known as Onion Router, guarantees strong anonymity. For this reason, Tor is actively used not only for criminal activities but also for hacking attempts such as rapid port scan and the ex-filtration of stolen credentials. Therefore, fast and accurate detection of Tor traffic is critical to prevent the crime attempts in advance and secure the organization's information system. This paper proposes a novel classification model that can detect Tor traffic and classify the traffic types based on CNN(Convolutional Neural Network). We use UNB Tor 2016 Dataset to evaluate the performance of our model. The experimental results show that the accuracy is 99.98% and 97.27% in binary classification and multiclass classification respectively.
Keywords
Tor; CNN; Binary Classification; Multiclass classification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 AhnLab, "ASEC REPORT VOL. 50", https://www.ahnlab.com/kr/site/securityinfo/asec/asecReportList.do, 검색일: 2020. 8. 5, pp.1-25, 2014.
2 A. Panchenko, F. Lanze, J. Pennekamp, T. Engel, A. Zinnen, M. Henze, and K. Wehrle, "Website Fingerprinting at Internet Scale", Network and Distributed System Security Symposium(NDSS), pp. 1-15, 2016.
3 V. Rimmer, D. preuveneers, M. Juarez, T. Van Goethem, and W. Joosen, "Automated Website Fingerprinting through Deep Learning", arXiv preprint arXiv:1708.06376, pp. 1-15, 2017.
4 K. Rathod, and H. Suthar, "Traffic Analysis and Relay Finding in Tor Survey", Multidisciplinary International Research Journal of Gujarat Technological University, Vol. 2, No. 1, pp. 34-43, 2020.
5 A. Lashkari, H. Draper-Gil, M. S. I. Mamun, and A. Ali, "Characterization of Tor Traffic using Time based Features", International Conference on Information Systems, Security and Privacy(ICISSp), pp. 253-263, 2017.
6 University of New Brunswick, "Tor-nonTor dataset (ISCXTor2016)", https://www.unb.ca/cic/datasets/andmal2017.html, 2016.(검색일 : 2020. 7. 5)
7 V. Nair, and G. E. Hinton, "Rectified Linear Units Improve Restricted Boltzmann Machines", International Conference on Machine Learning (ICML), pp. 807-814, 2010.
8 Kristin Finklea, "Dark Web", U. S. Congressional Research Service Report, 2017. 3.
9 S. Kaur and S. Randhawa, "Dark Web: A Web of Crimes", Wireless Personal Communications, Vol. 112, 2020.
10 L. Basyoni, N. Fetais, A. Erbad, A. Mohamed, and M. Guizani, "Traffic analysis attacks on Tor: a survey", 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 183-188, 2020
11 H. Oh, D. Hwang, and W. Kim, "Traffic Sequence Vectorization and Ensemble Algorithm Classification for Tor Website Fingerprinting", Journal of The Institute of Electronics and Information Engineers Vol. 57, No. 5, pp. 59-61, 2020.
12 D. Moore, and T. Rid, "Cryptopolitik and the Darknet", Survival, Vol.58, no.1, pp.20-25, 2016.
13 Y. Shin, and S. Shin, "An Empirical Study on Massive Forensic Services", Internet and Information Security, Vol.1, No.4, pp. 83-100, 2010.
14 M. Kim, "Limitations and Improvements of Adoption Criteria for Digital Forensic Evidence", Convergence Security Journal, Vol.18, No.4, pp. 36-43, 2018.
15 A. Gupta, S. B. Maynard, and A. Ahmad, "The Dark Web Phenomenon: A Review and Research Agenda", ACIS 2019 Proceedings, 1, 2019.
16 Z. Cao, G. Xiong, Y. Zhao, Z. Li, and l. Guo, "A Survey on Encrypted Traffic Classification", International Conference on Applications and Techniques in Information Security, pp. 73-81, 2014.
17 T. Wang, and I. Goldberg, "Improved website fingerprinting on tor", Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pp. 201-202, 2013.
18 A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, "Anonymity Services Tor, I2P, JonDonym: Classifying the Dark (Web)", IEEE Transactions on Dependable and Secure Computing, Vol.17, No.3, pp. 1-14, 2018.
19 M. Kim, and A. Anpalagan, "Tor Traffic Classification from Raw Packet Header using Convolutional Neural Network", 2018 1st IEEE International Conference on Knowledge Innovation and Invention(ICKII), pp. 187-190, 2018.
20 Kingma, P. Diederik, and Jimmy Ba, "Adam: A Method For Stochastic Optimization", arXiv preprint arXiv:1412.6980, pp. 1-15, 2015.