• Journal of Software Assessment and Valuation
• /
• v.15 no.1
• /
• pp.1-9
• /
• 2019

We intend to collect and analyze traffic efficiently in order to detect copyright infringement that illegally share contents on Tor network. We have designed and implemented a Tor traffic collection system using multiple virtual machines. We use a number of virtual machines and Mini PCs as clients to connect to Tor network, and automate both the collection and refinement processes in the traffic collection server through script-based test client software. Through this system, only the necessary field data on Tor network can be stored in the database, and only 95% or more of recognition of Tor traffic is achieved.

• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.6
• /
• pp.187-194
• /
• 2020

This paper proposes a website fingerprinting method using ensemble learning over a Tor network that guarantees client anonymity and personal information. We construct a training problem for website fingerprinting from the traffic packets collected in the Tor network, and compare the performance of the website fingerprinting system using tree-based ensemble models. A training feature vector is prepared from the general information, burst, cell sequence length, and cell order that are extracted from the traffic sequence, and the features of each website are represented with a fixed length. For experimental evaluation, we define four learning problems (Wang14, BW, CW_T, CW_H) according to the use of website fingerprinting, and compare the performance with the support vector machine model using CUMUL feature vectors. In the experimental evaluation, the proposed statistical-based training feature representation is superior to the CUMUL feature representation except for the BW case.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.4
• /
• pp.127-132
• /
• 2022

An anonymous encrypted communication networks that make it difficult to identify the trace of a user's access by passing through several virtual computers and/or networks, such as Tor, provides user and data privacy in the process of Internet communications. However, when it comes to abuse for inappropriate purposes, such as sharing of illegal contents, arms trade, etc. through such anonymous encrypted communication networks, it is difficult to detect and take appropriate countermeasures. In this paper, by extending the website fingerprinting technique that can identify access to a specific site even in anonymous encrypted communication, a method for specifying and classifying service types of websites for not only well-known sites but also unknown sites is proposed. This approach can be used to identify hidden sites that can be used for malicious purposes.

• Journal of Internet of Things and Convergence
• /
• v.8 no.5
• /
• pp.111-117
• /
• 2022

Anonymous networks are designed to protect information and communication by avoiding monitoring or tracking traffic. In recent years, however, cybercriminals have evaded law enforcement tracking by exploiting the characteristics of anonymous networks. In this paper, we investigate related research focusing on Tor, one of the anonymous networks. This paper introduces how Tor provides anonymity, and how tracing technologies can track users against Tor. In addition, we compare and analyze tracing techniques, and explain how a researcher can establish an experimental environment.

• The Journal of the Korea institute of electronic communication sciences
• /
• v.12 no.5
• /
• pp.805-816
• /
• 2017

Tor is a popular, low-latency open network that offers online anonymity to users by concealing their information from anyone conducting traffic analysis. At the same time, a number of conventional passive and active attacking schemes have been proposed to compromise the anonymity provided by the Tor network. In addition to attacks on the network through traffic analysis, interacting with an unsecured application can reveal a Tor user's IP address. Specific traffic from such applications bypasses Tor proxy settings in the user's machine and forms connections outside the Tor network. This paper presents such applications and shows how they can be used to deanonymize Tor users. Extensive test studies performed in the paper show that applications such as Flash and BitTorrent can reveal the IP addresses of Tor users.