A novel application classification attack against Tor. (27th July 2015)
- Record Type:
- Journal Article
- Title:
- A novel application classification attack against Tor. (27th July 2015)
- Main Title:
- A novel application classification attack against Tor
- Authors:
- He, Gaofeng
Yang, Ming
Luo, Junzhou
Gu, Xiaodan - Abstract:
- Summary: Tor is a famous anonymous communication system for preserving users' online privacy. It supports TCP applications and packs upper‐layer application data into encrypted equal‐sized cells with onion routing to hide private information of users. However, we note that the current Tor design cannot conceal certain application behaviors. For example, P2P applications usually upload and download files simultaneously, and this behavioral feature is also kept in Tor traffic. Motivated by this observation, we investigate a new attack against Tor, application classification attack, which can recognize application types from Tor traffic. An attacker first carefully selects some flow features such as burst volumes and directions to represent the application behaviors and takes advantage of some efficient machine‐learning algorithm (e.g., Profile Hidden Markov Model) to model different types of applications. Then he or she can use these established models to classify target's Tor traffic and infer its application type. We have implemented the application classification attack on Tor using parallel computing, and our experiments validate the feasibility and effectiveness of the attack. We argue that the disclosure of application type information is a serious threat to Tor users' anonymity because it can be used to reduce the anonymity set and facilitate other attacks. We also present guidelines to defend against application classification attack. Copyright © 2015 John Wiley &Summary: Tor is a famous anonymous communication system for preserving users' online privacy. It supports TCP applications and packs upper‐layer application data into encrypted equal‐sized cells with onion routing to hide private information of users. However, we note that the current Tor design cannot conceal certain application behaviors. For example, P2P applications usually upload and download files simultaneously, and this behavioral feature is also kept in Tor traffic. Motivated by this observation, we investigate a new attack against Tor, application classification attack, which can recognize application types from Tor traffic. An attacker first carefully selects some flow features such as burst volumes and directions to represent the application behaviors and takes advantage of some efficient machine‐learning algorithm (e.g., Profile Hidden Markov Model) to model different types of applications. Then he or she can use these established models to classify target's Tor traffic and infer its application type. We have implemented the application classification attack on Tor using parallel computing, and our experiments validate the feasibility and effectiveness of the attack. We argue that the disclosure of application type information is a serious threat to Tor users' anonymity because it can be used to reduce the anonymity set and facilitate other attacks. We also present guidelines to defend against application classification attack. Copyright © 2015 John Wiley & Sons, Ltd. … (more)
- Is Part Of:
- Concurrency and computation. Volume 27:Number 18(2015:Dec.)
- Journal:
- Concurrency and computation
- Issue:
- Volume 27:Number 18(2015:Dec.)
- Issue Display:
- Volume 27, Issue 18 (2015)
- Year:
- 2015
- Volume:
- 27
- Issue:
- 18
- Issue Sort Value:
- 2015-0027-0018-0000
- Page Start:
- 5640
- Page End:
- 5661
- Publication Date:
- 2015-07-27
- Subjects:
- application classification -- behavior model -- profile HMM -- Tor -- anonymous communication -- privacy
Parallel processing (Electronic computers) -- Periodicals
Parallel computers -- Periodicals
004.35 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/cpe.3593 ↗
- Languages:
- English
- ISSNs:
- 1532-0626
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3405.622000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 784.xml