A method for identifying Tor hosts based on machine learning techniques

Zhang Ling; Wei Chuanzheng; Lin Zhenbiao; Duan Linlin

doi:10.16157/j.issn.0258-7998.200759

Dianzi Jishu Yingyong (Apr 2021)

A method for identifying Tor hosts based on machine learning techniques

Zhang Ling,
Wei Chuanzheng,
Lin Zhenbiao,
Duan Linlin

Affiliations

Zhang Ling: Beijing Cyber XingAn Technology Co.，Ltd.，Beijing 102200，China
Wei Chuanzheng: Beijing Cyber XingAn Technology Co.，Ltd.，Beijing 102200，China
Lin Zhenbiao: Beijing Cyber XingAn Technology Co.，Ltd.，Beijing 102200，China
Duan Linlin: School of Information Engineering，Zhengzhou University，Zhengzhou 450001，China

DOI: https://doi.org/10.16157/j.issn.0258-7998.200759
Journal volume & issue: Vol. 47, no. 4
pp. 54 – 58

Abstract

Read online

Tor is an anonymous Internet communication system based on onion routing network protocol. Network traffics generated by normal applications become hard to trace when they are delivered by Tor system. However, an increasing number of cyber criminals are utilizing Tor to remain anonymous while carrying out their crimes or make illegal transactions. As a countermeasure, this paper presents a method able to identify Tor traffics and thereby recognize related Tor hosts. The method proposes several groups of features extracted from network traffic and resort to machine learning algorithm to evaluate feature effectiveness. Experiments in real world dataset demonstrate that the proposed method is able to distinguish Tor flows from normal traffics as well as recognize the kind of activity in Tor generated by different normal applications.

Published in Dianzi Jishu Yingyong

ISSN: 0258-7998 (Print)
Publisher: National Computer System Engineering Research Institute of China
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Electronics
Website: http://journal.chinaaet.com/en

About the journal

Abstract

Keywords