Title: Tor Traffic Classification Based on Encrypted Payload Characteristics
Abstract: Tor is increasingly used on the Internet as a means of accessing illicit or illegal services. If enacted by employees, such use may lead to negative impact on the organization. By its nature, Tor traffic is encrypted multiple times before being sent across networks to reach a destination. Therefore it may be impossible to detect the nature of a Tor user's online activities. Nevertheless, such users cannot hide the fact that they are using Tor. This paper proposes a novel data payload analysis as a means of classifying Tor traffic using machine learning. To this end, we consider the characteristics of the encrypted data payload for Tor and encrypted nonTor packets from 8 different applications and extract features to train our machine learning model. Our results indicate that, contrary to the commonsense assumption that Tor packets resemble other encrypted packets, such payload content can be used to distinguish between Tor and nonTor packets.
Publication Year: 2021
Publication Date: 2021-03-27
Language: en
Type: article
Indexed In: ['crossref']
Access and Citation
Cited By Count: 7
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot