Online identification of Tor anonymous communication traffic

Abstract

Abuse of anonymous communication systems has introduced new challenges into network administration. The effective identification of anonymous communication traffic is a prerequisite to prevent such abuse; thus, this is fundamentally important for both theoretical researches and practical applications. Existing researches mainly focus on the confirmation of anonymous communication relationship and cannot be used to identify and block anonymous communication traffic. To solve this problem, the operation mechanism is deeply analyzed and traffic characteristics are summarized for the widely used Tor anonymous communication system. On this basis, a TLS fingerprint-based and packet-size distributions based methods are proposed to identify Tor anonymous communication traffic, respectively. The advantages, disadvantages and applicability of these two methods are analyzed and discussed in detail, and are validated by CAIDA dataset and online deployment. Experimental results prove that both methods are effective in identifying Tor anonymous communication traffic. © Copyright 2013, Institute of Software, the Chinese Academy of Sciences. All rights reserved.