Packet Momentum for Identification of Anonymity Networks
DOI:
https://doi.org/10.13052/2245-1439.612Keywords:
Traffic Analysis, Tor, JonDonym, I2PAbstract
Multilayer-encryption anonymity networks provide privacy which has become a significant concern on today’s Internet due to many attacks and privacy breaches. The anonymity and privacy these networks provide is a double-edged knife. Increasing attacks, threats and misuse of such valuable anonymity services trigger the need to identify such anonymity networks. Moreover, the implementation of the obfuscation techniques hardens the identification of such networks. Consequently, this research proposes Packet Momentum approach to identify multilayer-encryption anonymity networks. Packet Momentum is a novel approach proposed to identify multilayer-encryption anonymity networks efficiently and accurately and the obfuscations techniques they use. The Packet Momentum aims to use a small number of features and a small number of packets to identify such networks.
Downloads
References
Dhiah el Diehn, A.-T., Pimenidis, L., Schomburg, J., and Westermann, B. (2009). “Usability inspection of anonymity networks,” in Proceedings of the Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS’09. World Congress on, IEEE, Rome, 100–109.
Hyun-Min, A., Kim, M. S., and Ham, J. H. (2013). “Application traffic classification using statistic signature,” in Proceedings of the Network Operations and Management Symposium (APNOMS), Asia-Pacific, Beijing, 1–6.
Anon17. (2017). Anonymity networks dataset. Available at: https://web.cs.dal.ca/∼shahbar/data.html
Laurent, B., and Teixeira, R. (2007). Early recognition of encrypted applications. Pass. Act. Netw. Meas. 2007, 165–175.
Leo, B. (2001). Random forests. Mach. Learn. 45, 5–32.
David, C. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24, 84–90.
Roger D., Mathewson, N., and Syverson, P. (2004). “Tor: The second-generation onion router,” in Proceedings of the 13th Conference on USENIX Security Symposium – SSYM’04, Vol. 13, Berkeley, CA: USENIX Association, 21.
Nir F., Geiger, D., and Goldszmidt, M. (1997). Bayesian network classifiers. Mach. Learn. 29, 131–163.
Rentao G., Wang, H.,and Ji, Y. (2010). “Early traffic identification using Bayesian Networks,” in Proceedings of the Network Infrastructure and Digital Content, 2010 2nd IEEE International Conference on, Berkeley, CA, 564–568.
Mark H., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. H. (2009). The WEKA data mining software: An update. SIGKDD Explor. Newsl. 11, 10–18.
Chang, H., Hong, S., and Hong, Z. (2013). “Early recognition of internet service flow,” in Proceedings of the Wireless and Optical Communication Conference (WOCC), Chengdu, 464–468.
I2P. (2017). The Network Database. Available at: https://geti2p.net/en/docs/how/network-database
Zhen, L., Luo, J., Yu, W., and Fu, X. (2011). “Equal-sized cells mean equal-sized packets in Tor?,” in Proceedings of the Communications (ICC), 2011 IEEE International Conference on, IEEE, London, 1–6.
Petar M., and Kademlia, M. D. (2002). “A peer-to-peer information system based on the xor metric,” in Proceedings of the International Workshop on Peer-to-Peer Systems, Berlin: Springer, 53–65.
Claude N., and Bengio, Y. (2001). Inference for the generalization error. Mach. Learn. 2001, 10–15.
Ruoming, P., Allman, M., Paxson, V., and Lee, J. (2006). The devil and packet trace anonymization. ACM SIGCOMM Comput. Commun. Rev. 36, 29–38.
Project: AN.ON âAS anonymity. (2016). Available at: http://anon.inf.tu-dresden.de/index
Quinlan, J. R. (1993). C4.5: Programs for Machine Learning. San Francisco, CA: Morgan Kaufmann Publishers Inc.
Thorsten, R., Panchenko, A., and Engel, T. (2011). “Comparison of low-latency anonymous communication systems: practical usage and performance,” in Proceedings of the Ninth Australasian Information Security Conference. Australian Computer Society, Inc, 77–86.
Khalid, S., and Zincir-Heywood, A. N. (2014). “Benchmarking two techniques for Tor classification: Flow level and circuit level classification,” in Proceedings of the 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Orlando, FL, 1–8.
Khalid, S., and Zincir-Heywood, A. N. (2015). “Traffic flow analysis of Tor pluggable Transports,” in Proceedings of the 2015 11th International Conference on Network and Service Management (CNSM), Barcelona, 178–181.
Talieh, S. T., Karray, F., and Kamel, M. (2012). “Early internet traffic recognition based on machine learning methods,” in Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on, IEEE, Barcelona, 1–5.
The Invisible Internet Project (I2P). (2016). Available at: https://geti2p.net/en/
Tor Obfs3. (2017). Available at: https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt
Tunnel implementation. (2017). Available at: https://geti2p.net/en/docs/naming
Unidirectional tunnels. (2016). Available at: https://geti2p.net/en/docs/tunnels/unidirectional
Cynthia, W., Wagener, W., State, R., Dulaunoy, A., and Engel, T. (2012). Breaking Tor anonymity with game theory and data mining. Concurr. Comput. 24, 1052–1065.
Rolf, W., Herrmann, D., and Federrath, H. (2007). Performance comparison of low-latency anonymisation services from a user perspective. In International Workshop on Privacy Enhancing Technologies, Berlin: Springer, 233–253.
Philipp, W., Pulls, T., and Fuss, J. (2013). “ScrambleSuit: A polymorphic network protocol to circumvent censorship,” in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, New York, NY: ACM, 213–224.
Xindong, W., Kumar, V., Quinlan, J. R., Ghosh, J., Yang, Q., Motoda, H. (2008). Top 10 algorithms in data mining. Knowl. Inf. Syst. 14, 1–37.
