Packet Momentum for Identification of Anonymity Networks


  • Khalid Shahbar Dalhousie University, Halifax, Canada
  • A. Nur Zincir-Heywood Dalhousie University, Halifax, Canada



Traffic Analysis, Tor, JonDonym, I2P


Multilayer-encryption anonymity networks provide privacy which has become a significant concern on today’s Internet due to many attacks and privacy breaches. The anonymity and privacy these networks provide is a double-edged knife. Increasing attacks, threats and misuse of such valuable anonymity services trigger the need to identify such anonymity networks. Moreover, the implementation of the obfuscation techniques hardens the identification of such networks. Consequently, this research proposes Packet Momentum approach to identify multilayer-encryption anonymity networks. Packet Momentum is a novel approach proposed to identify multilayer-encryption anonymity networks efficiently and accurately and the obfuscations techniques they use. The Packet Momentum aims to use a small number of features and a small number of packets to identify such networks.



Download data is not yet available.

Author Biographies

Khalid Shahbar, Dalhousie University, Halifax, Canada

Khalid Shahbar is a Ph.D. student at Dalhousie University, Halifax, Canada. He received the B.Eng. degree in electrical engineering from King Abdulaziz University, Jeddah, KSA, in 2001, and the M.Sc. degree in computer engineering from King Saud University, Riyadh, KSA, in 2012. His research interests focus on machine learning, network data analysis and network security.

A. Nur Zincir-Heywood, Dalhousie University, Halifax, Canada

Nur Zincir-Heywood is a Full Professor of Computer Science at Dalhousie University. She is the Director of Dalhousie Network Information Management and Security (NIMS) Lab. Her research interests include data driven techniques for cybersecurity and network management. She is on the editorial board of the IEEE Transactions on Network and Service Management. She has been a co-organizer for the IEEE/IFIP International Workshop on Analytics for Network and Service Management since 2016, and for the ACM Workshop on Genetic and Evolutionary Computation in Defense, Security and Risk Management since 2014. Dr. Zincir-Heywood is a member of the IEEE and the ACM and a recipient of the 2017 Women Leaders in the Digital Economy Award.


Dhiah el Diehn, A.-T., Pimenidis, L., Schomburg, J., and Westermann, B. (2009). “Usability inspection of anonymity networks,” in Proceedings of the Privacy, Security, Trust and the Management of e-Business, 2009. CONGRESS’09. World Congress on, IEEE, Rome, 100–109.

Hyun-Min, A., Kim, M. S., and Ham, J. H. (2013). “Application traffic classification using statistic signature,” in Proceedings of the Network Operations and Management Symposium (APNOMS), Asia-Pacific, Beijing, 1–6.

Anon17. (2017). Anonymity networks dataset. Available at:∼shahbar/data.html

Laurent, B., and Teixeira, R. (2007). Early recognition of encrypted applications. Pass. Act. Netw. Meas. 2007, 165–175.

Leo, B. (2001). Random forests. Mach. Learn. 45, 5–32.

David, C. (1981). Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24, 84–90.

Roger D., Mathewson, N., and Syverson, P. (2004). “Tor: The second-generation onion router,” in Proceedings of the 13th Conference on USENIX Security Symposium – SSYM’04, Vol. 13, Berkeley, CA: USENIX Association, 21.

Nir F., Geiger, D., and Goldszmidt, M. (1997). Bayesian network classifiers. Mach. Learn. 29, 131–163.

Rentao G., Wang, H.,and Ji, Y. (2010). “Early traffic identification using Bayesian Networks,” in Proceedings of the Network Infrastructure and Digital Content, 2010 2nd IEEE International Conference on, Berkeley, CA, 564–568.

Mark H., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., and Witten, I. H. (2009). The WEKA data mining software: An update. SIGKDD Explor. Newsl. 11, 10–18.

Chang, H., Hong, S., and Hong, Z. (2013). “Early recognition of internet service flow,” in Proceedings of the Wireless and Optical Communication Conference (WOCC), Chengdu, 464–468.

I2P. (2017). The Network Database. Available at:

Zhen, L., Luo, J., Yu, W., and Fu, X. (2011). “Equal-sized cells mean equal-sized packets in Tor?,” in Proceedings of the Communications (ICC), 2011 IEEE International Conference on, IEEE, London, 1–6.

Petar M., and Kademlia, M. D. (2002). “A peer-to-peer information system based on the xor metric,” in Proceedings of the International Workshop on Peer-to-Peer Systems, Berlin: Springer, 53–65.

Claude N., and Bengio, Y. (2001). Inference for the generalization error. Mach. Learn. 2001, 10–15.

Ruoming, P., Allman, M., Paxson, V., and Lee, J. (2006). The devil and packet trace anonymization. ACM SIGCOMM Comput. Commun. Rev. 36, 29–38.

Project: AN.ON âAS anonymity. (2016). Available at:

Quinlan, J. R. (1993). C4.5: Programs for Machine Learning. San Francisco, CA: Morgan Kaufmann Publishers Inc.

Thorsten, R., Panchenko, A., and Engel, T. (2011). “Comparison of low-latency anonymous communication systems: practical usage and performance,” in Proceedings of the Ninth Australasian Information Security Conference. Australian Computer Society, Inc, 77–86.

Khalid, S., and Zincir-Heywood, A. N. (2014). “Benchmarking two techniques for Tor classification: Flow level and circuit level classification,” in Proceedings of the 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Orlando, FL, 1–8.

Khalid, S., and Zincir-Heywood, A. N. (2015). “Traffic flow analysis of Tor pluggable Transports,” in Proceedings of the 2015 11th International Conference on Network and Service Management (CNSM), Barcelona, 178–181.

Talieh, S. T., Karray, F., and Kamel, M. (2012). “Early internet traffic recognition based on machine learning methods,” in Electrical & Computer Engineering (CCECE), 2012 25th IEEE Canadian Conference on, IEEE, Barcelona, 1–5.

The Invisible Internet Project (I2P). (2016). Available at:

Tor Obfs3. (2017). Available at:

Tunnel implementation. (2017). Available at:

Unidirectional tunnels. (2016). Available at:

Cynthia, W., Wagener, W., State, R., Dulaunoy, A., and Engel, T. (2012). Breaking Tor anonymity with game theory and data mining. Concurr. Comput. 24, 1052–1065.

Rolf, W., Herrmann, D., and Federrath, H. (2007). Performance comparison of low-latency anonymisation services from a user perspective. In International Workshop on Privacy Enhancing Technologies, Berlin: Springer, 233–253.

Philipp, W., Pulls, T., and Fuss, J. (2013). “ScrambleSuit: A polymorphic network protocol to circumvent censorship,” in Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, New York, NY: ACM, 213–224.

Xindong, W., Kumar, V., Quinlan, J. R., Ghosh, J., Yang, Q., Motoda, H. (2008). Top 10 algorithms in data mining. Knowl. Inf. Syst. 14, 1–37.