• Corpus ID: 207999047

Packet Momentum for Identification of Anonymity Networks

@inproceedings{Shahbar2017PacketMF,
  title={Packet Momentum for Identification of Anonymity Networks},
  author={Khalid Shahbar and Ayse Nur Zincir-Heywood},
  year={2017}
}
Multilayer-encryption anonymity networks provide privacy which has become a significant concern on today’s Internet due to many attacks and privacy breaches. The anonymity and privacy these networks provide is a double-edged knife. Increasing attacks, threats and misuse of such valuable anonymity services trigger the need to identify such anonymity networks. Moreover, the implementation of the obfuscation techniques hardens the identification of such networks. Consequently, this research… 
A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures
TLDR
This survey examines the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels and examines the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.
A Big Data-Enabled Hierarchical Framework for Traffic Classification
TLDR
BDeH is enabled by big data-paradigm and capitalizes the machine learning workhorse for operating with encrypted traffic and allows for seamless integration of data parallelism provided by big-data technologies with model parallelism enabled by hierarchical approaches.
The Challenge of Only One Flow Problem for Traffic Classification in Identity Obfuscation Environments
TLDR
This work proposes a flexible method called AI-FlowDet by leveraging the scene change concept and a CNN model to find behavior change points of traffic based on learning data and proves that the proposed splitting methods for the only one flow problem and proposed features for flow type classification are effective.
Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark (Web)
TLDR
This paper provides classification results with the aim of investigating to which degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of other considered anonymity tools, using five machine learning classifiers.
A Dive into the Dark Web: Hierarchical Traffic Classification of Anonymity Tools
TLDR
An in-depth analysis of TC of anonymity tools (and deeper, of their running services and applications) via a truly hierarchical approach is provided and a general improvement over the flat approach in terms of all the classification metrics is highlighted.
CPWF: Cross-Platform Website Fingerprinting Based on Multi-Similarity Loss
TLDR
This study uses the multi-similarity loss to train a deep learning-based website fingerprint extraction model that is able to extract a feature set for anonymous website traffic classification, ignoring the differences caused by different devices.
Flow Sequence-Based Anonymity Network Traffic Identification with Residual Graph Convolutional Networks
TLDR
This paper proposes a novel FS-based anonymity network traffic identification framework that leverages Residual Graph Convolutional Network (ResGCN) to exploit relationships between flows for FS feature extraction, and designs a practical scheme to preprocess the raw data of real-world traffic, which further improves identification performance and efficiency.
Mobile Encrypted Traffic Classification Using Deep Learning: Experimental Evaluation, Lessons Learned, and Challenges
TLDR
Different state-of-the-art DL techniques from (standard) TC are reproduced, dissected, and set into a systematic framework for comparison, including also a performance evaluation workbench, to propose deep learning classifiers based on automatically extracted features, able to cope with encrypted traffic, and reflecting their complex traffic patterns.
MIRAGE: Mobile-app Traffic Capture and Ground-truth Creation
TLDR
This paper introduces and describes MIRAGE, a reproducible architecture for mobile-app traffic capture and ground-truth creation having the goal of advancing the state-of-the-art in mobile app traffic analysis.
Multilevel Identification and Classification Analysis of Tor on Mobile and PC Platforms
TLDR
A Tor traffic identification and multilevel classification framework based on network flow features is proposed, which realizes the identification of anonymous traffic (L1), traffic types (L2) ofAnonymous traffic, and applications (L3) on a mobile and a PC platform, respectively.
...
...

References

SHOWING 1-10 OF 21 REFERENCES
Early Recognition of Encrypted Applications
TLDR
This paper proposes a method to detect applications in SSL encrypted connections that uses only the size of the first few packets of an SSL connection to recognize the application, which enables an early classification.
The devil and packet trace anonymization
TLDR
A general tool, tcpmkpub, for anonymizing traces is presented, the process used to determine the particular anonymization policy is discussed, and the use of metadata accompanying the traces to provide insight into features that have been obfuscated by anonymization is described.
ScrambleSuit: a polymorphic network protocol to circumvent censorship
TLDR
By using morphing techniques and a secret exchanged out-of-band, ScrambleSuit can defend against active probing and other fingerprinting techniques such as protocol classification and regular expressions and enables effective and lightweight obfuscation for application layer protocols.
Usability Inspection of Anonymity Networks
TLDR
This paper examines the usability of four software implementations for anonymous communication techniques especially with regards to the installation procedure and inspects the quality of service of these implementations by means of a performance test.
Breaking Tor Anonymity with Game Theory and Data Mining
TLDR
An attack originated from only one rogue exit node is proposed, composed of an active tag injection scheme, an inference attack that leverages a semi-supervised learning algorithm to reconstruct browsing sessions, and several counter-measures and advanced attacks.
Comparison of Low-Latency Anonymous Communication Systems - Practical Usage and Performance
TLDR
This paper considers five most popular low-latency anonymisation services that represent the current state of the art: single-hop proxies and Onion Routing based solutions (Tor, I2P, and Jon-Donym), and assess their usability and rank them in regard to their anonymity.
Early traffic identification using Bayesian networks
TLDR
The results indicate that this approach for online traffic classification relying on the observation of the first n packets of a flow is not sensitive to the prior probability estimation in most cases, and that packet sizes are more efficient than the inter-arrival times although both of them are important.
Equal-Sized Cells Mean Equal-Sized Packets in Tor?
TLDR
A packet size based attack is introduced that compromises Tor's communication anonymity with no need of controlling Tor routers and demonstrates the need for re-considering the issue of padding anonymous communication data into equal size.
Benchmarking two techniques for Tor classification: Flow level and circuit level classification
TLDR
This work extended on the previous work to classify the user activities using information extracted from Tor circuits and cells and developed a classification system to identify user activities based on traffic flow features.
Performance Comparison of Low-Latency Anonymisation Services from a User Perspective
TLDR
Neither of the two anonymisation services Tor and AN.ON clearly outperforms the other one, and the results indicate the existence of an overall tolerance level for acceptable latencies of approximately 4 seconds, which should be kept in mind when designing low-latency anonymity services.
...
...