Descripción:
The amount of users interested in protecting their data and privacy on the Internet has increased lately. This has augmented the popularity of anonymization services such as Tor. However, the anonymization and the complication of being tracked provided by Tor has also been used for illintended purposes, such as evading security policies and controls. In this work, we implemented and evaluated an offline Tor traffic detector using white-box machine learning algorithms such as decision trees and random forests. On the one hand, our classifier achieves precision levels above 99 %. On the other hand, our approach is the first one to allow understanding and interpreting the classifier, thus understanding which variables play a significant role in the classification. We show that TCP window size, packet size and some time-related features can be used to identify Tor traffic.
Tipo de publicación:
Conference Paper
Publicado en:
2023 XLIX Latin American Computer Conference (CLEI)