Abstract
Internet has facilitated ease of communication, providing e-commerce, government and private services, also it has fostered crime to a large extent. Tor browser provides access to the dark web that is famous for market of illicit goods like drugs, weapons, pornography, malicious codes and hacked account details to name a few. All this is possible due to the anonymity and privacy provided by Tor. The anonymity and privacy provided by Tor network has made it a choice for cybercriminals. To avoid detection Tor uses antiforensic techniques like the browser settings, encryption, onion routing, onion addresses. The objective of this chapter is to put forth the antiforensic techniques provided by Tor network, present a detailed analysis of deanonymizing techniques researched till now and propose a simplified model for detecting a suspect using Tor communication.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Garfinkel S (2007) Anti-forensics: techniques, detection and countermeasures. In: 2nd international conference in i-warefare and security. pp 77
Bleeding-edge anti-forensics. In: Infosec world conference and Expo. MIS Training Institute
Zhu Y, Fu X, Graham B, Bettati R, Zhao W (2010) Correlation-based traffic analysis attacks on anonymity networks. IEEE Trans Parallel Distrib Syst 21(7):954–967
Chakravarty S, Barbera MV, Portokalidis G, Polychronakis M, Keromytis AD (2014) On the effectiveness of traffic analysis against anonymity networks using flow records. In: Faloutsos M, Kuzmanovic A (eds) Passive and active measurement. PAM. Lecture notes in computer science, vol 8362. Springer, Cham
Cuzzocrea A, Martinelli F, Mercaldo F, Vercelli G (2017) Tor traffic analysis and detection via machine learning techniques. In: IEEE international conference on big data (big data). pp 4474–4480
Habibi Lashkari A, Draper Gil G, Mamun M, Ghorbani A (2017) Characterization of tor traffic using time based features. In: Proceedings of the 3rd international conference on information systems security and privacy—ICISSP. pp 253–262. ISBN 978-989-758-209-7; ISSN 2184-4356
Mercaldo F, Martinelli F (2017) Tor traffic analysis and identification. In: AEIT international annual conference. pp 1–6
Shahbar K, Zincir-Heywood AN (2014) Benchmarking two techniques for tor classification: flow level and circuit level classification. In: IEEE symposium on computational intelligence in cyber security (CICS). pp 1–8
Montieri A, Ciuonzo D, Aceto G, Pescapé A (2018) Anonymity services tor, I2P, JonDonym: classifying in the dark (web). IEEE Trans Dependable Secure Comput. https://doi.org/10.1109/TDSC.2018.2804394
Barker J, Hannay P, Szewczyk P (2011) Using traffic analysis to identify the second generation onion router. In: IFIP 9th international conference on embedded and ubiquitous computing. pp 72–78
Shen S, Gao J, Wu A (2018) Weakness identification and flow analysis based on tor network. In: Proceedings of the 8th international conference on communication and network security (ICCNS 2018). Association for Computing Machinery, New York, NY, USA, pp 90–94
Nasr M, Bahramali A, Houmansadr A (2018) DeepCorr: strong flow correlation attacks on tor using deep learning. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security (CCS '18). Association for Computing Machinery, New York, NY, USA, pp 1962–1976
https://www.dan.me.uk/tornodes. Last Accessed 21 Nov 2022
Ling Z, Luo J, Yu W, Yang M, Fu X (2015) Tor bridge discovery: extensive analysis and large-scale empirical evaluation. IEEE Trans Parallel Distrib Syst 26(07):1887–1899
Almubayed A, Hadi A, Atoum J (2015) A model for detecting tor encrypted traffic using supervised machine learning. Int J Comput Network Inf Secur. https://doi.org/10.5815/ijcnis.2015.07.02
Saputra FA, Nadhori IU, Barry BF (2016) Detecting and blocking onion router traffic using deep packet inspection. In: International electronics symposium (IES). pp 283–288
Matic S, Troncoso C, Caballero J (2017) Dissecting tor bridges: a security evaluation of their private and public infrastructures. https://doi.org/10.14722/ndss.2017.23345
Vlajic N, Madani P, Nguyen E (2017) Anonymity of tor users demystified. In: International conference on computational science and computational intelligence (CSCI). pp 109–114
Mohaisen A, Ren K (2017) Leakage of. onion at the DNS root: measurements, causes, and countermeasures. IEEE/ACM Trans Networking 25(5):3059–3072
Lapshichyov V, Makarevich O (2019) TLS certificate as a sign of establishing a connection with the network tor. In: Proceedings of the 12th international conference on security of information and networks (SIN '19). Association for Computing Machinery, New York, NY, USA, Article 14, pp 1–6
Dixon L, Ristenpart T, Shrimpton T (2016) Network traffic obfuscation and automated internet censorship. In: IEEE security and privacy, vol 14, no 6. pp 43–53
Shahbar K, Zincir-Heywood AN (2015) Traffic flow analysis of tor pluggable transports. In: 11th international conference on network and service management (CNSM), Barcelona, pp 178–181
Yao Z et al (2018) Meek-based tor traffic identification with hidden Markov model. In: IEEE 20th international conference on high performance computing and communications; IEEE 16th international conference on smart city; IEEE 4th international conference on data science and systems (HPCC/SmartCity/DSS), Exeter, United Kingdom, pp 335–340
https://netresec.com/?b=13400BE. Last accessed 21 Nov 2022
He Y, Hu L, Gao R (2019) Detection of tor traffic hiding under Obfs4 protocol based on two-level filtering. In: 2nd international conference on data intelligence and security (ICDIS), South Padre Island, TX, USA, pp 195–200
Shahbar K, Zincir-Heywood AN An analysis of tor pluggable transports under adversarial conditions. In: IEEE symposium series on computational intelligence (SSCI), Honolulu, HI. pp 1–7
Wang L, Dyer KP, Akella A, Ristenpart T, Shrimpton T (2015) Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (CCS '15). Association for Computing Machinery, New York, NY, USA, pp 57–69
Berenjestanaki MH, Akhaee M (2018) Application detection in anonymous communication networks. In: Proceedings of the central European cybersecurity conference. Association for Computing Machinery, New York, NY, USA, Article 12, pp 1–5
Mohajeri Moghaddam H, Li B, Derakhshani M, Goldberg I (2012) SkypeMorph: protocol obfuscation for tor bridges. In: Proceedings of the 2012 ACM conference on computer and communications security (CCS '12). Association for Computing Machinery, New York, NY, USA, pp 97–108
Weinberg Z, Wang J, Yegneswaran V, Briesemeister L, Cheung S, Wang F, Boneh D (2012) StegoTorus: a camouflage proxy for the tor anonymity system. In: Proceedings of the ACM conference on computer and communications security (CCS '12). Association for Computing Machinery, New York, NY, USA, pp 109–120
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Joshi, P.S., Dinesha, H.A. (2023). Study Report of Tor Antiforensic Techniques. In: Kumar, A., Ghinea, G., Merugu, S. (eds) Proceedings of the 2nd International Conference on Cognitive and Intelligent Computing. ICCIC 2022. Cognitive Science and Technology. Springer, Singapore. https://doi.org/10.1007/978-981-99-2742-5_9
Download citation
DOI: https://doi.org/10.1007/978-981-99-2742-5_9
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-2741-8
Online ISBN: 978-981-99-2742-5
eBook Packages: Computer ScienceComputer Science (R0)