Convergence Security Journal (융합보안논문지)

Korea convergence Security Association (한국융합보안학회)
권호 표지
DOI QR코드

DOI QR Code

Classification of Tor network traffic using CNN

CNN을 활용한 Tor 네트워크 트래픽 분류

  • 임형석 (국방대학교 국방과학학과) ;
  • 이수진 (국방대학교 국방과학학과)
  • Received : 2021.08.27
  • Accepted : 2021.09.28
  • Published : 2021.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

Tor, known as Onion Router, guarantees strong anonymity. For this reason, Tor is actively used not only for criminal activities but also for hacking attempts such as rapid port scan and the ex-filtration of stolen credentials. Therefore, fast and accurate detection of Tor traffic is critical to prevent the crime attempts in advance and secure the organization's information system. This paper proposes a novel classification model that can detect Tor traffic and classify the traffic types based on CNN(Convolutional Neural Network). We use UNB Tor 2016 Dataset to evaluate the performance of our model. The experimental results show that the accuracy is 99.98% and 97.27% in binary classification and multiclass classification respectively.

Onion Router라고 알려진 Tor는 강한 익명성을 보장하기 때문에 각종 범죄행위뿐만 아니라 신속한 포트 검색 및 인증정보의 외부 유출 등 해킹 시도에도 활발하게 이용되고 있다. 따라서 범죄 시도를 조기에 차단하고 해킹으로부터 조직의 정보시스템을 안전하게 보호하기 위해서는 Tor 트래픽의 빠르고 정확한 탐지가 상당히 중요하다. 이에 본 논문에서는 CNN(Convolutional Neural Network)을 기반으로 Tor 트래픽을 탐지하고 트래픽의 유형을 분류하는 분류모델을 제안한다. 제안하는 분류모델의 성능 검증에는 UNB Tor 2016 데이터세트가 사용되었다. 실험을 진행한 결과, 제안하는 접근방법은 Tor 및 Non-Tor 트패픽을 탐지하는 이진분류에서는 99.98%, Tor 트래픽의 유형을 구분하는 다중분류에서는 97.27%의 정확도를 보여주었다.

Keywords

References

  1. A. Gupta, S. B. Maynard, and A. Ahmad, "The Dark Web Phenomenon: A Review and Research Agenda", ACIS 2019 Proceedings, 1, 2019.
  2. Kristin Finklea, "Dark Web", U. S. Congressional Research Service Report, 2017. 3.
  3. S. Kaur and S. Randhawa, "Dark Web: A Web of Crimes", Wireless Personal Communications, Vol. 112, 2020.
  4. K. Rathod, and H. Suthar, "Traffic Analysis and Relay Finding in Tor Survey", Multidisciplinary International Research Journal of Gujarat Technological University, Vol. 2, No. 1, pp. 34-43, 2020.
  5. L. Basyoni, N. Fetais, A. Erbad, A. Mohamed, and M. Guizani, "Traffic analysis attacks on Tor: a survey", 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT), pp. 183-188, 2020
  6. AhnLab, "ASEC REPORT VOL. 50", https://www.ahnlab.com/kr/site/securityinfo/asec/asecReportList.do, 검색일: 2020. 8. 5, pp.1-25, 2014.
  7. D. Moore, and T. Rid, "Cryptopolitik and the Darknet", Survival, Vol.58, no.1, pp.20-25, 2016.
  8. Z. Cao, G. Xiong, Y. Zhao, Z. Li, and l. Guo, "A Survey on Encrypted Traffic Classification", International Conference on Applications and Techniques in Information Security, pp. 73-81, 2014.
  9. Y. Shin, and S. Shin, "An Empirical Study on Massive Forensic Services", Internet and Information Security, Vol.1, No.4, pp. 83-100, 2010.
  10. M. Kim, "Limitations and Improvements of Adoption Criteria for Digital Forensic Evidence", Convergence Security Journal, Vol.18, No.4, pp. 36-43, 2018.
  11. T. Wang, and I. Goldberg, "Improved website fingerprinting on tor", Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pp. 201-202, 2013.
  12. V. Rimmer, D. preuveneers, M. Juarez, T. Van Goethem, and W. Joosen, "Automated Website Fingerprinting through Deep Learning", arXiv preprint arXiv:1708.06376, pp. 1-15, 2017.
  13. H. Oh, D. Hwang, and W. Kim, "Traffic Sequence Vectorization and Ensemble Algorithm Classification for Tor Website Fingerprinting", Journal of The Institute of Electronics and Information Engineers Vol. 57, No. 5, pp. 59-61, 2020.
  14. A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, "Anonymity Services Tor, I2P, JonDonym: Classifying the Dark (Web)", IEEE Transactions on Dependable and Secure Computing, Vol.17, No.3, pp. 1-14, 2018.
  15. A. Lashkari, H. Draper-Gil, M. S. I. Mamun, and A. Ali, "Characterization of Tor Traffic using Time based Features", International Conference on Information Systems, Security and Privacy(ICISSp), pp. 253-263, 2017.
  16. A. Panchenko, F. Lanze, J. Pennekamp, T. Engel, A. Zinnen, M. Henze, and K. Wehrle, "Website Fingerprinting at Internet Scale", Network and Distributed System Security Symposium(NDSS), pp. 1-15, 2016.
  17. M. Kim, and A. Anpalagan, "Tor Traffic Classification from Raw Packet Header using Convolutional Neural Network", 2018 1st IEEE International Conference on Knowledge Innovation and Invention(ICKII), pp. 187-190, 2018.
  18. University of New Brunswick, "Tor-nonTor dataset (ISCXTor2016)", https://www.unb.ca/cic/datasets/andmal2017.html, 2016.(검색일 : 2020. 7. 5)
  19. V. Nair, and G. E. Hinton, "Rectified Linear Units Improve Restricted Boltzmann Machines", International Conference on Machine Learning (ICML), pp. 807-814, 2010.
  20. Kingma, P. Diederik, and Jimmy Ba, "Adam: A Method For Stochastic Optimization", arXiv preprint arXiv:1412.6980, pp. 1-15, 2015.