Title :
TorWard: Discovery of malicious traffic over Tor
Author :
Zhen Ling ; Junzhou Luo ; Kui Wu ; Wei Yu ; Xinwen Fu
Author_Institution :
Southeast Univ., Nanjing, China
fDate :
April 27 2014-May 2 2014
Abstract :
Tor is a popular low-latency anonymous communication system. However, it is currently abused in various ways. Tor exit routers are frequently troubled by administrative and legal complaints. To gain an insight into such abuse, we design and implement a novel system, TorWard, for the discovery and systematic study of malicious traffic over Tor. The system can avoid legal and administrative complaints and allows the investigation to be performed in a sensitive environment such as a university campus. An IDS (Intrusion Detection System) is used to discover and classify malicious traffic. We performed comprehensive analysis and extensive real-world experiments to validate the feasibility and effectiveness of TorWard. Our data shows that around 10% Tor traffic can trigger IDS alerts. Malicious traffic includes P2P traffic, malware traffic (e.g., botnet traffic), DoS (Denial-of-Service) attack traffic, spam, and others. Around 200 known malware have been identified. To the best of our knowledge, we are the first to perform malicious traffic categorization over Tor.
Keywords :
computer network security; peer-to-peer computing; telecommunication network routing; telecommunication traffic; DoS; IDS; IDS alerts; P2P traffic; Tor exit routers; denial-of-service attack traffic; intrusion detection system; low-latency anonymous communication system; malicious traffic categorization; malicious traffic discovery; spam; Bandwidth; Computers; Logic gates; Malware; Mobile handsets; Ports (Computers); Servers; Intrusion Detection System; Malicious Traffic; Tor;
Conference_Titel :
INFOCOM, 2014 Proceedings IEEE
Conference_Location :
Toronto, ON
DOI :
10.1109/INFOCOM.2014.6848074
