Title :
Per Connection Server-Side Identification of Connections via Tor
Author :
Springall, Andrew ; DeVito, Christopher ; Huang, Shou-Hsuan Stephen
Author_Institution :
Comput. Sci. & Eng., Univ. of Michigan, Ann Arbor, MI, USA
Abstract :
This paper presents two new and novel methods to separate network connections between those that have originated behind the Tor network and those that have not. Our methods identify Tor inbound connections through the use of two distinct timing signatures, delay and round-trip time, that can be used to create effective metrics. In order to evaluate our methods´ ability to correctly identify Tor connections, we present the results of two small-scale experiments, one testing performance with HTTP traffic and the other testing SSH. These experiments resulted in very high accuracy rates (100% and 98.99% respectively) when partitioning network connections into Tor and non-Tor originating connections. Through the use of our techniques, we believe that inbound connections that have traversed the Tor network can be identified on a per-connection basis rather than the current per-IP basis.
Keywords :
computer network security; HTTP traffic; SSH; Tor inbound connections; Tor network; computer security; connection server-side identification; intrusion detection; the onion router; Browsers; Cryptography; Delays; IP networks; Protocols; Relays; Servers; HTTP; Intrusion detection; SSH; Tor; computer security; stepping-stone;
Conference_Titel :
Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on
Conference_Location :
Gwangiu
Print_ISBN :
978-1-4799-7904-2
DOI :
10.1109/AINA.2015.260
