Authors - Krishan Pal Singh, Emmanuel S. Pilli, Vijay laxmi Abstract - Tor network provides anonymity and privacy to online users. Hence, analyzing Tor traffic to identify applications and services, especially when encrypted tunnels and pluggable transports are used, remains a significant challenge. This paper presents a novel framework for identifying obfuscation techniques by analyzing their unique traffic characteristics, such as packet sizes, inter-arrival times, byte sizes, and byte frequencies. A custom-built network traffic collection environment is established to evaluate the proposed framework. A large Tor traffic dataset is created that contains Obfs4 and Snowflake Plugin traffic, ensuring realistic user behavior simulation utilizing modified Tor browser configurations. The framework leverages a combination of statistical analysis of encrypted payloads, examines timing sequences during authentication, and packet length filtering. The Traffic data is evaluated on diverse deep learning models, such as Neural Networks, Adaboost, and XGBoost, achieving high accuracy rates (95% to 98%) across different Tor plugins. The proposed framework demonstrates robustness with low false positive rates. It is also adaptable to new Tor obfuscation techniques such as Obfs4 and Snowflake. The research findings highlight the importance of using up-to-date and diverse datasets to train effective Tor plugin identification models, with potential applications for improving Tor network security.
Open Zoom
