Anonymous Traffic Detection and Identification

Abstract

Nowadays, anonymous communication technology attracts a lot of attention because it can hide identity information to achieve secure communication. Invisible Internet Project (I2P) and The Onion Router (TOR) are the most widely used open-source anonymous communication tools. Based on the analysis of the implementation mechanism of I2P and TOR anonymous service, this paper aims to identify the use of this kind of traffic through the DPI’’ Deep Packet Inspection’’ method, in order to obtain the lowest level of false positives for the detection and identification of anonymous network traffic. An experimental study using Snort’’ Network Intrusion Detection System (NIDS)’’ allowed us to detect the use of Tor/I2P networks based on a fingerprint database based on a set of Snort rules were developed as a proof-of-concept for the proposed I2P and Tor detection approach.