Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Pub Date : 2020-12-01 DOI:10.1109/TrustCom50675.2020.00064

Yuzong Hu, Futai Zou, Linsen Li, P. Yi

{"title":"Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet","authors":"Yuzong Hu, Futai Zou, Linsen Li, P. Yi","doi":"10.1109/TrustCom50675.2020.00064","DOIUrl":null,"url":null,"abstract":"In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"121 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom50675.2020.00064","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

In recent years, more and more anonymous network have been developed. Since user's identity is difficult to trace in anonymous networks, many illegal activities are carried out in darknet. In this paper, we propose a hierarchical classifier of darknet traffic which can distinguish four types of darknet(Tor, I2P, ZeroNet, Freenet) and 25 darknet users' behavior. Due to the lack of public datasets, we deployed a darknet data probe that can capture real darknet traffic in Tor, I2P, ZeroNet, Freenet. After collecting and labeling darknet traffic, we extract 26 time-based flow features that can represent the characteristics of darknet traffic and train a hierarchical classifier constructed by 6 local classifiers. Results show that the classifier can easily distinguish Tor, I2P, ZeroNet, Freenet four kinds of darknet clients with an accuracy of 96.9% and identify 8 kinds of user behaviors for each type of darknet with an accuracy of 91.6% on average. With the help of this hierarchical classification method, darknet user behaviors can be accurately distinguished at the traffic exit.

查看原文本刊更多论文

Tor、I2P、ZeroNet、Freenet中用户行为的流量分类

近年来，匿名网络得到了越来越多的发展。由于匿名网络中用户身份难以追踪，许多非法活动在暗网上进行。本文提出了一种能够区分Tor、I2P、ZeroNet、Freenet四种暗网类型和25个暗网用户行为的分级暗网流量分类器。由于缺乏公共数据集，我们部署了一个暗网数据探测器，可以捕获Tor, I2P, ZeroNet, Freenet中的真实暗网流量。在对暗网流量进行收集和标记后，我们提取了26个能够代表暗网流量特征的基于时间的流量特征，并训练了一个由6个局部分类器构建的分层分类器。结果表明，该分类器能够轻松区分Tor、I2P、ZeroNet、Freenet四种暗网客户端，准确率达96.9%，识别出每种暗网8种用户行为，平均准确率为91.6%。利用这种分层分类方法，可以在流量出口准确区分暗网用户行为。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

自引率

0.00%

发文量