A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning

Almubayed, Alaeddin; Hadi, Ali; Atoum, Jalal Omer

doi:10.5815/ijcnis.2015.07.02

Cited by 18 publications

(8 citation statements)

References 16 publications

(1 reference statement)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is a passive method to locate obsolete botnets and fails to investigate dynamic fast-flux botnets based on sophisticated techniques. Almubayed et al [28] presented a very interesting method to extract several features from the encrypted traffic of the Tor network. These features are appropriate and can classify the Tor traffic with very high accuracy.…”

Section: Literature Reviewmentioning

confidence: 99%

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Demertzis

Tziritas

Kikiras

et al. 2019

BDCC

View full text Add to dashboard Cite

A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization’s security posture on an ongoing basis. The SOC staff works closely with incident response teams, security analysts, network engineers and organization managers using sophisticated data processing technologies such as security analytics, threat intelligence, and asset criticality to ensure security issues are detected, analyzed and finally addressed quickly. Those techniques are part of a reactive security strategy because they rely on the human factor, experience and the judgment of security experts, using supplementary technology to evaluate the risk impact and minimize the attack surface. This study suggests an active security strategy that adopts a vigorous method including ingenuity, data analysis, processing and decision-making support to face various cyber hazards. Specifically, the paper introduces a novel intelligence driven cognitive computing SOC that is based exclusively on progressive fully automatic procedures. The proposed λ-Architecture Network Flow Forensics Framework (λ-ΝF3) is an efficient cybersecurity defense framework against adversarial attacks. It implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. Specifically, it uses an Extreme Learning Machine neural network with Gaussian Radial Basis Function kernel (ELM/GRBFk) for the batch data analysis and a Self-Adjusting Memory k-Nearest Neighbors classifier (SAM/k-NN) to examine patterns from real-time streams. It is a forensics tool for big data that can enhance the automate defense strategies of SOCs to effectively respond to the threats their environments face.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Demertzis

Tziritas

Kikiras

et al. 2019

BDCC

View full text Add to dashboard Cite

show abstract

“…Holz et al [41] investigated a precise method to trace botnets. Almubayed et al [42] presented a method that measures the performance of several algorithms to identify the encrypted traffic in a network. Chaabane et al [43] described an in-depth study about HTTP, BitTorrent and Tor traffic and a method to identify these protocols from user's behavior.…”

Section: Related Workmentioning

confidence: 99%

The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence

Demertzis

Kikiras

Tziritas

et al. 2018

BDCC

View full text Add to dashboard Cite

A Security Operations Center (SOC) can be defined as an organized and highly skilled team that uses advanced computer forensics tools to prevent, detect and respond to cybersecurity incidents of an organization. The fundamental aspects of an effective SOC is related to the ability to examine and analyze the vast number of data flows and to correlate several other types of events from a cybersecurity perception. The supervision and categorization of network flow is an essential process not only for the scheduling, management, and regulation of the network's services, but also for attacks identification and for the consequent forensics' investigations. A serious potential disadvantage of the traditional software solutions used today for computer network monitoring, and specifically for the instances of effective categorization of the encrypted or obfuscated network flow, which enforces the rebuilding of messages packets in sophisticated underlying protocols, is the requirements of computational resources. In addition, an additional significant inability of these software packages is they create high false positive rates because they are deprived of accurate predicting mechanisms. For all the reasons above, in most cases, the traditional software fails completely to recognize unidentified vulnerabilities and zero-day exploitations. This paper proposes a novel intelligence driven Network Flow Forensics Framework (NF3) which uses low utilization of computing power and resources, for the Next Generation Cognitive Computing SOC (NGC2SOC) that rely solely on advanced fully automated intelligence methods. It is an effective and accurate Ensemble Machine Learning forensics tool to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification.

show abstract

“…Based on local network observer of Tor traffic dataset, [43] has analysed and found that standard HTTPS traffic (related to top monitored sites on Alexa) and Tor network has variations that could be classified using the machine learning technique. The authors generate traffic using virtual machines with two different instances.…”

Section: A Traffic Classification On Tormentioning

confidence: 99%

“…The identification process uses supervised classification based on traffic flows features. Similar to others Tor network classification [35] and [43], the chosen attributes are 23 including flow duration, flow bytes per second, flow interarrival time and flow active time. This study had been carried out on six machine algorithms with the most accurate result is J48 (C4.5) approach.…”

Section: A Traffic Classification On Tormentioning

confidence: 99%

A Survey on Tor Encrypted Traffic Monitoring

Aminuddin¹,

Zaaba²,

Singh³

et al. 2018

ijacsa

View full text Add to dashboard Cite

Tor (The Onion Router) is an anonymity tool that is widely used worldwide. Tor protect its user privacy against surveillance and censorship using strong encryption and obfuscation techniques which makes it extremely difficult to monitor and identify users' activity on the Tor network. It also implements strong defense to protect the users against traffic features extraction and website fingerprinting. However, the strong anonymity also became the heaven for criminal to avoid network tracing. Therefore, numerous of research has been performed on encrypted traffic analyzing and classification using machine learning techniques. This paper presents survey on existing approaches for classification of Tor and other encrypted traffic. There is preliminary discussion on machine learning approaches and Tor network. Next, there are comparison of the surveyed traffic classification and discussion on their classification properties.

show abstract

A Model for Detecting Tor Encrypted Traffic using Supervised Machine Learning

Cited by 18 publications

References 16 publications

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

The Next Generation Cognitive Security Operations Center: Network Flow Forensics Using Cybersecurity Intelligence

A Survey on Tor Encrypted Traffic Monitoring

Contact Info

Product

Resources

About