DeepCorr

Nasr, Milad; Bahramali, Alireza; Houmansadr, Amir

doi:10.1145/3243734.3243824

Cited by 101 publications

(58 citation statements)

References 71 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Active correlation attacks usually refer to the artificial implementation of interference factors including watermarks 4 and traffic replay 6 on hijacked flow with less disturbed observation effect by the environment, and lack concealment measures. Passive correlation attacks, 8–10 a mainstream in current research areas, have simple deployment and significant attack performance. The attacker only observes and counts the two‐way flow at a fixed location and then imports traffic data to the background for granularity analysis.…”

Section: Related Workmentioning

confidence: 99%

“…In the case of unreliable network transmission conditions or encrypted flow generated by small targets such as P2P, Web browsing, file transfer protocol (FTP), and instant messaging (IM), 9 a large‐scale flow sequence comparison is required to reach a high accuracy rate. If an attack model encounters a small target similar to the descriptor publishing flow, the probability of a high false‐positive rate will be increased, 10 greatly obstructing the ideal attack benefits. The DeepCorr attack system designed by Nasr et al 10 broke through the traditional statistical measurement method, which relied on the flow correlation function for Tor.…”

Section: Related Workmentioning

confidence: 99%

“…Flow correlation attack 7–11 is an attack technology that conducts a targeted analysis of encrypted flow. The attacker needs to observe the two‐way encrypted flow on the entry and exit sides to apply the identification model for flow correlation.…”

Section: Introductionmentioning

confidence: 99%

“…The difficulty in implementing traditional correlation attacks 3,10–12 is to control the entry and exit positions of the circuit. In the context of the HS descriptor publishing, the exit side is replaced by an autonomously controlled hidden service directory server (HSDir).…”

Section: Introductionmentioning

confidence: 99%

“…The size leads to deviations between the descriptor publishing flow sequences. Using the traditional correlation attack model, 7,10 it is impossible to accurately capture the deviations between sequences in a short period of time. This is because it lacks accurate positioning of target sequences scattered within the communication flow, and the recognition sensitivity of the small targets is also low.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Hidden service publishing flow homology comparison using profile‐hidden markov model

Meng¹,

Fei²

2021

Int J of Intelligent Sys

View full text Add to dashboard Cite

In recent years, web servers pay attention to privacy and anonymity protection and choose to rely on hidden service to avoid exposure of the real geographic locations. Several studies have confirmed that hidden service is vulnerable to flow correlation attacks, specifically, the attacker has the ability to synchronize the behavior of both sides of the communication after observing the flow for an extended period of time. However, since hidden service publish descriptor flow is transient behavioral traffic, automatically capturing and analyzing publish flow becomes a challenge. In this paper, our focus is the intelligent identification of the descriptor publishing flow. We propose a model for the descriptor publishing flow correlation attack (DPFCA). The model resolves the complex relationship between the circuit establishment flow and the publishing flow, and is able to intelligently process the sequence identification and content classification of the descriptor correlation flow of the existing version and tags. It is worth mentioning that the DPFCA is based on the automated homology comparison of the profile‐hidden Markov model (PHMM). The descriptor publishing flow is converted to an amino symbol sequence and then compare with the known homologous sequence group in the library of Profile. The experimental results show that our model can achieve higher performance in terms of accuracy and reliability of transient flow identification compared with the traditional flow correlation attack model.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Hidden service publishing flow homology comparison using profile‐hidden markov model

Meng¹,

Fei²

2021

Int J of Intelligent Sys

View full text Add to dashboard Cite

show abstract

DLchain: A Covert Channel over Blockchain Based on Dynamic Labels

Tian

Gou

Liu

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Actively Probing Routes for Tor AS-Level Adversaries with RIPE Atlas

Mayer

Merzdovnik

Weippl

2020

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Tor provides anonymity to millions of users around the globe, which has made it a valuable target for malicious actors. As a low-latency anonymity system, it is vulnerable to traffic correlation attacks from strong passive adversaries, such as large autonomous systems. Estimations of the risk posed by such attackers as well as the evaluation of defense strategies are mostly based on simulations and data retrieved from BGP updates. However, this might only provide an incomplete view of the network and thereby influence the results of such analyses. It has already been acknowledged in previous studies that direct path measurements, e.g. with traceroute, could provide valuable information. But in the past, such measurements were thought to be impossible, because they require the placement of measurement nodes in the same ASes as the respective Tor network nodes. With the rise of new technologies and methodologies, this assumption needs to be re-evaluated. In this paper we present a novel methodology to utilize the RIPE Atlas framework, a network of more than 10,000 probes worldwide, to actively perform traceroute commands from and to Tor guard and exit relays to clients and destinations. Based on multiple global scans our results validate previous results and show the large influence on Tor posed by a limited set of ASes. These are in a strong position to carry out effective correlation attacks on Tor traffic. With this work, we provide an additional source of information that can be used together with BGP route information to increase the accuracy of future models and simulations of Tor and ultimately improve anonymity on the Internet.

show abstract

DeepCorr

Cited by 101 publications

References 71 publications

Hidden service publishing flow homology comparison using profile‐hidden markov model

Hidden service publishing flow homology comparison using profile‐hidden markov model

DLchain: A Covert Channel over Blockchain Based on Dynamic Labels

Actively Probing Routes for Tor AS-Level Adversaries with RIPE Atlas

Contact Info

Product

Resources

About