On the effectiveness of traffic analysis against anonymity networks using flow records

Sambuddho Chakravarty, Marco V. Barbera, Georgios Portokalidis, Michalis Polychronakis, Angelos D. Keromytis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

41 Scopus citations

Abstract

We investigate the feasibility of mounting a de-anonymization attack against Tor and similar low-latency anonymous communication systems by using NetFlow records. Previous research has shown that adversaries with the ability to eavesdrop in real time at a few internet exchange points can effectively monitor a significant part of the network paths from Tor nodes to destination servers. However, the capacity of current networks makes packet-level monitoring at such a scale quite challenging. We hypothesize that adversaries could use less accurate but readily available monitoring facilities, such as Cisco's NetFlow, to mount large-scale traffic analysis attacks. In this paper, we assess the feasibility and effectiveness of traffic analysis attacks against Tor using NetFlow data. We present an active traffic analysis technique based on perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing and data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of 81.6% for the real-world experiments with a false positive rate of 5.5%.

Original languageEnglish
Title of host publicationPassive and Active Measurement - 15th International Conference, PAM 2014, Proceedings
Pages247-257
Number of pages11
DOIs
StatePublished - 2014
Event15th International Conference on Passive and Active Measurement, PAM 2014 - Los Angeles, CA, United States
Duration: 10 Mar 201411 Mar 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8362 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Passive and Active Measurement, PAM 2014
Country/TerritoryUnited States
CityLos Angeles, CA
Period10/03/1411/03/14

Fingerprint

Dive into the research topics of 'On the effectiveness of traffic analysis against anonymity networks using flow records'. Together they form a unique fingerprint.

Cite this