A Dive into the Dark Web: Hierarchical Traffic Classification of Anonymity Tools Antonio Montieri1, Domenico Ciuonzo2, Valerio Persico1,2, Antonio Pescapé1,2 1University of Napoli “Federico II” (Italy), 2NM2 srl (Italy) {antonio.montieri, valerio.persico, pescape}@unina.it,
[email protected]
Anonymity Tools Traffic Classification Anonymity Tools (ATs)
Proposed Approach
Traffic Classification of ATs
ATs are employed by Internet users
Hierarchical Classification Framework
to achieve privacy by hiding
Associating traffic objects with the
✓ communication content and nature
specific anonymity tool generating them
✓ source and destination identity
✓ provides hints on their effectiveness
✓ Machine Learning classifiers arranged in a tree fashion ✓ “Divide-et-impera” approach
✓ enforces informed policies
✓Scalability enhancement
✓ prevents unwanted user-actions
✓Per-node tuning and performance
Hierarchical Classification Framework for Anonymity Tools Traffic Hierarchical Classification Framework
Design Choices ✓ Classification Levels [1] ✓ Anonymous Network → L1 - 3 classes ✓ Traffic Type → L2 - 7 classes ✓ Application → L3 - 21 classes ✓ Classification Algorithms [2] ✓ Decision Trees → RF & C4.5 ✓ Bayesian Family → NB_SD & BN_TAN ✓ Feature Sets [1] ✓ Flow-based → 74 statistics ✓ Early-based → (PL, IAT) of the first 𝐾 packets ✓ Non-Mandatory Node Prediction → “Reject Option” Adoption
Preliminary Experimental Results Improvement with Hierarchical Framework
Per-node Performance Breakdown
Each node is optimized in terms of number of features and classifier type
RF is the best classifier for each node except BN_TAN for TorApp node
F-measure gains • L2 → +1.51% • L3 → +4.42%
Significant degradation at L3 for I2PApp80BW • Accuracy → 48.94% • F-measure → 48.90%
Fine-grained Performance
Performance with Reject Option
From Flat to Hierarchical
[1] K. Shahbar and A. N. Zincir-Heywood, “Packet momentum for identification of anonymity networks,” Journal of Cyber Security and Mobility, vol. 6, no. 1, pp. 27–56, 2017. [2] A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, “Anonymity services Tor, I2P, JonDonym: Classifying in the dark (web),” EEE Trans. Depend. Sec. Comput., pp. 1–1, 2018.