Tor traffic analysis and detection via machine learning techniques

Tor is an anonymous Internet communication system based on the second generation of onion routing network protocol. Using Tor is really difficult to trace the users Internet activity: this is the reason why the usage of Tor is intended in order to protect the privacy of users, their freedom and the ability to conduct confidential communications without being monitored. Tor is even more used by cyber-criminals in order to cover their illegal activities: the Tor community has observed, for instance an alarming increase in the number of malware that abuse of the popular anonymizing network to hide their command and control infrastructures. In this paper we present a technique able to identify whether an host is generating Tor-related traffic. We resort to well-known machine learning algorithms in order to evaluate the effectiveness of the proposed feature set in a real world environment. In addition we demonstrate that the proposed method is able to recognize the kind of activity (e.g., email or P2P applications) the user under analysis is doing on the Tor network.