Dp 552 en
Detection of P2P and anonymity networks
Author: Fikar Ondřej
In this thesis we propose a method for detection of Tor traffic inside computer networks. Traditional machine learning approaches, for example the SVM classifier, are not able to find features distinctive enough to identify Tor and the obtained results contain a large number of false positives. We analyse common traits of anonymity tools to find non-standard features which could be used for their identification and conclude that hosts participating in Tor and potentially other anonymity networks may be linked on the basis of a high number of their mutual contacts. Thus we employ graph theory and complement the original classification algorithm with community discovery. We evaluate the method on real network data and find it is able to identify hosts serving as Tor relays with high precision and acceptable recall. The analysis of Tor together with a survey of other anonymity tools is also included in the thesis. The thesis also contains a summary of relevant aspects of machine learning and graph theory.
- Ondřej Fikar