%0 Conference Paper %1 Montieri.2017 %A Montieri, Antonio %A Aceto, Giuseppe %A Ciuonzo, Domenico %A Pescapé, Antonio %B 29th International Teletraffic Congress (ITC 29) %C Genoa, Italy %D 2017 %K itc itc29 %T Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark %U https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc29/Montieri.2017.pdf?inline=true %X Traffic classification, i.e. associating network traffic to the application that generated it, is an important tool for several tasks, spanning on different fields (security, management, traffic engineering, R&D). This process is challenged by applications that preserve Internet users' privacy by encrypting the communication content, and even more by anonymity tools, additionally hiding the source, the destination, and the nature of the communication. In this paper, leveraging a public data set released in 2017, we provide classification results with the aim of investigating to what degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of the other considered anonymity tools, using machine learning approaches based on the sole statistical features. To this end, four classifiers are trained and tested on the dataset: (i) Naive Bayes, (ii) Bayesian Network, (iii) C4.5, and (iv) Random Forests. Results show that the three anonymity tools (Tor, I2P, JonDonym) can be easily distinguished (accuracy 99.99%), and even the specific kind of traffic they carry (e.g., web browsing, chat, video, etc.) can be inferred (accuracy 98.25%). By providing an in-depth analysis of the aforementioned dataset and a detailed description of the present study, we foster repeatability and further research on anonymity tools traffic classification.

@inproceedings{Montieri.2017, abstract = {Traffic classification, i.e. associating network traffic to the application that generated it, is an important tool for several tasks, spanning on different fields (security, management, traffic engineering, R&D). This process is challenged by applications that preserve Internet users' privacy by encrypting the communication content, and even more by anonymity tools, additionally hiding the source, the destination, and the nature of the communication. In this paper, leveraging a public data set released in 2017, we provide classification results with the aim of investigating to what degree the specific anonymity tool (and the traffic it hides) can be identified, when compared to the traffic of the other considered anonymity tools, using machine learning approaches based on the sole statistical features. To this end, four classifiers are trained and tested on the dataset: (i) Naive Bayes, (ii) Bayesian Network, (iii) C4.5, and (iv) Random Forests. Results show that the three anonymity tools (Tor, I2P, JonDonym) can be easily distinguished (accuracy 99.99%), and even the specific kind of traffic they carry (e.g., web browsing, chat, video, etc.) can be inferred (accuracy 98.25%). By providing an in-depth analysis of the aforementioned dataset and a detailed description of the present study, we foster repeatability and further research on anonymity tools traffic classification.}, added-at = {2020-04-29T16:57:37.000+0200}, address = {Genoa, Italy}, author = {Montieri, Antonio and Aceto, Giuseppe and Ciuonzo, Domenico and Pescapé, Antonio}, biburl = {https://www.bibsonomy.org/bibtex/23b00bcdb772352f9a160ba80eee126f6/itc}, booktitle = {29th International Teletraffic Congress (ITC 29)}, interhash = {c7b0735d264a435a0f009901a51f38f1}, intrahash = {3b00bcdb772352f9a160ba80eee126f6}, keywords = {itc itc29}, timestamp = {2020-04-30T18:18:14.000+0200}, title = {Anonymity Services Tor, I2P, JonDonym: Classifying in the Dark}, url = {https://gitlab2.informatik.uni-wuerzburg.de/itc-conference/itc-conference-public/-/raw/master/itc29/Montieri.2017.pdf?inline=true}, year = 2017 }