Paper Info
Title
On the Effectiveness of Traffic Analysis against Anonymity Networks Using Flow Records
Abstract
We investigate the feasibility of mounting a de-anonymization attack against Tor and similar low-latency anonymous communication systems by using NetFlow records. Previous research has shown that adversaries with the ability to eavesdrop in real time at a few internet exchange points can effectively monitor a significant part of the network paths from Tor nodes to destination servers. However, the capacity of current networks makes packet-level monitoring at such a scale quite challenging. We hypothesize that adversaries could use less accurate but readily available monitoring facilities, such as Cisco's NetFlow, to mount large-scale traffic analysis attacks. In this paper, we assess the feasibility and effectiveness of traffic analysis attacks against Tor using NetFlow data. We present an active traffic analysis technique based on perturbing the characteristics of user traffic at the server side, and observing a similar perturbation at the client side through statistical correlation. We evaluate the accuracy of our method using both in-lab testing and data gathered from a public Tor relay serving hundreds of users. Our method revealed the actual sources of anonymous traffic with 100% accuracy for the in-lab tests, and achieved an overall accuracy of 81.6% for the real-world experiments with a false positive rate of 5.5%.
Year
DOI
Venue
2014
10.1007/978-3-319-04918-2_24
PAM
Field
DocType
Citations 
Server-side,Client-side,Traffic analysis,Internet exchange point,Computer science,NetFlow,Server,Communications system,Computer network,Real-time computing,Anonymity
Conference
10
PageRank 
References 
Authors
0.58
25
5
Name
Order
Citations
PageRank
Sambuddho Chakravarty1412.62
Marco Valerio Barbera21788.78
Georgios Portokalidis386944.10
Michalis Polychronakis4128379.50
Angelos D. Keromytis54678385.02