FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling
Abstract Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor‐based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2023-07-01
|
| Series: | IET Information Security |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ise2.12118 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832558552118460416 |
|---|---|
| author | Liukun He Liangmin Wang Keyang Cheng Yifan Xu |
| author_facet | Liukun He Liangmin Wang Keyang Cheng Yifan Xu |
| author_sort | Liukun He |
| collection | DOAJ |
| description | Abstract Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor‐based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in classifying specific applications due to more complicated traffic patterns in the spatial and temporal dimensions. As a solution, the authors propose FlowMFD, a novel Tor‐based application traffic classification approach using amount‐frequency‐direction (MFD) chromatographic features and spatial‐temporal modelling. Expressly, FlowMFD mines the interaction pattern between Tor applications and servers by analysing the time series features (TSFs) of different size packets. Then MFD chromatographic features (MFDCF) are designed to represent the pattern. Those features integrate multiple low‐dimensional TSFs into a single plane and retain most pattern information. In addition, FlowMFD utilises a cascaded model with a two‐dimensional convolutional neural network (2D‐CNN) and a bidirectional gated recurrent unit to capture spatial‐temporal dependencies between MFDCF. The authors evaluate FlowMFD under the public ISCXTor2016 dataset and the self‐collected dataset, where we achieve an accuracy of 92.1% (4.2%↑) and 88.3% (4.5%↑), respectively, outperforming state‐of‐the‐art comparison methods. |
| format | Article |
| id | doaj-art-be696a70a7fd4147b0f60118582e0ad2 |
| institution | Kabale University |
| issn | 1751-8709 1751-8717 |
| language | English |
| publishDate | 2023-07-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Information Security |
| spelling | doaj-art-be696a70a7fd4147b0f60118582e0ad22025-02-03T01:32:08ZengWileyIET Information Security1751-87091751-87172023-07-0117459861510.1049/ise2.12118FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modellingLiukun He0Liangmin Wang1Keyang Cheng2Yifan Xu3School of Computer Science and Communication Engineering Jiangsu University Zhenjiang ChinaSchool of Cyber Science and Engineering Southeast University Nanjing ChinaSchool of Computer Science and Communication Engineering Jiangsu University Zhenjiang ChinaSchool of Cyber Science and Engineering Southeast University Nanjing ChinaAbstract Tor traffic tracking is valuable for combating cybercrime as it provides insights into the traffic active on the Tor network. Tor‐based application traffic classification is one of the tracking methods, which can effectively classify Tor application services. However, it is not effective in classifying specific applications due to more complicated traffic patterns in the spatial and temporal dimensions. As a solution, the authors propose FlowMFD, a novel Tor‐based application traffic classification approach using amount‐frequency‐direction (MFD) chromatographic features and spatial‐temporal modelling. Expressly, FlowMFD mines the interaction pattern between Tor applications and servers by analysing the time series features (TSFs) of different size packets. Then MFD chromatographic features (MFDCF) are designed to represent the pattern. Those features integrate multiple low‐dimensional TSFs into a single plane and retain most pattern information. In addition, FlowMFD utilises a cascaded model with a two‐dimensional convolutional neural network (2D‐CNN) and a bidirectional gated recurrent unit to capture spatial‐temporal dependencies between MFDCF. The authors evaluate FlowMFD under the public ISCXTor2016 dataset and the self‐collected dataset, where we achieve an accuracy of 92.1% (4.2%↑) and 88.3% (4.5%↑), respectively, outperforming state‐of‐the‐art comparison methods.https://doi.org/10.1049/ise2.12118computer network securitydata analysispattern classification |
| spellingShingle | Liukun He Liangmin Wang Keyang Cheng Yifan Xu FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling IET Information Security computer network security data analysis pattern classification |
| title | FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling |
| title_full | FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling |
| title_fullStr | FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling |
| title_full_unstemmed | FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling |
| title_short | FlowMFD: Characterisation and classification of tor traffic using MFD chromatographic features and spatial–temporal modelling |
| title_sort | flowmfd characterisation and classification of tor traffic using mfd chromatographic features and spatial temporal modelling |
| topic | computer network security data analysis pattern classification |
| url | https://doi.org/10.1049/ise2.12118 |
| work_keys_str_mv | AT liukunhe flowmfdcharacterisationandclassificationoftortrafficusingmfdchromatographicfeaturesandspatialtemporalmodelling AT liangminwang flowmfdcharacterisationandclassificationoftortrafficusingmfdchromatographicfeaturesandspatialtemporalmodelling AT keyangcheng flowmfdcharacterisationandclassificationoftortrafficusingmfdchromatographicfeaturesandspatialtemporalmodelling AT yifanxu flowmfdcharacterisationandclassificationoftortrafficusingmfdchromatographicfeaturesandspatialtemporalmodelling |