Enhancing Tor's performance using real-time traffic classification

Mashael Alsabah, Kevin Bauer, Ian Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Citations (Scopus)


Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online. It consists of volunteer-operated routers from all around the world that serve hundreds of thousands of users every day. Due to congestion and a low relay-to-client ratio, Tor suffers from performance issues that can potentially discourage its wider adoption, and result in an overall weaker anonymity to all users. We seek to improve the performance of Tor by defining different classes of service for its traffic. We recognize that although the majority of Tor traffic is interactive web browsing, a relatively small amount of bulk downloading consumes an unfair amount of Tor's scarce bandwidth. Furthermore, these traffic classes have different time and bandwidth constraints; therefore, they should not be given the same Quality of Service (QoS), which Tor offers them today. We propose and evaluate DiffTor, a machine-learning-based approach that classifies Tor's encrypted circuits by application in real time and subsequently assigns distinct classes of service to each application. Our experiments confirm that we are able to classify circuits we generated on the live Tor network with an extremely high accuracy that exceeds 95%. We show that our real-time classification in combination with QoS can considerably improve the experience of Tor clients, as our simple techniques result in a 75% improvement in responsiveness and an 86% reduction in download times at the median for interactive users.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Number of pages12
Publication statusPublished - 2012
Externally publishedYes
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC
Duration: 16 Oct 201218 Oct 2012


Other2012 ACM Conference on Computer and Communications Security, CCS 2012
CityRaleigh, NC



  • Machine learning
  • Quality of Service
  • Tor
  • Traffic classification

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Alsabah, M., Bauer, K., & Goldberg, I. (2012). Enhancing Tor's performance using real-time traffic classification. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 73-84) https://doi.org/10.1145/2382196.2382208