Enhancing Tor's performance using real-time traffic classification

Mashael Alsabah, Kevin Bauer, Ian Goldberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

37 Citations (Scopus)

Abstract

Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online. It consists of volunteer-operated routers from all around the world that serve hundreds of thousands of users every day. Due to congestion and a low relay-to-client ratio, Tor suffers from performance issues that can potentially discourage its wider adoption, and result in an overall weaker anonymity to all users. We seek to improve the performance of Tor by defining different classes of service for its traffic. We recognize that although the majority of Tor traffic is interactive web browsing, a relatively small amount of bulk downloading consumes an unfair amount of Tor's scarce bandwidth. Furthermore, these traffic classes have different time and bandwidth constraints; therefore, they should not be given the same Quality of Service (QoS), which Tor offers them today. We propose and evaluate DiffTor, a machine-learning-based approach that classifies Tor's encrypted circuits by application in real time and subsequently assigns distinct classes of service to each application. Our experiments confirm that we are able to classify circuits we generated on the live Tor network with an extremely high accuracy that exceeds 95%. We show that our real-time classification in combination with QoS can considerably improve the experience of Tor clients, as our simple techniques result in a 75% improvement in responsiveness and an 86% reduction in download times at the median for interactive users.

Original languageEnglish
Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
Pages73-84
Number of pages12
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC
Duration: 16 Oct 201218 Oct 2012

Other

Other2012 ACM Conference on Computer and Communications Security, CCS 2012
CityRaleigh, NC
Period16/10/1218/10/12

Fingerprint

Quality of service
Bandwidth
Networks (circuits)
Routers
Telecommunication traffic
Learning systems
Experiments

Keywords

  • Machine learning
  • Quality of Service
  • Tor
  • Traffic classification

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Alsabah, M., Bauer, K., & Goldberg, I. (2012). Enhancing Tor's performance using real-time traffic classification. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 73-84) https://doi.org/10.1145/2382196.2382208

Enhancing Tor's performance using real-time traffic classification. / Alsabah, Mashael; Bauer, Kevin; Goldberg, Ian.

Proceedings of the ACM Conference on Computer and Communications Security. 2012. p. 73-84.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Alsabah, M, Bauer, K & Goldberg, I 2012, Enhancing Tor's performance using real-time traffic classification. in Proceedings of the ACM Conference on Computer and Communications Security. pp. 73-84, 2012 ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, 16/10/12. https://doi.org/10.1145/2382196.2382208
Alsabah M, Bauer K, Goldberg I. Enhancing Tor's performance using real-time traffic classification. In Proceedings of the ACM Conference on Computer and Communications Security. 2012. p. 73-84 https://doi.org/10.1145/2382196.2382208
Alsabah, Mashael ; Bauer, Kevin ; Goldberg, Ian. / Enhancing Tor's performance using real-time traffic classification. Proceedings of the ACM Conference on Computer and Communications Security. 2012. pp. 73-84
@inproceedings{506d82d7d456426c8942d665296e5245,
title = "Enhancing Tor's performance using real-time traffic classification",
abstract = "Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online. It consists of volunteer-operated routers from all around the world that serve hundreds of thousands of users every day. Due to congestion and a low relay-to-client ratio, Tor suffers from performance issues that can potentially discourage its wider adoption, and result in an overall weaker anonymity to all users. We seek to improve the performance of Tor by defining different classes of service for its traffic. We recognize that although the majority of Tor traffic is interactive web browsing, a relatively small amount of bulk downloading consumes an unfair amount of Tor's scarce bandwidth. Furthermore, these traffic classes have different time and bandwidth constraints; therefore, they should not be given the same Quality of Service (QoS), which Tor offers them today. We propose and evaluate DiffTor, a machine-learning-based approach that classifies Tor's encrypted circuits by application in real time and subsequently assigns distinct classes of service to each application. Our experiments confirm that we are able to classify circuits we generated on the live Tor network with an extremely high accuracy that exceeds 95{\%}. We show that our real-time classification in combination with QoS can considerably improve the experience of Tor clients, as our simple techniques result in a 75{\%} improvement in responsiveness and an 86{\%} reduction in download times at the median for interactive users.",
keywords = "Machine learning, Quality of Service, Tor, Traffic classification",
author = "Mashael Alsabah and Kevin Bauer and Ian Goldberg",
year = "2012",
doi = "10.1145/2382196.2382208",
language = "English",
isbn = "9781450316507",
pages = "73--84",
booktitle = "Proceedings of the ACM Conference on Computer and Communications Security",

}

TY - GEN

T1 - Enhancing Tor's performance using real-time traffic classification

AU - Alsabah, Mashael

AU - Bauer, Kevin

AU - Goldberg, Ian

PY - 2012

Y1 - 2012

N2 - Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online. It consists of volunteer-operated routers from all around the world that serve hundreds of thousands of users every day. Due to congestion and a low relay-to-client ratio, Tor suffers from performance issues that can potentially discourage its wider adoption, and result in an overall weaker anonymity to all users. We seek to improve the performance of Tor by defining different classes of service for its traffic. We recognize that although the majority of Tor traffic is interactive web browsing, a relatively small amount of bulk downloading consumes an unfair amount of Tor's scarce bandwidth. Furthermore, these traffic classes have different time and bandwidth constraints; therefore, they should not be given the same Quality of Service (QoS), which Tor offers them today. We propose and evaluate DiffTor, a machine-learning-based approach that classifies Tor's encrypted circuits by application in real time and subsequently assigns distinct classes of service to each application. Our experiments confirm that we are able to classify circuits we generated on the live Tor network with an extremely high accuracy that exceeds 95%. We show that our real-time classification in combination with QoS can considerably improve the experience of Tor clients, as our simple techniques result in a 75% improvement in responsiveness and an 86% reduction in download times at the median for interactive users.

AB - Tor is a low-latency anonymity-preserving network that enables its users to protect their privacy online. It consists of volunteer-operated routers from all around the world that serve hundreds of thousands of users every day. Due to congestion and a low relay-to-client ratio, Tor suffers from performance issues that can potentially discourage its wider adoption, and result in an overall weaker anonymity to all users. We seek to improve the performance of Tor by defining different classes of service for its traffic. We recognize that although the majority of Tor traffic is interactive web browsing, a relatively small amount of bulk downloading consumes an unfair amount of Tor's scarce bandwidth. Furthermore, these traffic classes have different time and bandwidth constraints; therefore, they should not be given the same Quality of Service (QoS), which Tor offers them today. We propose and evaluate DiffTor, a machine-learning-based approach that classifies Tor's encrypted circuits by application in real time and subsequently assigns distinct classes of service to each application. Our experiments confirm that we are able to classify circuits we generated on the live Tor network with an extremely high accuracy that exceeds 95%. We show that our real-time classification in combination with QoS can considerably improve the experience of Tor clients, as our simple techniques result in a 75% improvement in responsiveness and an 86% reduction in download times at the median for interactive users.

KW - Machine learning

KW - Quality of Service

KW - Tor

KW - Traffic classification

UR - http://www.scopus.com/inward/record.url?scp=84869460839&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84869460839&partnerID=8YFLogxK

U2 - 10.1145/2382196.2382208

DO - 10.1145/2382196.2382208

M3 - Conference contribution

AN - SCOPUS:84869460839

SN - 9781450316507

SP - 73

EP - 84

BT - Proceedings of the ACM Conference on Computer and Communications Security

ER -