DeepCorr: Strong Flow Correlation Attacks on Tor Using Deep Learning

by   Milad Nasr, et al.

Flow correlation is the core technique used in a multitude of deanonymization attacks on Tor. Despite the importance of flow correlation attacks on Tor, existing flow correlation techniques are considered to be ineffective and unreliable in linking Tor flows when applied at a large scale, i.e., they impose high rates of false positive error rates or require impractically long flow observations to be able to make reliable correlations. In this paper, we show that, unfortunately, flow correlation attacks can be conducted on Tor traffic with drastically higher accuracies than before by leveraging emerging learning mechanisms. We particularly design a system, called DeepCorr, that outperforms the state-of-the-art by significant margins in correlating Tor connections. DeepCorr leverages an advanced deep learning architecture to learn a flow correlation function tailored to Tor's complex network this is in contrast to previous works' use of generic statistical correlation metrics to correlated Tor flows. We show that with moderate learning, DeepCorr can correlate Tor connections (and therefore break its anonymity) with accuracies significantly higher than existing algorithms, and using substantially shorter lengths of flow observations. For instance, by collecting only about 900 packets of each target Tor flow (roughly 900KB of Tor data), DeepCorr provides a flow correlation accuracy of 96 system of RAPTOR using the same exact setting. We hope that our work demonstrates the escalating threat of flow correlation attacks on Tor given recent advances in learning algorithms, calling for the timely deployment of effective countermeasures by the Tor community.


page 1

page 2

page 3

page 4


Detection of LDDoS Attacks Based on TCP Connection Parameters

Low-rate application layer distributed denial of service (LDDoS) attacks...

More Effective Centrality-Based Attacks on Weighted Networks

Only when understanding hackers' tactics, can we thwart their attacks. W...

Crossfire Attack Detection using Deep Learning in Software Defined ITS Networks

Recent developments in intelligent transport systems (ITS) based on smar...

A Correlation Information-based Spatiotemporal Network for Traffic Flow Forecasting

With the growth of transport modes, high traffic forecasting precision i...

Mitigating Backdoor Poisoning Attacks through the Lens of Spurious Correlation

Modern NLP models are often trained over large untrusted datasets, raisi...

CLEF: Limiting the Damage Caused by Large Flows in the Internet Core (Technical Report)

The detection of network flows that send excessive amounts of traffic is...

Please sign up or login with your details

Forgot password? Click here to reset