A User Prediction and Identification System for Tor Networks Using ARIMA Model

  • Tetsuya Oda
  • Miralda Cuka
  • Ryoichiro Obukata
  • Makoto Ikeda
  • Leonard Barolli
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 6)


Due to the amount of anonymity afforded to users of the Tor infrastructure, Tor has become a useful tool for malicious users. With Tor, the users are able to compromise the non-repudiation principle of computer security. Also, the potentially hackers may launch attacks such as DDoS or identity theft behind Tor. For this reason, there are needed new systems and models to detect the intrusion in Tor networks. In this paper, we present the application of Autoregression Integrated Moving Average (ARIMA) for prediction of user behavior in Tor networks. We constructed a Tor server and a Deep Web browser (Tor client) in our laboratory. Then, the client sends the data browsing to the Tor server using the Tor network. We used Wireshark Network Analyzer to get the data and then used the ARIMA model to make the prediction. The simulation results show that proposed system has a good prediction of user behavior in Tor networks.


  1. 1.
    Tor Project Web Site. http://www.torproject.org/
  2. 2.
    Dingledine, R., Mathewson, N., Syverson, P.: Deploying low-latency anonymity: design challenges and social factors. IEEE Secur. Priv. 5(5), 83–87 (2007)CrossRefGoogle Scholar
  3. 3.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation Onion Router. In: Proceedings of the 13th Conference on USENIX Security Symposium (SSYM-2004), vol. 13, p. 21 (2004)Google Scholar
  4. 4.
    Ling, Z., Luo, J., Wu, K., Yu, W., Fu, X.: TorWard: discovery of malicious traffic over Tor. In: Proceedings of IEEE INFOCOM 2014, pp. 1402–1410, April 2014Google Scholar
  5. 5.
    Reddy, E.K.: Neural networks for intrusion detection and its applications. In: Proceedings of the World Congress on Engineering 2013 Vol. II, WCE-2013, July 2013Google Scholar
  6. 6.
    Linda, O., Vollmer, T., Manic, M.: Neural network based intrusion detection system for critical infrastructures. In: Proceedings of International Joint Conference on Neural Networks (IJCNN-2009), pp. 1827–1834, June 2009Google Scholar
  7. 7.
    Shum, J., Malki, H.A.: Network intrusion detection system using neural networks. In: Proceedings of Fourth International Conference on Natural Computation (ICNC-2008), pp. 242–246, October 2008Google Scholar
  8. 8.
    Al-Janabi, S.T.F., Saeed, H.A.: A neural network based anomaly intrusion detection system. In: Developments in E-systems Engineering (DeSE), pp. 221–226, December 2011Google Scholar
  9. 9.
    Niyaz, Q., Sun, W., Javaid, A.Y., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (Formerly BIONETICS), BICT-15, vol. 15, pp. 21–26 (2015)Google Scholar
  10. 10.
    Lang Hong, J.: Deep web data extraction. In: Proceedings of IEEE International Conference on Systems Man and Cybernetics (SMC-2010), pp. 3420–3427, October 2010Google Scholar
  11. 11.
    Singh, M.P.: Deep web structure. IEEE Internet Comput. 6(5), 4–5 (2002)CrossRefGoogle Scholar
  12. 12.
    Stupples, D.: Security challenge of Tor and the deep web. In: 8th International Conference for Internet Technology and Secured Transactions (ICITST-2013), December 2013Google Scholar
  13. 13.
    Biryukov, A.: Trawling for Tor hidden services: detection, measurement, deanonymization. In: Proceedings of IEEE Symposium on Security and Privacy (SP-2013), pp. 80–94, November 2013Google Scholar
  14. 14.
    Dhungel, P., Steiner, M., Rimac, I., Hilt, V., Ross, K.W.: Waiting for anonymity: understanding delays in the Tor overlay. In: Proceedings of IEEE Tenth International Conference on Peer-to-Peer Computing (P2P-2010), pp. 1–4, August 2010Google Scholar
  15. 15.
    Xin, L., Neng, W.: Design improvement for Tor against low-cost traffic attack and low-resource routing attack. In: Proceedings of WRI International Conference on Communications and Mobile Computing (CMC-2009), pp. 549–554, January 2009Google Scholar
  16. 16.
    Syverson, P.: A peel of onion. In: Proceedings of ACSAC-2011, pp. 123–135, December 2011Google Scholar
  17. 17.
    Min, Y., Bin, W., Liang-Ii, Z., Xi, C.: Wind speed forecasting based on EEMD and ARIMA. In: Chinese Automation Congress (CAC-2015), pp. 1299–1302 (2015)Google Scholar
  18. 18.
    The R Project for Statistical Computing. http://www.r-project.org/
  19. 19.
    WireShark Web Site. http://www.wireshark.org/

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Tetsuya Oda
    • 1
  • Miralda Cuka
    • 3
  • Ryoichiro Obukata
    • 3
  • Makoto Ikeda
    • 2
  • Leonard Barolli
    • 2
  1. 1.Department of Information and Computer EngineeringOkayama University of Science (OUS)OkayamaJapan
  2. 2.Department of Information and Communication EngineeringFukuoka Institute of Technology (FIT)FukuokaJapan
  3. 3.Graduate School of EngineeringFukuoka Institute of Technology (FIT)FukuokaJapan

Personalised recommendations