Machine Learning Approach for Classifying Encrypted Tor Traffic Payloads Using XGBoost Classifier
Keywords:
Network traffic, machine learning, source port, destination port, protocol, flow duration, XGBoost classifier, cybersecurityAbstract
The rapid evolution of internet technologies has necessitated advanced methodologies for monitoring and classifying encrypted network traffic. This study introduces a robust framework utilizing Machine Learning (ML) to classify Tor traffic encrypted payloads, an essential step for enhancing cybersecurity measures. Utilizing a dataset featuring columns such as Source Port, Destination Port, Protocol, Flow Duration, various Inter-Arrival Times (IAT), and others, we apply the XGBoost model. Our objective is to accurately predict the nature of traffic ('label' as the target column), thereby distinguishing between benign and potentially malicious activities. The effectiveness of the model is evaluated based on its predictive accuracy and computational efficiency, offering insights into the optimal approach for real-time encrypted traffic analysis. This research contributes to the development of more secure network environments by leveraging advanced data analytics in the realm of cybersecurity.
Downloads
References
C. Johnson, B. Khadka, E. Ruiz, J. Halladay, T. Doleck, and R. B. J. J. I. S. I. S. Basnet, "Application of deep learning on the characterization of tor traffic using time based features," vol. 11, no. 1, pp. 44-63, 2021.
O. Salman, I. H. Elhajj, A. Kayssi, and A. J. A. o. T. Chehab, "A review on machine learning–based approaches for Internet traffic classification," vol. 75, no. 11, pp. 673-710, 2020.
S. Rezaei and X. J. I. c. m. Liu, "Deep learning for encrypted traffic classification: An overview," vol. 57, no. 5, pp. 76-81, 2019.
P. Choorod and G. Weir, "Tor traffic classification based on encrypted payload characteristics," in 2021 National Computing Colleges Conference (NCCC), 2021, pp. 1-6: IEEE.
D. Sarkar, P. Vinod, and S. Y. Yerima, "Detection of Tor traffic using deep learning," in 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA), 2020, pp. 1-8: IEEE.
N. Rust-Nguyen, S. Sharma, M. J. C. Stamp, and Security, "Darknet traffic classification and adversarial attacks using machine learning," vol. 127, p. 103098, 2023.
W. Sun, Y. Zhang, J. Li, C. Sun, and S. J. E. Zhang, "A deep learning-based encrypted VPN traffic classification method using packet block image," vol. 12, no. 1, p. 115, 2022.
P. Dodia, M. AlSabah, O. Alrawi, and T. Wang, "Exposing the rat in the tunnel: Using traffic analysis for tor-based malware detection," in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 875-889.
J. Barker, P. Hannay, and P. Szewczyk, ‘‘Using traffic analysis to identify the second generation onion router,’’ in Proc. IFIP 9th Int. Conf. Embedded Ubiquitous Comput., Melbourne, VIC, Australia, Oct. 2011, pp. 72–78.
J. Katz and Y. Lindell, Introduction to Modern Cryptography, 2nd ed. New York, NY, USA: CRC Press, 2020.
A. H. Lashkari, G. D. Gil, M. S. I. Mamun, and A. A. Ghorbani, ‘‘Characterization of Tor traffic using time-based features,’’ in Proc. 3rd Int. Conf. Inf. Syst. Secur. Privacy (ICISSP), Porto, Portugal, Feb. 2017, pp. 253–262.
A. Cuzzocrea, F. Martinelli, F. Mercaldo, and G. Vercelli, ‘‘Tor traffic analysis and detection via machine learning techniques,’’ in Proc. IEEE Int. Conf. Big Data (Big Data), Boston, MA, USA, Dec. 2017, pp. 4474–4480.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 International Journal of Scientific Research in Science, Engineering and Technology
This work is licensed under a Creative Commons Attribution 4.0 International License.
