Pars Anonymity Network Traffic Flow Analysis Using Machine Learning

Document Type : Original Article


1 Teacher

2 Assistant Professor of Imam Hossein University


Anonymity is one of the fundamentals of privacy in the internet that should be strictly considered by governments and ISPs. Network traffic flow detection, is considered as detecting the nature of this traffic; Thus, if the traffic of an anonymizer is detected, it means that classified data is being transmitting throw the network, which in return is a great flaw in the anonymity system. Traffic classification - which has various applications - is one of the most powerful methods in datamining. Traffic management via detecting network traffic flow, is viewed as one of these applications. In this research, by using datamining techniques, in the first step the detection rate of Pars Anonymizer (as a domestic anonymizer) is assessed in compare with The Onion Router, Invisible Internet Project, JonDo and HTTPS Traffic, and at the next step, in a more detailed way, the classification rate of four different services in the desired anonymizer was studied. Results suggest that the classification accuracy rate of these experiments at the first step is 100% and at the next step -with the use of Random Forest algorithm- is 95%. In addition, by evaluating the used specifications in every experiment, the effectiveness of these specifications on the overall accuracy and the model build time was assessed.


Smiley face

A. Pfitzmann and M. Hansen, “Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management–A Consolidated Proposal for Terminology,” Fachterminologie Datenschutz und Datensicherheit, pp. 111–144, 2008.##
V. Paxson, “Bro: a System for Detecting Network Intruders in Real-Time,” Computer Networks,
pp. 2435–2463, 1999.##
“Bro intrusion Detection System-Bro Overview,” [Online]. Available:
[Accessed 24 April 2019].##
“Snort-The de Facto Standard for Intrusion detection/prevention,” 14 August 2007. [Online]. Available:
[Accessed 18 April  2019].##
L. Stewart, G. Armitage, P. Branch, and S. Zander, “An Architecture For Automated Network Control of Qos over Consumer Broadband Links,” in Ieee International Region 10 Conference (Tencon 05), Melbourne, Australia, November 2005.##
D. Herrmann, R. Wendolsky, and H. Federrath, “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with The Multinomial Naïve-Bayes Classifier,” in Acm Workshop on Cloud Computing Security (Ccsw), pp. 31–42, 2009.##
D. Herrmann, “Online privacy: Attacks and Defenses,” it-Information Technology, vol. 57, no. 2, pp. 133-137, 2015.##
A. Panchenko, L. Niessen, A. Zinnen, and T. Engel, “Website fingerprinting in onion routing based anonymization networks,” ACM 10th annual Workshop on Privacy in the Electronic Society(WPES), pp. 103–114, 2011.##
J. Barker, P. Hannay And P. Szewczyk, “Using Traffic Analysis To Identify The Second Generation Onion Router,” in 9th Ieee/Ifip International Conference on Embedded and Ubiquitous Computing (Euc), pp. 72–78, 2011.##
M. AlSabah, K. S. Bauer, and I. Goldberg, “Enhancing Tor’s Performance Using Real-Time Traffic Classification,” in ACM Conference on Computer and Communications security (CCS), pp. 73–84, 2012.##
M. Alsabah and I. Goldberg, “Performance and Security Improvements for Tor: A Survey,” ACM Comput. Surv, vol. 49, no. 2, pp. 1-38, 2015.##
A. Almubayed, J. Atoum, and A. Hadi, “A Model for Detecting Tor Encrypted Traffic Using Supervised Machine Learning,” MECS, 2015.##
A. Springall, C. De Vito, and S.-H. S. Huang, “Per Connection Server-Side Identification of Connections Via Tor,” in IEEE 29th International Conference on Advanced Information Networking and Applications (AINA), pp. 727–734, 2015.##
K. Shahbar and N. Zincir-Heywood, “Benchmarking Two techniques for Tor Classification: Flow level and Circuit Level Classification,” in IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1–8, 2014.##
K. Shahbar, Analysis of Multilayer-Encryption Anonymity Networks, Ph.D. Thesis, Dalhousie University Halifax, Nova Scotia, 2017.##
K. Shahbar and N. Zincir-Heywood, “Packet Momentum for Identificationof Anonymity Networks,” Journal of Cyber Security and Mobility, vol. 6, pp. 27-56, 2017.##
K. Shahbar and N. Zincir-Heywood, “Traffic flow Analysis of Tor Pluggable Transports,” in Ieee 11th International Conference on Network and Service Management(CNSM), pp. 178–181, 2015.##
K. Shahbar and N. Zincir-Heywood, “An analysis of Tor pluggable transports under adversarial conditions,” in Ieee Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2017.##
K. Shahbar And N. Zincir-Heywood, “Effects of Shared Bandwidth on Anonymity of The I2p Network Users,” Ieee Symposium on Security And Privacy, Workshop on Traffic Measurements For Cybersecurity (Wtmc), 2017.##
A. Montieri, D. Ciuonzo, G. Aceto, and A. Pescape, “Anonymity Services Tor, I2p, Jondonym Classifying In The Dark,” In Ieee Transactions on Dependable and Secure Computing, 2018.##
S. Lee, S. -H. Shin, and B. -H. Roh, “Classification of Freenet Traffic Flow Based on Machine Learning,” Journal of Communications, vol. 13, no. 11, pp.    654-660, 2018.##
K. Shahbar and N. Zincir-Heywood, “Anon17: Network Traffic Dataset of Anonymity Services,” Dalhousie University, Halifax, Canada, 2017.##
S. O. Akinola and O. J. Oyabugbe, “Accuracies and Training Times of Data Mining Classification Algorithms: An Empirical Comparative Study,” Journal of Software Engineering and Applications, pp. 470-477, 2015.##
S. Burschka and B. Dupasquier, “Tranalyzer: Versatile high performance network taffic analyzer,” IEEE Symposium Series ob Computatinal Intelligence (SSCI), pp. 1-8, 2016.##