Abstract
The Onion Router (Tor) is one of the major network systems that provide anonymous communication and censorship circumvention. Tor enables its users to surf the Internet, chat, and send messages anonymously; however, cyber attackers also exploit the system for circumventing criminal activity detection. Recently, various approaches that prevent or mitigate abuse of Tor have been proposed in the literature. This paper, which presents one of the approaches, addresses an IP traceback problem. In our model, onion routers that voluntarily participate in attacker tracing detect attack packets (packets carrying an attacker's code or data) recorded in the log files by sharing necessary information with an attacked server over an Ethereum blockchain network. The detection algorithm in this paper uses the statistics of packet travel and relay times and outputs attack-packet candidates. The proposed method attaches a reliability degree to each candidate, which is based on the upper bounds of its Type I and II error rates. A smart contract running on the blockchain network ranks the detection results from onion routers according to the reliability degrees.
Highlights
The Onion Router (Tor) [1] is a widely used overlay network that provides low-latency anonymous communication for transmission control protocol (TCP) applications and helps circumvent various censorship measures
Monitoring illegal activities over Tor, a meek-based traffic identification method was proposed in [11]. These prevention or mitigation approaches are focused on detecting malicious traffic or Tor components, whereas this paper considers the problem of tracing back attack packets to their origins
(1) Attacked servers and cooperators, i.e., routers that voluntarily agree to trace attackers, form an Ethereum network, in which open and tamper-proof blockchain technologies prevent the counterfeiting of evidence files and allow Ethereum participants to monitor the tracing processes of all incidents in their entirety
Summary
The Onion Router (Tor) [1] is a widely used overlay network that provides low-latency anonymous communication for transmission control protocol (TCP) applications and helps circumvent various censorship measures. Tor has been abused by illegal services [3], [4], such as the infamous Silk Road [5] and the CryptoLocker ransomware command and control (C&C) servers [6]. It was reported in [7] that some onion routers are malicious and perform man-in-themiddle (MITM), structured query language (SQL) injection, and cross-site scripting (XSS) attacks. A bridge is introduced as a hidden entry router to resist censorship further
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
