In the dynamic realm of encrypted communications, traffic analysis and its classification are crucial for efficient resource utilization and network management. The prevalence of encryption technologies, The Onion Router (Tor) a globally recognized privacy-preserving network, poses a challenge for the task at hand by introducing complexity through its innovative onion routing mechanism. To overcome Tor’s limitations not only in terms of achieving better accuracy but also in performing classification in time-constrained scenarios, we propose a classification approach for Tor and non-Tor traffic classification, utilizing multiple models to enhance categorization and application identification. Leveraging the University of New Brunswick (UNB) Tor and non-Tor dataset, initially in a packet capture format, the preprocessing is done by transforming through CICFlowmeter. To expedite classification, we applied feature selection techniques like Principal Component Analysis (PCA) and t-Distributed Stochastic Neighbor Embedding (tSNE). Machine learning algorithms like support vector machine (SVM), Gradient Boosting, Random Forest, and Artificial Neural Network (ANN) are applied. Our approach achieves a remarkable recall score ratio of 1.00, demonstrating high accuracy in Tor traffic identification. Notably, efficient feature selection has significantly reduced classification time. This work also contributes to effective Tor and non-Tor network traffic analysis, offering an efficient model for enhanced security and management.
Read full abstract