Application of Deep Learning on the Characterization of 1Colorado Mesa University, Grand Junction, Colorado, USA {cpjohnson, bkhadka2, elruiz, jehalladay}@mavs.coloradomesa.edu, rbasnet@coloradomesa.edu 2Simon Fraser University, Burnaby, CA, USA tdoleck@sfu.ca Abstract The Onion Router (Tor) is a popular network, widely used by both political dissidents and cyber criminals alike. Tor attempts to circumvent government censorship and surveillance of individuals by keeping secret a message’s sender/receiver and content. This work compares the performance of various traditional machine learning algorithms (e.g. Random Forest, Decision Tree, k-Nearest Neighbor) and Deep Neural Networks on the ISCXTor2016 time-based dataset in detecting Tor traffic. The research examines two scenarios: the goal of Scenario A is to detect Tor traffic while Scenario B’s goal is to determine the type of Tor traffic as one of eight categories. The algorithms trained on Scenario A demonstrate high performance, with classification accuracies > 99% in most cases. In contrast, Scenario B yielded a wider range of classification accuracies (40-82%); Random Forest and Decision Tree algorithms demonstrate performance superior to k-Nearest Neighbors and Deep Neural Networks. Keywords: Tor traffic, deep learning, machine learning, traffic identification, encrypted traffic +: Corresponding author: Department of Computer Science and Engineering, Colorado Mesa University, Journal of Internet Services and Information Security (JISIS), 11(1): 44-63, February 2021 Received: August 17, 2020; Accepted: February 11, 2021; Published: February 28, 2021 DOI: 10.22667/JISIS.2021.02.28.044 [pdf] |