Abstract—
This work studies Orbot, an anonymous overlay network used to browse the Internet. Its ease of use has attracted all kinds of people, including ordinary Internet users who want to avoid being profiled to bypass censorship, government intelligence agencies that need to do operations on the Internet without being detected and companies who do not want to reveal information to their competitors. This article aims to study, analyze, and mostly identify the Orbot traffic, since much of it is used for illegal purposes. A method of identification of the anonymous network is established by examining the traffic to identify clues. The method used to detect the use of the Orbot application in the network is based on the creation of the rules with Snort IDS from the analysis of the packets in Wireshark analyzer. The encryption aspect of the flow of this anonymous network brings us to a deep packet inspection (DPI). A set of Snort rules were developed as a proof of concept for the proposed Orbot detection approach. Our traffic detection methodology has demonstrated that it can detect Orbot connections in real time.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
REFERENCES
Neupane, K., Haddad, R., and Chen, L., Next generation firewall for network security: A survey, SouthEastCon, St. Petersburg, Fla., 2018, IEEE, 2018, pp. 1–6. https://doi.org/10.1109/SECON.2018.8478973
Dantas, B., Carvalho, P., Lima, S.R., Silva, J.M., Detection of anonymised traffic: Tor as case study, Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN 2020, ruSMART 2020, Galinina, O., Andreev, S., Balandin, S., and Koucheryavy, Y., Eds., Lecture Notes in Computer Science, vol. 12526, Cham: Springer, 2020, pp. 95–109. https://doi.org/10.1007/978-3-030-65729-1_9
Merouane, M., An approach for detecting and preventing DDoS attacks in campus, Autom. Control Comput. Sci., 2017, vol. 51, pp. 13–23. https://doi.org/10.3103/S0146411616060043
Saputra, F.A., Nadhori, I.U., and Barry, B.F., Detecting and blocking onion router traffic using deep packet inspection, Int. Electronics Symp. (IES), Denpasar, Indonesia, 2016, IEEE, 2016, pp. 283–288. https://doi.org/10.1109/ELECSYM.2016.7861018
Hansen, R., First glance: An introductory analysis of network forensics of Tor, Ann. ADFSL Conf. on Digital Forensics, Security and Law, Richmond, Va., 2013, pp. 105–118.
Merouane, M., Interception of P2P traffic in a campus network, Rom. J. Inf. Technol. Autom. Control, 2019, vol. 29, no. 2, pp. 21–34. https://doi.org/10.33436/v29i2y201902
Merouane, M., Experimental platform for teaching denial of services attacks, Int. J. Comput. Sci. Inf. Secur., 2016, vol. 14, no. 11.
Chetry, A. and Sharma, U., Dark web Activity on Tor—Investigation challenges and retrieval of memory artifacts, International Conference on Innovative Computing and Communications, Gupta, D., Khanna, A., Bhattacharyya, S., Hassanien, A.E., Anand, S., and Jaiswal, A., Eds., Advances in Intelligent Systems and Computing, vol. 1165, Singapore: Springer, 2021, pp. 953–964. https://doi.org/10.1007/978-981-15-5113-0_80
Huang, Y., Lee, C., and Hsu, F., The research of attacking TOR network users, Int. Conf. on Security with Intelligent Computing and Big-Data Services, 2020, pp. 35–38.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
The authors declare that they have no conflicts of interest.
About this article
Cite this article
Mehdi Merouane An Approach for Detecting Anonymized Traffic: Orbot as Case Study. Aut. Control Comp. Sci. 56, 45–57 (2022). https://doi.org/10.3103/S0146411622010072
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411622010072