Tor-based Malware and Tor Connection Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F14%3A00080503" target="_blank" >RIV/00216224:14330/14:00080503 - isvavai.cz</a>

Výsledek na webu

<a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7141237&newsearch=true&searchWithin=%22First%20Name%22:Ibrahim&searchWithin=%22Last%20Name%22:Ghafir" target="_blank" >http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7141237&newsearch=true&searchWithin=%22First%20Name%22:Ibrahim&searchWithin=%22Last%20Name%22:Ghafir</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1049/cp.2014.1411" target="_blank" >10.1049/cp.2014.1411</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Tor-based Malware and Tor Connection Detection

Popis výsledku v původním jazyce

Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, Tor is not only used for good; a great deal of the traffic in the Tor networks is in fact port scans, hacking attempts, exfiltration of stolen data and other forms of online criminality. The anonymity network Tor is often misused by hackers and criminals in order to remotely control hacked computers. In this paper we present our methodology for detecting any connection to or from Tor network. Our detection method is based on a list of Tor servers. We process the network traffic and match the source and destination IP addresses for each connection with Tor servers list. The list of Tor servers is automatically updated each day and the detection is in the real time. We applied our methodology on campus live traffic and showed that it can automatically detect Tor connections in the real time.

Název v anglickém jazyce

Tor-based Malware and Tor Connection Detection

Popis výsledku anglicky

Anonymous communication networks, like Tor, partially protect the confidentiality of user traffic by encrypting all communications within the overlay network. However, Tor is not only used for good; a great deal of the traffic in the Tor networks is in fact port scans, hacking attempts, exfiltration of stolen data and other forms of online criminality. The anonymity network Tor is often misused by hackers and criminals in order to remotely control hacked computers. In this paper we present our methodology for detecting any connection to or from Tor network. Our detection method is based on a list of Tor servers. We process the network traffic and match the source and destination IP addresses for each connection with Tor servers list. The list of Tor servers is automatically updated each day and the detection is in the real time. We applied our methodology on campus live traffic and showed that it can automatically detect Tor connections in the real time.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobilní dedikované zařízení pro naplňování schopností reakce na počítačové incidenty</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of International Conference on Frontiers of Communications, Networks and Applications

ISBN

9781785610721

ISSN

—

e-ISSN

—

Počet stran výsledku

6

Strana od-do

1-6

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Kuala Lumpur, Malaysia

Místo konání akce

Kuala Lumpur, Malaysia

Datum konání akce

3. 11. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—