Method for Detecting and Identification of Tor Network Data by Wireshark Analyzer

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2021-4-73-80 ◽

2021 ◽

pp. 73-80

Author(s):

Vitaly Lapshichyov ◽

◽

Oleg Makarevich ◽

Keyword(s):

Comparative Method ◽

Network Data ◽

Data Packets ◽

Software Analysis ◽

Applied Method ◽

Tor Network ◽

Study Development ◽

Local Machine

Purpose of the study: development of a method that allows detecting and identifying packets of the Tor network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer using the filter syntax based on the features of the Tor network packets characteristic of the TLS v1.2 and v1.3 encryption versions; studying the possibility of using the SSL Bump attack (decrypting https traffic on a virtual server using self-signed x.509 certificates) to overcome the obfuscation of Tor network packets. Method: software analysis of transmitted network packets, decomposition of the contents of data packets according to their size and belonging to encryption protocols, a comparative method in relation to different versions of the encryption protocol and resources, synthesis of filtering rules based on the syntax of the analyzer was used. Results: an applied method was developed that allows detecting and identifying packets of the Tor Network, including obfuscated packets on the local machine of the network user, by a Wireshark sniffer based on the filtering syntax based on the signs of encryption packets of the TLS v1.2 and v1.3 versions; data on the impossibility of using the SSL Bump attack to overcome the obfuscation of the Tor network was obtained.

Download Full-text

Identification of the "Tor" Network https-Connection Version tls v1.3

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-06-57-62 ◽

2020 ◽

pp. 57-62

Author(s):

Vitaly Lapshichyov ◽

◽

Oleg Makarevich ◽

Keyword(s):

Comparative Analysis ◽

Data Stream ◽

Comparative Method ◽

Number Sequence ◽

Data Packets ◽

Software Analysis ◽

Network Connection ◽

Anonymous Network ◽

Tor Network ◽

Network Type

Purpose of the study: compilation of a set of features that allow to detect and identify the establishment of a connection between the client and the anonymous network Tor in conditions of using encryption of the data stream using the TLS v1.3 protocol. Method: software analysis of the data flow, frequency methods, decomposition of the content of data packets according to their number, sequence, finding frames in a packet and sizes, a comparative method in point of different versions of the encryption protocol and resources making the connection were used. Results: a set of features of the Tor network connection established using TLS v1.3 encryption was compiled, allowing to detect and identify in the data stream a “handshake” between the client and the Tor network in order to legally block the connection; a comparative analysis of the data of the Tor network and the VKontakte social network during the establishment of an encrypted connection was carried out; studied and described the structure and differences of the “handshake” of the TLS protocols v1.2 and v1.3; the structure, size and arrangement of frames and data packets of the Tor network and a connection of other network type, both using TLS v1.3 encryption, has been revealed.

Download Full-text

NOESIS: A Framework for Complex Network Data Analysis

Complexity ◽

10.1155/2019/1439415 ◽

2019 ◽

Vol 2019 ◽

pp. 1-14

Author(s):

Víctor Martínez ◽

Fernando Berzal ◽

Juan-Carlos Cubero

Keyword(s):

Data Mining ◽

Open Source ◽

Complex Network ◽

Open Source Software ◽

Network Data ◽

Analysis Techniques ◽

Software Analysis ◽

Open Source Framework ◽

Network Properties ◽

Real World Problems

Network data mining has attracted a lot of attention since a large number of real-world problems have to deal with complex network data. In this paper, we present NOESIS, an open-source framework for network-based data mining. NOESIS features a large number of techniques and methods for the analysis of structural network properties, network visualization, community detection, link scoring, and link prediction. The proposed framework has been designed following solid design principles and exploits parallel computing using structured parallel programming. NOESIS also provides a stand-alone graphical user interface allowing the use of advanced software analysis techniques to users without prior programming experience. This framework is available under a BSD open-source software license.

Download Full-text

Visualization of Network Security Information Based on Slow and Stealth Scan

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.543-547.3173 ◽

2014 ◽

Vol 543-547 ◽

pp. 3173-3176 ◽

Cited By ~ 1

Author(s):

Dong Sheng Zhang

Keyword(s):

Network Security ◽

Detection System ◽

Safety Information ◽

Network Data ◽

Visualization Technique ◽

Security Analysts ◽

Data Packets ◽

Security Information ◽

Network Safety ◽

Network Status

To date, network security analysts depend only on some network secure products to study large amounts of log information as to analyze and cope with network anomalies. With dramatic increase of network data volumes, diversities of attack types and more complexity, the traditional analytical means are no longer effective. How to enable those analysts to quickly figure out network status by advantage of cumbersome high-dimensional data information has become a critical concern in the field of network safety. Here it develops a visualized technique for detecting network safety information by port scanning. After the analysis of network data packets and the use of information visualization technique, the visualized port scanning and detection system ScanViewer is designed and developed. The experiment reveals that it can detect slow scan, distributed scan, various TCP stealth scan and so on. With the method, people have got out of helpless embarrassment by the weak scan.

Download Full-text

The Test of Practical Network Coding

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.380-384.2585 ◽

2013 ◽

Vol 380-384 ◽

pp. 2585-2588

Author(s):

Kun Wang ◽

Yun Pan

Keyword(s):

Network Coding ◽

Original Data ◽

Transmission Efficiency ◽

Network Throughput ◽

Network Data ◽

Data Packets ◽

Network Transmission ◽

Network Codings

Network Coding is used to increase network throughput. In the network coding, network data packets will be encoded by the sender and the encoded data packets can be used by different receivers to recovery the same original data packets. This increases the network transmission efficiency. Coding on data will consume the computing resources and this becomes the bottleneck of network codings practicability. In this paper, we assume that the coding happens at the end of the network and we conduct some tests on the pc and hand-devices. Our results show that network coding can work well on current PC, and we need a native device support to make the network coding working on the hand-devices.

Download Full-text

Critical Traffic Analysis on the Tor Network

Journal of Cyber Security and Mobility ◽

10.13052/jcsm2245-1439.1015 ◽

2021 ◽

Author(s):

Florian Platzer ◽

Marcel Schäfer ◽

Martin Steinebach

Keyword(s):

Traffic Analysis ◽

Prominent Feature ◽

Service Architecture ◽

Popular Method ◽

Data Packets ◽

Web Contents ◽

Anonymity Network ◽

Tor Network ◽

Critical Traffic

Tor is a widely-used anonymity network with more than two million daily users. A prominent feature of Tor is the hidden service architecture. Hidden services are a popular method for communicating anonymously or sharing web contents anonymously. For security reasons, in Tor all data packets to be send over the network are structured completely identical. They are encrypted using the TLS protocol and its size is fixed to exactly 512 bytes. In this work we describe a method to deanonymize any hidden service on Tor based on traffic analysis. This method allows an attacker with modest resources to deanonymize any hidden services in less than 12.5 days. This poses a threat to anonymity online.

Download Full-text

Unsupervised Feature Learning for Whatsapp network Data packets using Autoencoder

2020 IEEE 15th International Conference on Industrial and Information Systems (ICIIS) ◽

10.1109/iciis51140.2020.9342674 ◽

2020 ◽

Author(s):

S Ramraj ◽

G Usha

Keyword(s):

Feature Learning ◽

Network Data ◽

Unsupervised Feature Learning ◽

Data Packets

Download Full-text

Competitive interaction model with Holling type and application to IP network data packets forwarding

Communications in Nonlinear Science and Numerical Simulation ◽

10.1016/j.cnsns.2019.105104 ◽

2020 ◽

Vol 83 ◽

pp. 105104 ◽

Cited By ~ 1

Author(s):

Yaming Zhang ◽

Yaya H. Koura ◽

Yanyuan Su

Keyword(s):

Interaction Model ◽

Competitive Interaction ◽

Network Data ◽

Data Packets ◽

Ip Network

Download Full-text

Intrusion Detection through DCSYS Propagation Compared to Auto-encoders

Journal of Computer Science Research ◽

10.30564/jcsr.v3i3.3578 ◽

2021 ◽

Vol 3 (3) ◽

Author(s):

Fatima Isiaka ◽

Zainab Adamu

Keyword(s):

Predictive Power ◽

Dynamic Control ◽

Network Protocols ◽

Network Data ◽

Malicious Software ◽

Physical Systems ◽

Data Packets ◽

Internet Users ◽

Dynamic Control System ◽

Access Information

In network settings, one of the major disadvantages that threaten the network protocols is the insecurity. In most cases, unscrupulous people or bad actors can access information through unsecured connections by planting software or what we call malicious software otherwise anomalies. The presence of anomalies is also one of the disadvantages, internet users are constantly plagued by virus on their system and get activated when a harmless link is clicked on, this a case of true benign detected as false. Deep learning is very adept at dealing with such cases, but sometimes it has its own faults when dealing benign cases. Here we tend to adopt a dynamic control system (DCSYS) that addresses data packets based on benign scenario to truly report on false benign and exclude anomalies. Its performance is compared with artificial neural network auto-encoders to define its predictive power. Results show that though physical systems can adapt securely, it can be used for network data packets to identify true benign cases.

Download Full-text

Abstract #1249: Novel Use of Physician Social Network Data to Map the Gap in the Endocrinology Workforce

Endocrine Practice ◽

10.1016/s1530-891x(20)42480-2 ◽

2015 ◽

Vol 21 ◽

pp. 301

Author(s):

Armand Krikorian ◽

Lily Peng ◽

Zubair Ilyas ◽

Joumana Chaiban

Keyword(s):

Social Network ◽

Network Data ◽

Social Network Data

Download Full-text

The Multilevel p2 Model

Methodology ◽

10.1027/1614-2241.2.1.42 ◽

2006 ◽

Vol 2 (1) ◽

pp. 42-47 ◽

Cited By ~ 47

Author(s):

Bonne J. H. Zijlstra ◽

Marijtje A. J. van Duijn ◽

Tom A. B. Snijders

Keyword(s):

Social Network ◽

Network Data ◽

Mcmc Algorithm ◽

Independent Observation ◽

Single Observation ◽

Multiple Networks ◽

Social Network Data ◽

Multiple Observations ◽

Practical Support ◽

The Social

The p 2 model is a random effects model with covariates for the analysis of binary directed social network data coming from a single observation of a social network. Here, a multilevel variant of the p 2 model is proposed for the case of multiple observations of social networks, for example, in a sample of schools. The multilevel p 2 model defines an identical p 2 model for each independent observation of the social network, where parameters are allowed to vary across the multiple networks. The multilevel p 2 model is estimated with a Bayesian Markov Chain Monte Carlo (MCMC) algorithm that was implemented in free software for the statistical analysis of complete social network data, called StOCNET. The new model is illustrated with a study on the received practical support by Dutch high school pupils of different ethnic backgrounds.

Download Full-text