3 research outputs found
Monitoring Anonymous P2P File-Sharing Systems
2 PagesInternational audienceAnonymous communications have been exponentially growing, where more and more users are shifting to a privacy-preserving Internet and anonymising their peer-to-peer communications. Anonymous systems allow users to access different services while preserving their anonymity. We aim to characterise these anonymous systems, with a special focus in the I2P network. Current statistics service for the I2P network do not provide values about the type of applications deployed in the network nor the geographical localisation of users. Our objective is to determine the number of users in the network, the number of anonymous applications, and the type of those applications. We also explore the possibility of inferring which group of users is responsible for the activity of an anonymous application. Thus, we improve the current I2P statistics and get better insights of the network
Adaptive Traffic Fingerprinting for Darknet Threat Intelligence
Darknet technology such as Tor has been used by various threat actors for
organising illegal activities and data exfiltration. As such, there is a case
for organisations to block such traffic, or to try and identify when it is used
and for what purposes. However, anonymity in cyberspace has always been a
domain of conflicting interests. While it gives enough power to nefarious
actors to masquerade their illegal activities, it is also the cornerstone to
facilitate freedom of speech and privacy. We present a proof of concept for a
novel algorithm that could form the fundamental pillar of a darknet-capable
Cyber Threat Intelligence platform. The solution can reduce anonymity of users
of Tor, and considers the existing visibility of network traffic before
optionally initiating targeted or widespread BGP interception. In combination
with server HTTP response manipulation, the algorithm attempts to reduce the
candidate data set to eliminate client-side traffic that is most unlikely to be
responsible for server-side connections of interest. Our test results show that
MITM manipulated server responses lead to expected changes received by the Tor
client. Using simulation data generated by shadow, we show that the detection
scheme is effective with false positive rate of 0.001, while sensitivity
detecting non-targets was 0.016+-0.127. Our algorithm could assist
collaborating organisations willing to share their threat intelligence or
cooperate during investigations.Comment: 26 page