Topic and Importance Evaluation of Tor services, Mahdieh Zabihimayvan and Derek Doran, Wright State University

TIME: Saturday 9:15 – 9:35 AM


Tor is perhaps the most well-known dark net in the world. It has noble uses, including as a platform for free speech and information dissemination under the guise of true anonymity, but may be culturally better known as a conduit for criminal activity and as a platform to market illicit goods and data. Past studies on the con- tent of Tor support this notion, but were carried out by narrowly targeting popular domains likely to contain illicit content. A survey of past studies may thus not yield a complete evaluation of the content and use of Tor. This work addresses this gap by presenting an evaluation of the content of the English Tor ecosystem. We perform a comprehensive crawl of the Tor dark web and, through topic and network analysis, characterize the ‘types’ of information and services hosted across a broad swath of Tor domains and their hyperlink relational structure. We recover nine domain types de-  need by the information or service they host and unveil over 50% of all domains discovered are either directories to other Tor domains, or serve as marketplace to buy and sell goods and services. On the other hand, just 24% of all Tor domains are used to publicly post, privately send, or to discover information anonymously. We also present measurements suggesting that marketplaces of illegal drugs and services do emerge as the dominant type of Tor domain. Our study is the product of crawling over 1 million pages from 20,000 Tor seed addresses, yielding a collection of over 150,000 Tor pages. To the best of our knowledge this is the broadest set of measurements taken over Tor to date.



Predicting Network Traffic Using TCP Anomalies, Alina Lazar, Youngstown State University

TIME: Friday 8:30 - 8:50 PM


Accurately predicting network traffic volume is beneficial for congestion control, improving routing, allocating network resources and network optimization. Traffic congestion happens when a network device is receiving more data packets than its processing capability. The number of retransmissions per flow, packet duplication and synthetic reordering can seriously degrade the overall TCP performance. An unsupervised/supervised technique to accurately identify TCP anomalies occurring during file transfers based on passive measurements of TCP traffic collected using Tstat is proposed. This method will be validated on real large datasets collected from several data transfer nodes. The preliminary results indicate that the percentage of TCP anomalies correlate well with the average throughput in any given time window.