Multilevel Identification and Classification Analysis of Tor on Mobile and PC Platforms

In digitalized and automated systems, more and more intelligent devices have become an import part of industrial Internet of Things (IIOT). However, the lack of security in IIOT makes people facing unprecedented threats from the Dark web. Traffic classification is an important means to prevent anonymous attacks. However, the growing usage of smartphones in daily life is deeply changing the nature of network traffic, which makes traffic classification more challenging. In this article, we propose a Tor traffic identification and multilevel classification framework based on network flow features, which realizes the identification of anonymous traffic (L1), traffic types (L2) of anonymous traffic, and applications (L3) on a mobile and a PC platform, respectively. We further analyze differences between the mobile and the PC platform. We conclude that the impact of time-related features is higher than that of the nontime-related features on the mobile platform, while it is opposite on the PC platform. And it is more difficult to identify and classify Tor types (L2) and specific Tor applications (L3) on the mobile platform than on the PC platform, including using different number of features and early identification and classification.