[tor-dev] TOR SoP proposal: extending and improving TOR network anomaly detection

Kibo Schaffer schafk2 at rpi.edu
Wed Apr 15 21:12:09 UTC 2015


Hi Philipp,

Thanks for your reply. I mean Tor the network. Not integrated into the
protocol itself. Sorry for the poor wording. So it would work as
exitmap, HonerConnector, and TorDoctor.

> And do you already have some concrete ideas about detecting
> anomalies? It's an interesting topic, but also a theory-heavy one.
> If we don't have good ideas about concrete things to work on, we
> can easily spend all three months researching, which is not quite
> what TSoC is about.

Agreed. I underestimated how much research it would take, and I haven't
had the time this week to look more in-depth into pre-existing projects
and research to really gauge this.

Since the scale / shape of the project is currently incompatible with
TSoP, I won't submit it (I could, but it doesn't make much sense).

*However* I still want to contribute to this field, and I think I can
look into getting my university to fund me for the summer instead, so I
can work towards financial independence.

I'll get back in touch soon once things settle down here.

Cheers,
Kibo


On Wed, 15 Apr 2015 17:28:32 +0200
Philipp Winter <phw at nymity.ch> wrote:

> On Tue, Apr 14, 2015 at 01:38:54AM -0400, Kibo Schaffer wrote:
> > I want to improve TOR's ability to detect anomalies such as sybil
> > attacks, and make it easy to include other heuristics for other
> > potential attacks. When a potential attack is detected, users and
> > maintainers are notified (as necessary). There has been research and
> > development with this field with TorDoctor, exitmap, and
> > HoneyConnector. However, as far as I am aware, these projects could
> > use some help being solidified and integrated into TOR.
> 
> What do you mean by "solidified and integrated into TOR"?  Tor, the
> network or tor, the C program?  exitmap (and I think Doctor and
> HoneyConnector too) is meant to be a stand-alone tool that only uses
> the Tor network as a client.
> 
> And do you already have some concrete ideas about detecting anomalies?
> It's an interesting topic, but also a theory-heavy one.  If we don't
> have good ideas about concrete things to work on, we can easily spend
> all three months researching, which is not quite what TSoC is about.
> 
> While I'm currently working on Sybil attack detection [0], and more
> broadly anomaly detection, we are still mostly in the process of
> working out the theory.
> 
> There might be, however, ways to extend exitmap and add new modules to
> it, which is mostly programming.  The GitHub issue tracker lists two
> of them [1].
> 
> [0] <http://notebooks.nymity.ch/detecting_sybils.html>
> [1] <https://github.com/NullHypothesis/exitmap/issues>
> 
> Cheers,
> Philipp
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> 



More information about the tor-dev mailing list