[tor-dev] Running doctor's sybil checker over archived consensuses

grarpamp grarpamp at gmail.com
Tue Jan 20 01:40:58 UTC 2015


On Mon, Jan 19, 2015 at 11:47 AM, Philipp Winter <phw at nymity.ch> wrote:
> On Thu, Jan 15, 2015 at 06:11:25PM -0500, grarpamp wrote:
>> FYI, between here there was thread tor-talk 'many new relays' of possible
>> event around end 2009-06 to begining 2009-07. Along with usual posts
>> of people about potential things to detect.
>
> Interesting, thanks for pointing this out.  This event is visible in
> the diagram but not as a sudden spike but more as a temporary increase
> in the base rate:
> <http://www.nymity.ch/new_fingerprints/2009_new_fingerprints.png>

Cool, nice to see this graphed, really obvious something happened.

> This event also shows why a simple threshold-based detection mechanism
> is insufficient: Sybils can be added slowly over several hours or days
> in order to stay under the threshold.

Re detection methods, consider some examination of exceeded bounds
within first and second derivatives of various data you are
collection, RRD, etc.


More information about the tor-dev mailing list