RECTor: Robust and Efficient Correlation Attack on Tor
- URL: http://arxiv.org/abs/2512.00436v1
- Date: Sat, 29 Nov 2025 10:25:38 GMT
- Title: RECTor: Robust and Efficient Correlation Attack on Tor
- Authors: Binghui Wu, Dinil Mon Divakaran, Levente Csikor, Mohan Gurusamy,
- Abstract summary: RECTor is a machine learning-based framework for traffic correlation under realistic conditions.<n>It achieves up to 60% higher true positive rates under high-noise conditions and reduces training and inference time by over 50%.<n>These findings reveal critical vulnerabilities in Tor's anonymity model and highlight the need for model-aware defenses.
- Score: 3.643753954062602
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Tor is a widely used anonymity network that conceals user identities by routing traffic through encrypted relays, yet it remains vulnerable to traffic correlation attacks that deanonymize users by matching patterns in ingress and egress traffic. However, existing correlation methods suffer from two major limitations: limited robustness to noise and partial observations, and poor scalability due to computationally expensive pairwise matching. To address these challenges, we propose RECTor, a machine learning-based framework for traffic correlation under realistic conditions. RECTor employs attention-based Multiple Instance Learning (MIL) and GRU-based temporal encoding to extract robust flow representations, even when traffic data is incomplete or obfuscated. These embeddings are mapped into a shared space via a Siamese network and efficiently matched using approximate nearest neighbor (aNN) search. Empirical evaluations show that RECTor outperforms state-of-the-art baselines such as DeepCorr, DeepCOFFEA, and FlowTracker, achieving up to 60% higher true positive rates under high-noise conditions and reducing training and inference time by over 50%. Moreover, RECTor demonstrates strong scalability: inference cost grows near-linearly as the number of flows increases. These findings reveal critical vulnerabilities in Tor's anonymity model and highlight the need for advanced model-aware defenses.
Related papers
- Comparative Evaluation of VAE, GAN, and SMOTE for Tor Detection in Encrypted Network Traffic [0.0]
Encrypted network traffic poses significant challenges for intrusion detection.<n>Traditional data augmentation methods struggle to preserve the complex temporal and statistical characteristics of real network traffic.<n>This work explores the use of Generative AI (GAI) models to synthesize realistic and diverse encrypted traffic traces.
arXiv Detail & Related papers (2026-01-03T13:31:53Z) - RevealNet: Distributed Traffic Correlation for Attack Attribution on Programmable Networks [4.101460679701492]
RevealNet is a decentralized framework for attack attribution.<n>It orchestrates a fleet of P4-programmable switches to perform traffic correlation.<n>Our evaluation suggests that RevealNet achieves comparable accuracy to centralized attack attribution systems.
arXiv Detail & Related papers (2025-05-01T15:48:35Z) - MUFFLER: Secure Tor Traffic Obfuscation with Dynamic Connection Shuffling and Splitting [11.967326811104831]
MUFFLER is a connection-level traffic obfuscation system designed to secure Tor egress traffic.<n>It maps real connections to a distinct set of virtual connections between the final Tor nodes and targeted services.<n>It achieves up to 27x lower latency overhead than existing solutions and seamlessly integrates with the current Tor architecture.
arXiv Detail & Related papers (2025-04-10T08:17:17Z) - Enforcing Fundamental Relations via Adversarial Attacks on Input Parameter Correlations [76.2226569692207]
Correlations between input parameters play a crucial role in many scientific classification tasks.<n>We present a new adversarial attack algorithm called Random Distribution Shuffle Attack (RDSA)<n>We demonstrate the RDSA effectiveness on six classification tasks.
arXiv Detail & Related papers (2025-01-09T21:45:09Z) - MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
arXiv Detail & Related papers (2024-12-19T12:52:53Z) - Progressive Pruning: Analyzing the Impact of Intersection Attacks [1.8434042562191815]
Stream-based communication poses unique challenges for anonymous communication networks (ACNs)<n>Traditionally designed for independent messages, ACNs struggle to account for the inherent vulnerabilities of streams.<n>We introduce progressive pruning, a novel methodology for quantifying the susceptibility to intersection attacks.
arXiv Detail & Related papers (2024-10-11T10:40:51Z) - ACCESS-FL: Agile Communication and Computation for Efficient Secure Aggregation in Stable Federated Learning Networks [26.002975401820887]
Federated Learning (FL) is a distributed learning framework designed for privacy-aware applications.
Traditional FL approaches risk exposing sensitive client data when plain model updates are transmitted to the server.
Google's Secure Aggregation (SecAgg) protocol addresses this threat by employing a double-masking technique.
We propose ACCESS-FL, a communication-and-computation-efficient secure aggregation method.
arXiv Detail & Related papers (2024-09-03T09:03:38Z) - A Geometrical Approach to Evaluate the Adversarial Robustness of Deep
Neural Networks [52.09243852066406]
Adversarial Converging Time Score (ACTS) measures the converging time as an adversarial robustness metric.
We validate the effectiveness and generalization of the proposed ACTS metric against different adversarial attacks on the large-scale ImageNet dataset.
arXiv Detail & Related papers (2023-10-10T09:39:38Z) - Correlating sparse sensing for large-scale traffic speed estimation: A
Laplacian-enhanced low-rank tensor kriging approach [76.45949280328838]
We propose a Laplacian enhanced low-rank tensor (LETC) framework featuring both lowrankness and multi-temporal correlations for large-scale traffic speed kriging.
We then design an efficient solution algorithm via several effective numeric techniques to scale up the proposed model to network-wide kriging.
arXiv Detail & Related papers (2022-10-21T07:25:57Z) - FIRE: A Failure-Adaptive Reinforcement Learning Framework for Edge Computing Migrations [54.34189781923818]
FIRE is a framework that adapts to rare events by training a RL policy in an edge computing digital twin environment.<n>We propose ImRE, an importance sampling-based Q-learning algorithm, which samples rare events proportionally to their impact on the value function.<n>We show that FIRE reduces costs compared to vanilla RL and the greedy baseline in the event of failures.
arXiv Detail & Related papers (2022-09-28T19:49:39Z) - Object Tracking through Residual and Dense LSTMs [67.98948222599849]
Deep learning-based trackers based on LSTMs (Long Short-Term Memory) recurrent neural networks have emerged as a powerful alternative.
DenseLSTMs outperform Residual and regular LSTM, and offer a higher resilience to nuisances.
Our case study supports the adoption of residual-based RNNs for enhancing the robustness of other trackers.
arXiv Detail & Related papers (2020-06-22T08:20:17Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.