Calendar - University of Houston
Skip to main content

UH Calendar
May 09 7:30 am
Flier from the Office of Faculty Engagement and Development promoting “Support in Writing and Grading” from May 2 to May 9. Sessions are held at the UH Faculty Café (E. Cullen Building, Ground Floor, Room 31). Times: Monday, Wednesday, Friday from 8:30 AM
Support in Writing and Grading
May 09 8:00 am
Event Image
Clinical and Translational Research Symposium
May 09 9:00 am
Staff Affairs Meeting
Staff Affairs Committee Meeting
May 09 9:00 am
The logo for COMPASS
COMPASS Training
Month Week Day
Submit an Event

[Defense] A Behavioral Analysis Framework for Anonymity Network Traffic Detection

Tuesday, April 22, 2025

1:00 pm - 2:30 pm

In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy

Yuan Tian

will defend his doctoral proposal

A Behavioral Analysis Framework for Anonymity Network Traffic Detection

Abstract

An anonymity network is a set of computers that provide users anonymity by masking their identities and activities before reaching a target computer. Intruders are known to route traffic through anonymity networks to obscure their identities. Anonymity can be achieved using The Onion Router (Tor), Virtual Private Networks (VPN), proxy servers, or a custom-made chain of servers, such as a stepping-stone connection. Malicious actors are increasingly exploiting anonymity networks to conceal identities, bypass geo-restrictions, and conduct illicit activities, including cyberattacks and unauthorized access. The use of IP masking, traffic tunneling, and advanced obfuscation techniques poses significant challenges for cybersecurity. While existing research predominantly focuses on traffic flow statistics, there remains a critical gap in developing efficient real-time detection methods capable of countering evolving obfuscation strategies. To address this challenge, we propose to study the problem of identifying intruders behind an anonymity network by analyzing network traffic patterns. This study assumes that using an anonymity network makes traffic patterns, most likely, deviate from normal traffic without using such a network. We have observed some of the traffic pattern deviations in our preliminary study. Furthermore, we assume the malicious intruder may maintain full control over their anonymity infrastructure to make detection more difficult. For example, malicious intruders may deploy custom VPN servers with stealth-optimized configurations. This work focuses on identifying three widely used traffic protocols: Secure Hypertext Transfer Protocol (HTTPS), HTTP/3 and Secure Shell (SSH) Protocol. HTTPS and HTTP/3 were chosen due to their extensive use on the web to ensure privacy protection. SSH, on the other hand, enables users to remotely log into servers, which can potentially cause significant harm to the server. This research aims to establish a robust foundation for designing secure, scalable, and efficient anonymity network detection systems. The framework enhances network security, mitigates threats posed by anonymized malicious traffic, and preserves the integrity of legitimate privacy-preserving technologies.

Tuesday, April 22, 2025
1:00 PM - 2:30 PM

PGH 550

Dr. Stephen Huang, doctoral proposal advisor

Faculty, students, and the general public are invited.