Machine learning approach for detection of non-Tor Traffic

Elike Hodo, Xavier Bellekens, Ephraim Iorkyase, Andrew Hamilton, Christos Tachtatzis, Robert Atkinson

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)
18 Downloads (Pure)


Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

Original languageEnglish
Article number4
Pages (from-to)171-194
Number of pages24
JournalJournal of Cyber Security and Mobility
Issue number2
Publication statusPublished - 24 Nov 2017


  • artificial neural network
  • intrusion detection systems
  • Naïve Bayes
  • support vector machines
  • Tor and nonTor
  • UNB-CIC Tor network traffic dataset


Dive into the research topics of 'Machine learning approach for detection of non-Tor Traffic'. Together they form a unique fingerprint.

Cite this