Multilevel Identification and Classification Analysis of Tor on Mobile and PC Platforms

Liangmin Wang, Hantao Mei, Victor S. Sheng

Research output: Contribution to journalArticlepeer-review

15 Scopus citations


In digitalized and automated systems, more and more intelligent devices have become an import part of industrial Internet of Things (IIOT). However, the lack of security in IIOT makes people facing unprecedented threats from the Dark web. Traffic classification is an important means to prevent anonymous attacks. However, the growing usage of smartphones in daily life is deeply changing the nature of network traffic, which makes traffic classification more challenging. In this article, we propose a Tor traffic identification and multilevel classification framework based on network flow features, which realizes the identification of anonymous traffic (L1), traffic types (L2) of anonymous traffic, and applications (L3) on a mobile and a PC platform, respectively. We further analyze differences between the mobile and the PC platform. We conclude that the impact of time-related features is higher than that of the nontime-related features on the mobile platform, while it is opposite on the PC platform. And it is more difficult to identify and classify Tor types (L2) and specific Tor applications (L3) on the mobile platform than on the PC platform, including using different number of features and early identification and classification.

Original languageEnglish
Article number9072571
Pages (from-to)1079-1088
Number of pages10
JournalIEEE Transactions on Industrial Informatics
Issue number2
StatePublished - Feb 2021


  • Anonymous network
  • The Onion Router (Tor)
  • Tor identification
  • mobile anonymous network
  • traffic classification


Dive into the research topics of 'Multilevel Identification and Classification Analysis of Tor on Mobile and PC Platforms'. Together they form a unique fingerprint.

Cite this