On Tue, Apr 14, 2015 at 01:38:54AM -0400, Kibo Schaffer wrote:
I want to improve TOR's ability to detect anomalies such as sybil attacks, and make it easy to include other heuristics for other potential attacks. When a potential attack is detected, users and maintainers are notified (as necessary). There has been research and development with this field with TorDoctor, exitmap, and HoneyConnector. However, as far as I am aware, these projects could use some help being solidified and integrated into TOR.
What do you mean by "solidified and integrated into TOR"? Tor, the network or tor, the C program? exitmap (and I think Doctor and HoneyConnector too) is meant to be a stand-alone tool that only uses the Tor network as a client.
And do you already have some concrete ideas about detecting anomalies? It's an interesting topic, but also a theory-heavy one. If we don't have good ideas about concrete things to work on, we can easily spend all three months researching, which is not quite what TSoC is about.
While I'm currently working on Sybil attack detection [0], and more broadly anomaly detection, we are still mostly in the process of working out the theory.
There might be, however, ways to extend exitmap and add new modules to it, which is mostly programming. The GitHub issue tracker lists two of them [1].
[0] http://notebooks.nymity.ch/detecting_sybils.html [1] https://github.com/NullHypothesis/exitmap/issues
Cheers, Philipp