Traffic Classification for the Detection of Anonymous Web Proxy Routing

Shane Miller, K Curran, Tom Lunney

Research output: Contribution to journalArticlepeer-review

513 Downloads (Pure)


There is an increasing need to be able to classify whether an incoming packet is from a legitimate originating IP address or has been modified through an intermediate proxy or node. Being able to verify the originating IP address allows a business (e.g. bank) to use geolocation services in order to then ascertain which geographical location that packet was sent from. This can then feed into the system intrusion system or backend fraud alert mechanisms. The web however is going 'dark'. There is a noticeable uptake in the amount of encrypted data and third party anonymous traffic proxies which aim to mask the try location and IP address of a web request. We present here a system which identifies the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies.
Original languageEnglish
Pages (from-to)538-545
JournalInternational Journal for Information Security Research
Issue number1
Publication statusPublished (in print/issue) - Mar 2015


  • anonymous proxies
  • traffic classification
  • security
  • networking


Dive into the research topics of 'Traffic Classification for the Detection of Anonymous Web Proxy Routing'. Together they form a unique fingerprint.

Cite this