Predicting Tor Path Compromise by Exit Port

Tor is currently the most popular low latency anonymizing overlay network for TCP-based applications. However, it is well understood that Tor's path selection algorithm is vulnerable to end-to-end traffic correlation attacks since it chooses Tor routers in proportion to their perceived bandwidth capabilities. Prior work has shown that the fraction of malicious routers and the amount of adversary-controlled bandwidth are significant factors for predicting the number of paths that an adversary can compromise. The authors extend this prior work by identifying that the application-layer protocol being transported is also a significant factor in predicting path compromise.