Empirical analysis of Tor Hidden Services

Empirical analysis of Tor Hidden Services

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Tor hidden services allow someone to host a website or other transmission control protocol (TCP) service whilst remaining anonymous to visitors. The collection of all Tor hidden services is often referred to as the ‘darknet’. In this study, the authors describe results from what they believe to be the largest study of Tor hidden services to date. By operating a large number of Tor servers for a period of 6 months, the authors were able to capture data from the Tor distributed hash table to collect the list of hidden services, classify their content and count the number of requests. Approximately 80,000 hidden services were observed in total of which around 45,000 are present at any one point in time. Abuse and Botnet C&C servers were the most frequently requested hidden services although there was a diverse range of services on offer.


    1. 1)
      • 1. Tor Project: ‘Metrics portal’, September 2014. Available at
    2. 2)
      • 2. Winter, P., Lindskog, S.: ‘How the great firewall of china is blocking tor’. Proc. of USENIX Workshop on Free and Open Communications on the Internet, 2012.
    3. 3)
      • 3. Elahi, T., Bauer, K., AlSabah, M., et al: ‘Changing of the guards: a framework for understanding and improving entry guard selection in tor’. Proc. of the Workshop on Privacy in the Electronic Society, 2012.
    4. 4)
      • 4. Murdoch, S.J., Zielínski, P.: ‘Sampled traffic analysis by Internet-exchange-level adversaries’. Proc. of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007), 2007.
    5. 5)
    6. 6)
      • 6. Chaabane, A., Manils, P., Kaafar, M.A.: ‘Digging into anonymous traffic: a deep analysis of the tor anonymizing network’. Proc. of the 4th Int. Conf. on Network and System Security (NSS), 2010.
    7. 7)
      • 7. McCoy, D., Bauer, K., Grunwalk, D., et al: ‘Shining light in dark places: understanding the tor network’, Priv. Enhancing Technol., 2008, 5134, pp. 6376.
    8. 8)
      • 8. Ling, Z., Luo, J., Wu, K., et al: ‘Torward: discovery of malicious traffic over tor’. Proc. of the IEEE Int. Conf. on Computer Communications, 2014.
    9. 9)
      • 9. Dingledine, R., Mathewson, N., Syverson, P.: ‘Tor: the second-generation onion router’. Technical report, Naval Research Laboratory, USA, 2004.
    10. 10)
      • 10. Stoica, I., Morris, R., Karger, D., et al: ‘Chord: a scalable peer-to-peer lookup service for internet applications’. Proc. of the 2001 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, 2001, pp. 149160. Available at
    11. 11)
      • 11. Douceur, J.R.: ‘The sybil attack’. Revised Papers from the First Int. Workshop on Peer-to-Peer Systems, IPTPS'01, 2002, pp. 251260. Available at
    12. 12)
      • 12. Lesniewski-Laas, C.: ‘A sybil-proof one-hop dht’. Proc. of the 1st Workshop on Social Network Systems, SocialNets'08, 2008, pp. 1924. Available at
    13. 13)
      • 13. Lesniewski-Laas, C., Kaashoek, M.F.: ‘Whanau: a sybil-proof distributed hash table’. Proc. of the 7th USENIX Conf. on Networked Systems Design and Implementation, NSDI'10, 2010, pp. 88. Available at
    14. 14)
      • 14. Biryukov, A., Pustogarov, I., Weinmann, P.-P.: ‘Detection, measurement and deanonymisation’. Proc. of IEEE Symp. on Security and Privacy, 2013, pp. 8094.
    15. 15)
      • 15. Christin, N.: ‘Traveling the silk road: a measurement analysis of a large anonymous online marketplace’. Proc. of the 22nd Int. Conf. on World Wide Web, 2013.
    16. 16)
      • 16. Samarawickrama, S., Jayaratne, L.: ‘Automatic text classification and focused crawling’. Sixth Int. Conf. on Digital Information Management (ICDIM), 2011.
    17. 17)
      • 17. Hermes Center for Transparency and Digital Human Rights: ‘Globaleaks platform’, 2014. Available at
    18. 18)
      • 18. Freedom of the Press Foundation: ‘Securedrop platform’, 2014. Available at
    19. 19)
      • 19. Stone-Gross, B., Cova, M., Cavallaro, L., et al: ‘Your botnet is my botnet: analysis of a botnet takeover’. Proc. of the 16th ACM Conf. on Computer and Communications Security, CCS ‘09, 2009, pp. 635647. Available at
    20. 20)
      • 20. Hopper, N.: ‘Challenges in protecting tor hidden services from botnet abuse’. Proc. of Financial Cryptography and Data Security (FC'14), 2014.
    21. 21)
      • 21. Johnson, A., Wacek, C., Jansen, R., et al: ‘Users get routed: traffic correlation on tor by realistic adversaries’. Proc. of the 20th ACM Conf. on Computer and Communications Security, 2013.
    22. 22)
      • 22. Kwon, A., AlSabah, M., Lazar, D., et al: ‘Circuit fingerprinting attacks: passive deanonymization of tor hidden services’. Proc. of the 24th USENIX Security Symp. (Security), 2015.
    23. 23)
      • 23. Ling, Z., Luo, J., Wu, K., et al: ‘Protocol-level hidden server discovery’. Proc. of the 32nd IEEE Int. Conf. on Computer Communications, 2013.

Related content

This is a required field
Please enter a valid email address