Challenges in protecting tor hidden services from botnet abuse

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations


In August 2013, the Tor network experienced a sudden, drastic reduction in performance due to the Mevade/Sefnit botnet. This botnet ran its command and control server as a Tor hidden service, so that all infected nodes contacted the command and control through Tor. In this paper, we consider several protocol changes to protect Tor against future incidents of this nature, describing the research challenges that must be solved in order to evaluate and deploy each of these methods. In particular, we consider four technical approaches: resource-based throttling, guard node throttling, reuse of failed partial circuits, and hidden service circuit isolation.

Original languageEnglish (US)
Title of host publicationFinancial Cryptography and Data Security - 18th International Conference, FC 2014, Revised Selected Papers
EditorsReihaneh Safavi-Naini, Nicolas Christin
PublisherSpringer Verlag
Number of pages10
ISBN (Electronic)9783662454718
StatePublished - 2014
Event18th International Conference on Financial Cryptography and Data Security, FC 2014 - Christ Church, Barbados
Duration: Mar 3 2014Mar 7 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other18th International Conference on Financial Cryptography and Data Security, FC 2014
CityChrist Church

Bibliographical note

Funding Information:
Thanks to Mike Perry, Ian Goldberg, Yoshi Kohno, and Roger Dingledine for helpful comments about the problems discussed in this paper. This work was supported by the U.S. National Science Foundation under grants 1111734 and 1314637 and DARPA.

Publisher Copyright:
© International Financial Cryptography Association 2014.


Dive into the research topics of 'Challenges in protecting tor hidden services from botnet abuse'. Together they form a unique fingerprint.

Cite this