In search of light. Cybercrime detection by analyzing unencrypted traffic on the Tor network (actualmente bajo revisión por pares)
Since its inception, the TOR network has been of interest to the field of criminology due to the presence of criminal services hosted on the system and the frequent use of its ability to provide anonymity to access Dark Web services. While the TOR network is known for how useful it is to those who aim to commit crimes, it emerged as a tool intended to protect users' privacy. So far, there is no evidence that the TOR network is intended solely to facilitate criminal activities carried out by devoted felons. This study aims to examine the network traffic routed from TOR to any service outside this circuit, with the objective of assessing the regular use of this anonymous network. To this end, a technological method is employed to capture unencrypted traffic in TOR for the purpose of analyzing DNS queries made to the Surface Web and to evaluate, quantitatively, the geographical distribution of the accessed pages, as well as the volumetry of the services and their digital reputation. The findings challenge the assumption that TOR is used almost exclusively for malicious purposes, demonstrating that most of the consumption is directed towards various Internet services that are not related to criminal activities.
Journal Impact: Citation (formatted-apa):