IDENTIFICATION AND ANALYSIS OF TORT TRAFFIC Tor is a free software system that allows anonymous communication on the Internet. The Tor network is based on the Onion router network. According to Deng, Qian, Chen, and Su (2017), “Tor is known as the second generation of onion routing, which is currently the most popular and widely used anonymous communication system.” Identifying anonymous traffic plays an essential role in today's world and helps prevent the misuse of technology. User Internet activity cannot be easily tracked using the Tor network. User privacy can be well protected with this Tor network. Using Tor, users can browse the Internet and send messages to people without revealing user details. Therefore, this network helps protect user privacy by sending messages anonymously. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay According to Cuzzocrea, Martinelli, Mercaldo, and Vercelli (2017), "Tor is increasingly used for non-legal activities, that is, to gain access to censored" information, to organize political activities, or to evade laws against criticism to heads of state Tor has, for example, been used by criminal enterprises, hacktivism groups and law enforcement for conflicting purposes.” The Tor network is made up of a group of operational networks and these are connected by a series of virtual tunnels. The main idea behind Tor's design is to reduce user tracking instead of completely erasing traces. Several machine learning techniques can be applied to know if a host is generating Tor-related traffic. The adequacy of the technique can also be assessed using this method. According to Oda, Obukata, Yamada, Hiyama, Barolli, and Takizawa (2016), "Compared to other anonymizers, Tor is more popular and has more visibility in the academic and hacker communities". Anonymous Tor traffic can also be identified using a method called the gravitational clustering algorithm. In gravitational clustering analysis, each vector in the dataset is considered as an object in the component space. Additionally, objects are moved using gravitational force and the second law of motion. This method automates the process involved in identifying the number of clusters. This method could adapt to any unknown network traffic. Gravity clustering analysis has the best performance for Tor traffic recognition compared to other traditional clustering methods such as Kmeans, EM and DBSCAN. Tor is increasingly being used for non-legal activities, such as accessing censored data, solving political exercises, or circumventing laws against feedback from heads of state1. Tor has, for example, been used by criminal organizations, hacktivist groups and legal departments who have encountered communication problems, sometimes simultaneously2; Furthermore, offices within the US government support Tor differently. In the beginning, the Web, especially TCP/IP, was not designed to be anonymous. One answer to ensuring anonymity is to create an overlay system that continues to run on the TCP/IP network. The overlay network then provides control of message addressing, henceforth covering the IP addresses of the hosts. This check involves obfuscating the IP address and thus ensures anonymity. One of the generally used anonymous system applications is the Onion Routing (TOR) browser created by the TOR project. TOR is a distributed system that uses low-downtime networking, including an additional per-hop encryption layernetwork and creating irregular system paths for each exchange. Client and server paths cannot be followed without traffic analysis. There is no hub on the communication path that can resolve messages sent by a client with those received by the server. However, numerous scientists find that it is necessary to analyze how TOR works, due to its security features have been enhanced. Some types of research have been conducted to visualize the TOR network. Because a live TOR trial is problematic because it is not an expected and controllable condition. There are a number of system conditions that can cause tilt, henceforth it is disturbed to repeat the experiments. Additionally, collecting customer information is tricky because it can uncover security threats. At that point alternative methodologies were developed, for example, using emulation and simulation. The field of research into anonymity innovations began in the mid-1980s with David Chaum's article on untraceable email. In any case, it was only from 2000 that anonymity and privacy-enhancing innovations began to receive the attention of a large research network. In 2004, the basic design of a practical connection network called Tor was published. Its low latency makes it exceptionally reasonable for basic Internet communications applications. Tor has now become the best open anonymity communication advantage on the Internet. ANALYSISTor was designed not to scrap user data on the site, but to make it difficult for sites to trace any user activity. This is done by first encrypting the user's identity and the data it contains and then creating a pseudo identity for the user. According to Kiran, Vignesh, Shenoy, Venugopal, Prabhu, and Prasad (2017), “Client obscurity is achieved by routing traffic through three randomly chosen relays, viz. Entry Guard Relay, Middle Relay and Exit Relay and providing encryption to multiple layers to the data at each layer”. The selection of these relays is arbitrary and repetitive, in the choice of any three transfers, regardless of their attributes and intermittent, in the occasional determination of another circuit server are encrypted three times using the session key each exchanged with the three relays and each layer decodes it using its own particular session key, then forwards the decoded packet to the next relay 'Exit Relay receives the packet, forwards it to the server and the server sees the IP address of the Exit Relay as the user's IP address. Layered decryption at each hop implies the originality of the packet. To select relays in a circuit, Tor uses two algorithms. They are: 1) Ingress Protection Selection Algorithm 2) Non-Ingress Relay Selection Algorithm The first algorithm involves categorizing relays based on their data transfer capabilities, commonly known as bandwidths and uptime. The classification parameter was chosen as transfer rate, mainly to improve the speed of Tor circuits. This arbitrary determination was eradicated by arranging the guards as fast and stable. Fast guards were those whose offered transmission capacity was greater than the median bandwidth of all relays, while stable guards were those whose uptime was greater than the average uptime of all relays. Uptime is a measure of stability that characterizes the extent of time a framework has worked and been accessible. Usinguptime as a parameter, it is ensured that an attacker cannot simply create new forwards and start receiving traffic immediately. According to the algorithm, an entrance guard must be fast and stable. While this change made the circuits stable, it compromised the anonymity of the entrance guards as only a few specific relays were currently qualified to act as entrance guards. Furthermore, the periodicity of choosing another circuit was hindered when the condition was introduced that another guard could be chosen just when the old one was inaccessible. Those who were inaccessible were dumped and resigned. In more ways than one, the determination of the gate guards has been confined to a narrow pool. The second algorithm concerns improving the anonymity factor of people who do not enter guards. He acknowledged that the main algorithm was found to be struggling in this perspective. Therefore, the entire system of selecting only the best relays was eliminated and new selection criteria were approved. Consistency in the selection of relays was given primary importance. This algorithm ensured that fast and stable relays were not the main ones chosen, but caused them to be chosen more frequently. Emphasis was placed on the choice of relays rated as stable. Additionally, Tor names some ports as long-lived, and if traffic passing a route uses one of these persistent ports, Tor will increase the route toward stability by reducing the list of available routers to only those defined as stable. Onion routing is performed using cryptography in the application layer of a protocol stack, arranged like the layers of an onion. Tor encodes the information, including the following destination IP address, and sends it through a virtual circuit involving arbitrarily chosen Tor relays. Each relay decodes a layer of encryption to discover only the next relay in the circuit keeping in mind the end goal of transmitting the rest of the encoded information to it. The last relay decodes the deepest layer of encryption and sends the original information to the destination without discovering the source IP address. Since the direction of communication is somewhat masked at each hop in the Tor circuit, this technique erases every single point at which communication peers can be determined. According to Johnson, McLaughlin, and Thompson (2010), “Tor is an overlay protocol and uses an underlying transmission control protocol (TCP)/Internet Protocol (IP) layer to manage data transport, delivery, and routing.” . The small amount of centralized control that exists in any Tor network comes from the central registry servers. These maintain system conditions and collect and examine information, for example, which nodes are reasonable to use as exit nodes, their uptime, and any data transfer capacity limits imposed by node administrators. This data allows Tor to obviously decide for a particular connection based on the user's needs. Traffic to and from an index server uses an alternative port to that of payload traffic and can be easily isolated. There are three types of nodes usually found in a Tor network. Egress nodes: Send the task unencrypted to its destination. Entry nodes - which recognize the unencrypted movement, encode it and forward it to the system and routers - which forward the movement between Tor router nodes. Entry and exit nodes are mostly the end goals of any Tor communication. There are numerous projects imaginable, however it is.