Detection on the Tor Network: Fraunhofer collaboration peels back the onion on anonymous activity on the Tor network in newly published findings presented at ARES 2019.

August 26, 2019

Detection and Analysis of Tor Onion Services, ARES conference 2019

Fraunhofer USA CESE’s Dr. Marcel Schäfer participated in the scientific publication “Detection and Analysis of Tor Onion Services” together with researchers of Fraunhofer SIT in Germany. The paper was published and presented at the 3rd International Workshop on Criminal Use of Information Hiding (CUING 2019) that was held in conjunction with the 14th International Conference on Availability, Reliability, and Security (ARES 2019) in Canterbury, United Kingdom, from August 26-29, 2019. The paper discusses the Tor network and the anonymously hosted onion services.


What: Detection and Analysis of Tor Onion Services

Who: Martin Steinebach, Marcel Schäfer, Alexander Karakuz, Katharina Brandl, York Yannikos

Where: Proceedings of the 14th International Conference on Availability, Reliability and Security, (ARES 2019), Canterbury, UK, August 26-29, 2019

Article No. 66

ISBN: 978-1-4503-7164-3



Tor onion services can be accessed and hosted anonymously on the Tor network. We analyze the protocols, software types, popularity and uptime of these services by collecting a large amount of .onion addresses. Websites are crawled and clustered based on their respective language. In order to also determine the amount of unique websites a de-duplication approach is implemented. To achieve this, we introduce a modular system for the real-time detection and analysis of onion services. Address resolution of onion services is realized via descriptors that are published to and requested from servers on the Tor network that volunteer for this task. We place a set of 20 volunteer servers on the Tor network in order to collect .onion addresses. The analysis of the collected data and its comparison to previous research provides new insights into the current state of Tor onion services and their development. The service scans show a vast variety of protocols with a significant increase in the popularity of anonymous mail servers and Bitcoin clients since 2013. The popularity analysis shows that the majority of Tor client requests is performed only for a small subset of addresses. The overall data reveals further that a large amount of permanent services provide no actual content for Tor users. A significant part consists instead of bots, services offered via multiple domains, or duplicated websites for phishing attacks. The total amount of onion services is thus significantly smaller than current statistics suggest.


About Fraunhofer USA

Fraunhofer USA, Inc. is a 501 (c) (3) not-for-profit charitable organization incorporated in Rhode Island that is dedicated to the advancement of applied research. Fraunhofer USA was founded in 1994 to conduct applied R & D for customers in industry, academia and state and federal government agencies in the United States. Working closely with Fraunhofer-Gesellschaft, Europe’s largest application-oriented research and development organization and its sole corporate member, Fraunhofer USA can offer both domestic and international resources to enhance its portfolio of research and development. For more information, visit


Contact: Peter O'Neill

Fraunhofer USA, CESE

Phone: (410) 858-6373                    5700 Rivertech Court, Ste 210

Email:          Riverdale, MD 20737-1250