The mechanism for picking guards in Tor suffers from security problems like guard fingerprinting and from performance issues. To address these issues, Hayes and Danezis proposed the use of guard sets, in which the Tor system groups all guards into sets, and each client picks one of these sets and uses its guards. Unfortunately, guard sets frequently need nodes added or they are broken up due to fluctuations in network bandwidth. In this paper, we first show that these breakups create opportunities for malicious guards to join many guard sets by merely tuning the bandwidth they make available to Tor, and this greatly increases the number of clients exposed to malicious guards. To address this problem, we propose a new method for forming guard sets based on Internet location. We construct a hierarchy that keeps clients and guards together more reliably and prevents guards from easily joining arbitrary guard sets. This approach also has the advantage of confining an attacker with access to limited locations on the Internet to a small number of guard sets. We simulate this guard set design using historical Tor data in the presence of both relay-level adversaries and networklevel adversaries, and we find that our approach is good at confining the adversary into few guard sets, thus limiting the impact of attacks.
 A. Barton and M. Wright. Denasa: Destination-naive asawareness in anonymous communications. In Proceedings on Privacy Enhancing Technologies, 2016.
 A. Biryukov, I. Pustogarov, and R.-P. Weinmann. Trawling for Tor hidden services: Detection, measurement, deanonymization. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, May 2013.
 X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, and kc claffy. AS relationships: Inference and validation. In CCR, 2007.
 R. Dingledine and G. Kadianakis. One fast guard for life (or 9 months.
 M. Edman and P. F. Syverson. AS-awareness in Tor path selection. In E. Al-Shaer, S. Jha, and A. D. Keromytis, editors, Proceedings of the 2009 ACM Conference on Computer and Communications Security, CCS 2009, pages 380–389. ACM, November 2009.
 T. Elahi, K. Bauer, M. AlSabah, R. Dingledine, and I. Goldberg. Changing of the guards: A framework for understanding and improving entry guard selection in tor. In Proceedings of the 2012 ACM Workshop on Privacy in the Electronic Society, WPES ’12, pages 43–54, New York, NY, USA, 2012. ACM.
 N. S. Evans, R. Dingledine, and C. Grothoff. A practical congestion attack on Tor using long paths. In USENIX Security, 2009.
 L. Gao. On inferring autonomous system relationships in the Internet. ACM/IEEE Transactions on Networks (TON), 9(6), 2001.
 J. Hayes and G. Danezis. Guard sets for onion routing. In Proceedings on Privacy Enhancing Technologies, 2015.
 N. Hopper, E. Y. Vasserman, and E. Chan-Tin. How much anonymity does network latency leak? ACM Transactions on Information and System Security, 13(2), February 2010.
 R. Jansen, K. Bauer, N. Hopper, and R. Dingledine. Methodically modeling the Tor network. In Proceedings of the USENIX Workshop on Cyber Security Experimentation and Test (CSET 2012), August 2012.
 R. Jansen, J. Geddes, C. Wacek, M. Sherr, and P. Syverson. Never been KIST: Tor’s congestion management blossoms with kernel-informed socket transport. In 23rd USENIX Security Symposium (USENIX Security 14), pages 127–142, San Diego, CA, Aug. 2014. USENIX Association.
 R. Jansen and N. Hopper. Shadow: Running tor in a box for accurate and efficient experimentation. In Proceedings of the 19th Symposium on Network and Distributed System Security (NDSS). Internet Society, February 2012.
 A. Johnson, R. Jansen, A. Jaggard, J. Feigenbaum, and P. Syverson. Avoiding the man on the wire: Improving tor’s security with trust-aware path selection. In 24th Symposium on Network and Distributed System Security (NDSS 2017).
 A. Johnson, C. Wacek, R. Jansen, M. Sherr, and P. Syverson. Users get routed: Traffic correlation on tor by realistic adversaries. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pages 337–348, New York, NY, USA, 2013. ACM.
 Joshua Juen, Aaron Johnson, Anupam Das, Nikita Borisov, and Matthew Caesar. Defending tor from network adversaries: A case study of network path prediction. In Proceedings on Privacy Enhancing Technologies, 2015.
 B. N. Levine, M. Reiter, C. Wang, and M. Wright. Timing analysis in low-latency mix systems. In Proc. Financial Cryptography (FC), Feb. 2004.
 M. Luckie, B. Huffaker, k. claffy, A. Dhamdhere, and V. Giotsas. AS relationships, customer cones, and validation. In Internet Measurement Conference (IMC), pages 243–256, Oct 2013.
 N. Mathewson and R. Dingledine. Practical traffic analysis: Extending and resisting statistical disclosure. In Proc. Privacy Enhancing Technologies workshop (PET), May 2004.
 P. Mittal, A. Khurshid, J. Juen, M. Caesar, and N. Borisov. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In Proceedings of the 18th ACM conference on Computer and Communications Security (CCS 2011), October 2011.
 S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS, May 2005.
 S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In IEEE S&P, 2005.
 L. Overlier and P. Syverson. Locating hidden servers. In IEEE S&P, 2006.
 J. Qiu and L. Gao. AS path inference by exploiting known AS paths. 2005.
 Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal. RAPTOR: Routing attacks on privacy in Tor. In 24th USENIX Security Symposium (USENIX Security 15), pages 271–286, Washington, D.C., Aug. 2015. USENIX Association.