Traffic De-Anonymizer

PDF

Authors
  1. Zincir-Heywood, A.N.
  2. Aghaei, V.
Corporate Authors
Defence Research and Development Canada, Centre for Security Science, Ottawa ON (CAN);Dalhousie Univ, Halifax NS (CAN)
Abstract
Proxies are used commonly on today’s Internet. On one hand, end users can choose to use proxies for keeping their privacy and ubiquitous systems can use it for intercepting the traffic for purposes such as caching. On the other hand, attackers can use such technologies to anonymize their malicious behaviours. Thus, the prevalence of proxies and the different applications and users connected through a proxy has implications in terms of the different behaviours seen on the network. This is important for defense applications since it can facilitate the assessment of security threats. Thus, systems that can identify infected computers behind a proxy based on their behaviour represent a first step in taking the appropriate actions, for example, when a botnet client is identified. The objective of this research includes identifying proxies and the computers behind them based on their behavior from the traffic log files of a computer, which is on the network that is outside of the proxy. This is what we mean by traffic de-anonymizer. To achieve this: (i) we employ a mixture of log files to represent real-life proxy behavior, and (ii) we design and develop a data driven machine learning based approach to provide recommendations for the automatic identification of computers behind an anonymous proxy. Our results show that we are able to achieve our objectives with a promising performance even though the problem is very challenging.
Keywords
Internet Traffic de-anonymiser System
Report Number
DRDC-RDDC-2016-C339 — Contract Report
Date of publication
01 Mar 2014
Number of Pages
64
DSTKIM No
CA044947
CANDIS No
805325
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: