Analyzing Characteristic Host Access Patterns for Re-identification of Web User Sessions

Herrmann, Dominik; Gerber, Christoph; Banse, Christian; Federrath, Hannes

doi:10.1007/978-3-642-27937-9_10

Cited by 23 publications

(25 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a previous publication we proposed a user re-identification technique based on the Multinomial Naïve Bayes classifier from Weka [13]. The classifier was evaluated using the HTTP traffic of 28 volunteering users.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Banse

Herrmann

Federrath

2012

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Abstract. Traditionally, service providers, who want to track the activities of Internet users, rely on explicit tracking techniques like HTTP cookies. From a privacy perspective behavior-based tracking is even more dangerous, because it allows service providers to track users passively, i. e., without cookies. In this case multiple sessions of a user are linked by exploiting characteristic patterns mined from network traffic. In this paper we study the feasibility of behavior-based tracking in a real-world setting, which is unknown so far. In principle, behavior-based tracking can be carried out by any attacker that can observe the activities of users on the Internet. We design and implement a behavior-based tracking technique that consists of a Naive Bayes classifier supported by a cosine similarity decision engine. We evaluate our technique using a large-scale dataset that contains all queries received by a DNS resolver that is used by more than 2100 concurrent users on average per day. Our technique is able to correctly link 88.2 % of the surfing sessions on a day-to-day basis. We also discuss various countermeasures that reduce the effectiveness of our technique.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Given one training session per user, up to 73 % of sessions were classified correctly. In comparison to [13] the tracking technique presented in Sect. 5 utilizes an improved feature extraction technique with n-grams and incorporates an additional cosine similarity decision engine.…”

Section: Related Workmentioning

confidence: 99%

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Banse

Herrmann

Federrath

2012

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

show abstract

“…Suppose that a user's privacy policy is to anonymize the web browsing and IM, the attacker will find the target Tor traffic is either Web or IM. In this way, the attacker knows the user's privacy policy and can use it to build more accurate user profiles for purposes like re-identification of users [41].…”

Section: Discussion and Countermeasuresmentioning

confidence: 99%

A novel application classification attack against Tor

Luo

2015

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYTor is a famous anonymous communication system for preserving users' online privacy. It supports TCP applications and packs upper-layer application data into encrypted equal-sized cells with onion routing to hide private information of users. However, we note that the current Tor design cannot conceal certain application behaviors. For example, P2P applications usually upload and download files simultaneously, and this behavioral feature is also kept in Tor traffic. Motivated by this observation, we investigate a new attack against Tor, application classification attack, which can recognize application types from Tor traffic. An attacker first carefully selects some flow features such as burst volumes and directions to represent the application behaviors and takes advantage of some efficient machine-learning algorithm (e.g., Profile Hidden Markov Model) to model different types of applications. Then he or she can use these established models to classify target's Tor traffic and infer its application type. We have implemented the application classification attack on Tor using parallel computing, and our experiments validate the feasibility and effectiveness of the attack. We argue that the disclosure of application type information is a serious threat to Tor users' anonymity because it can be used to reduce the anonymity set and facilitate other attacks. We also present guidelines to defend against application classification attack.

show abstract

“…com/hadoop-dns-tracking/. Details about the dataset, the methodology as well as initial results have been published in [7,10].…”

Section: Behavior-based Tracking For User Re-identification (Finding 3)mentioning

confidence: 99%

Privacy issues in the Domain Name System and techniques for self-defense

Herrmann

2015

It - Information Technology

Self Cite

View full text Add to dashboard Cite

There is a growing interest in retaining and analyzing metadata. Motivated by this trend, the dissertation studies the potential for surveillance via the Domain Name System, an important infrastructure service on the Internet. Three fingerprinting techniques are developed and evaluated. The first technique allows a resolver to infer the URLs of the websites a user visits by matching characteristic patterns in DNS requests. The second technique allows to determine operating system and browser of a user based on behavioral features. Thirdly, and most importantly, it is demonstrated that the activities of users can be tracked over multiple sessions, even when the IP address of the user changes over time. In addition, the dissertation considers possible countermeasures. Obfuscating the desired hostnames by sending a large number of dummy requests (so-called range queries), turns out to be less effective than believed so far. Therefore, more appropriate techniques (mixing queries, pushing popular queries, and extended caching of results) are proposed in the thesis. The results raise awareness for an overlooked threat that infringes the privacy of Internet users, but they also contribute to the development of more usable and more effective privacy enhancing technologies.

show abstract

Analyzing Characteristic Host Access Patterns for Re-identification of Web User Sessions

Cited by 23 publications

References 24 publications

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

A novel application classification attack against Tor

Privacy issues in the Domain Name System and techniques for self-defense

Contact Info

Product

Resources

About