Traffic De-Anonymizer
Abstract
Proxies are used commonly on todays Internet. On one hand, end users can choose to use proxies for keeping their privacy and ubiquitous systems can use it for intercepting the traffic for purposes such as caching. On the other hand, attackers can use such technologies to anonymize their malicious behaviours. Thus, the prevalence of proxies and the different applications and users connected through a proxy has implications in terms of the different behaviours seen on the network. This is important for defense applications since it can facilitate the assessment of security threats. Thus, systems that can identify infected computers behind a proxy based on their behaviour represent a first step in taking the appropriate actions, for example, when a botnet client is identified. The objective of this research includes identifying proxies and the computers behind them based on their behavior from the traffic log files of a computer, which is on the network that is outside of the proxy. This is what we mean by traffic de-anonymizer. To achieve this: (i) we employ a mixture of log files to represent real-life proxy behavior, and (ii) we design and develop a data driven machine learning based approach to provide recommendations for the automatic identification of computers behind an anonymous proxy. Our results show that we are able to achieve our objectives with a promising performance even though the problem is very challenging.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 01, 2014
- Accession Number
- AD1000882
Entities
People
- A. N. Zincir-heywood
- Vahid Aghaei
Organizations
- Dalhousie University