User Identification in Dynamic Web Traffic Via Deep Temporal Features

Abstract

Web applications that process sensitive information have become prevalent. Modern web applications rely heavily on dynamic content (i.e., page updates made by the browser using an XMLHttpRequest, and more recently the JavaScript Fetch API). Ajax technology provides fast client-server communication, which generates web traffic that updates the document object model (DOM) object in the browser interface often induced by user input. Therefore, the users actions are strongly correlated with timing and size of packets that carry Ajax requests. This research aims to characterize the relationship between keystroke dynamics and Ajax packets in dynamic web traffic. We investigate several dynamic web applications and the ability to measure human behavior in encrypted network traffic. Two approaches to Ajax packet detection are proposed and evaluated: longest increasing subsequence (LIS), which uses packet sizes, and dynamic time warping (DTW), which uses keystroke and packet timings. From the detected packets of recognized patterns, we examine the extent to which remote user identification in dynamic web traffic can be performed. We use a recurrent neural network (RNN) trained with triplet loss to extract deep temporal features from the detected packet timings. Leveraging recent work in keystroke dynamics, we show that user identification can be performed with modest accuracy utilizing the packet timings invoked by a user typing in a web search engine.

Document Details

Document Type

Technical Report

Publication Date

Mar 01, 2021

Accession Number

AD1150664

Entities

Tags