Inferring the Presence of Reverse Proxies Through Timing Analysis

Abstract

This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web content from the actual source or from some potentially spoofed proxy device; leading to better risk assessment and understanding of the cyber terrain. By using only the measurement and comparison of three-way handshake and content request/delivery packet round trip times, we identify an accurate classifier that detects the presence of a reverse proxy server with over 98% accuracy. This is an improvement over other inference methods because all measurements can be done from an external client machine. A secondary yet significant contribution is the robust data set that was produced as a result of this research. We have collected a set of over 6 million data points from a known set of 30 globally dispersed machines, which was instrumental in our research efforts and will be used for further studies and exploration.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2015
Accession Number
ADA632473

Entities

People

  • Daniel R. Alexander

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Autonomy
  • Biomedical
  • Cyber

DTIC Thesaurus Topics

  • Accuracy
  • Central Processing Units
  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Computer Science
  • Computers
  • Data Sets
  • Electronic Mail
  • Html
  • Internet
  • Internet Of Things
  • Machine Learning
  • Measurement
  • Network Protocols
  • Network Science
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Computer Vision.
  • Cybersecurity.

Technology Areas

  • AI & ML
  • AI & ML - Bayesian Inference
  • Cyber