A Proxy Identifier Based on Patterns in Traffic Flows

Author

Aghaei-Foroushani, Vahid ; Zincir-Heywood, A. Nur

Author_Institution

Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

fYear

2015

fDate

8-10 Jan. 2015

Firstpage

118

Lastpage

125

Abstract

Proxies are used commonly on today´s Internet. On one hand, end users can choose to use proxies for hiding their identities for privacy reasons. On the other hand, ubiquitous systems can use it for intercepting the traffic for purposes such as caching. In addition, attackers can use such technologies to anonymize their malicious behaviours and hide their identities. Identification of such behaviours is important for defense applications since it can facilitate the assessment of security threats. The objective of this paper is to identify proxy traffic as seen in a traffic log file without any access to the proxy server or the clients behind it. To achieve this: (i) we employ a mixture of log files to represent real-life proxy behavior, and (ii) we design and develop a data driven machine learning based approach to provide recommendations for the automatic identification of such behaviours. Our results show that we are able to achieve our objective with a promising performance even though the problem is very challenging.

Keywords

Internet; data privacy; pattern recognition; telecommunication traffic; ubiquitous computing; Internet; log files; malicious behaviours; patterns; privacy reasons; proxy identifier; real-life proxy behavior; security threats; traffic flows; ubiquitous systems; Cryptography; Delays; IP networks; Probes; Web servers; Behavior Analysis; Network Security; Proxy; Traffic Flow;

fLanguage

English

Publisher

ieee

Conference_Titel

High Assurance Systems Engineering (HASE), 2015 IEEE 16th International Symposium on

Conference_Location

Daytona Beach Shores, FL

Print_ISBN

978-1-4799-8110-6

Type

conf

DOI

10.1109/HASE.2015.26

Filename

7027422