A New Network Traffic Classification Method Based on Classifier Integration

Zhang, Luoshi; Yibo, Xue; Bao, Yuanyuan

doi:10.14257/ijgdc.2015.8.3.29

Cited by 2 publications

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To name a few: Katerina Goseva-Postojanova et al used supervised machine-learning methods on 43 features to classify attacker activities to two classes: vulnerability scans and attacks [18]. By dividing the training set into clusters, forming sub-classifiers and integrating classifiers, Cluster-Min-Max (CMM) method effectively reduces the false positive rate of traffic classification, their experiments showed its effectiveness for large-scale network [19]. Set-Based Constrained K-Means (SBCK) algorithm is a constrained variant of K-Means.…”

Section: Introductionmentioning

confidence: 99%

Attacking HTTPS Secure Search Service through Correlation Analysis of HTTP Webpages Accessed

Qian¹,

Wang²

2017

IJSIA

107

View full text Add to dashboard Cite

It is very common for Internet users to query a search engine when retrieving web information. Sensitive data about search engine user's intentions or behavior can be inferred from his query phrases and the webpages he visits subsequently. In order to protect contents of communications from being eavesdropped, a search engine can adopt HTTPS-by-default to provide bidirectional encryption to protect its users' privacy. Since the majority of webpages indexed in search engine's results pages are still on HTTPenabled websites and the contents of these webpages can be observed by attackers once the user click on the indexed web-links. We propose a novel approach for attacking secure search through correlating analysis of encrypted search with unencrypted webpages the user visits subsequently. We show that a simple weighted TF-DF mechanism is sufficient for selecting guessing phrase candidates. Imitating search engine users, by querying these candidates and enumerating webpages indexed in results pages, we can hit the definite query phrases and meanwhile reconstruct user's web-surfing trails through DNS-based URLs comparison and flow feature statistics-based network traffic analysis. In the experiment including 180 Chinese and English search phrases, we achieved 67.78% hit rate at first guess and 96.11% hit rate within three guesses. Our empirical research shows that HTTPS traffic can be correlated and de-anonymized through HTTP traffic and secure search of search engine is not always secure unless HTTPS-by-default enabled everywhere.

show abstract

Section: Introductionmentioning

confidence: 99%