Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications

Yen, Ting-Fang; Huang, Xin; Monrose, Fabian; Reiter, Michael K.

doi:10.1007/978-3-642-02918-9_10

Cited by 28 publications

(19 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even within a single network, the network's most basic characteristics-such as bandwidth, duration of connections, and application mixcan exhibit immense variability, rendering them unpredictable over short time intervals (seconds to hours). The 3 We note that in fact the literature holds some fairly amazing demonstrations of how much more information a dataset can provide than what we might intuitively expect: Wright et al [27] infer the language spoken on encrypted VOIP sessions; Yen et al [28] identify the particular web browser a client uses from flow-level data; Narayanan et al [29] identify users in the anonymized Netflix datasets via correlation with their public reviews in a separate database; and Kumar et al [30] determine from lossy and remote packet traces the number of disks attached to systems infected by the "Witty" worm, as well as their uptime to millisecond precision.…”

Section: Diversity Of Network Trafficmentioning

confidence: 99%

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Sommer

Paxson

2010

2010 IEEE Symposium on Security and Privacy

1,174

743

View full text Add to dashboard Cite

Abstract-In network intrusion detection research, one popular strategy for finding attacks is monitoring a network's activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational "real world" settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly detection.

show abstract

Section: Diversity Of Network Trafficmentioning

confidence: 99%

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Sommer

Paxson

2010

2010 IEEE Symposium on Security and Privacy

1,174

743

View full text Add to dashboard Cite

show abstract

“…The first category fingerprints a browser by collecting application-layer information, including HTTP request header information and system configuration information from the browser [23]. The second category performs browser fingerprinting by examining coarse traffic generated by the browsers [24]. However, both of them have their limitations in detecting clickbots.…”

Section: Related Workmentioning

confidence: 99%

Click Fraud Detection on the Advertiser Side

Liu

Koehl

et al. 2014

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Click fraud-malicious clicks at the expense of pay-per-click advertisers-is posing a serious threat to the Internet economy. Although click fraud has attracted much attention from the security community, as the direct victims of click fraud, advertisers still lack effective defense to detect click fraud independently. In this paper, we propose a novel approach for advertisers to detect click frauds and evaluate the return on investment (ROI) of their ad campaigns without the helps from ad networks or publishers. Our key idea is to proactively test if visiting clients are full-fledged modern browsers and passively scrutinize user engagement. In particular, we introduce a new functionality test and develop an extensive characterization of user engagement. Our detection can significantly raise the bar for committing click fraud and is transparent to users. Moreover, our approach requires little effort to be deployed at the advertiser side. To validate the effectiveness of our approach, we implement a prototype and deploy it on a large production website; and then we run 10-day ad campaigns for the website on a major ad network. The experimental results show that our proposed defense is effective in identifying both clickbots and human clickers, while incurring negligible overhead at both the server and client sides.

show abstract

“…), cookie information [22], or search for platform specific components like Flash blockers or Silverlight [12]. Another approach is to search traffic flows for known, specific identifiers like connections to Firefox update servers [30]. Conversely, techniques like the well-known CAPTCHA puzzles attempt to prove the existence of a human user.…”

Section: Related Workmentioning

confidence: 99%

NetGator: Malware Detection Using Program Interactive Challenges

Schulte

Andrianakis

Sun

et al. 2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Abstract. Internet-borne threats have evolved from easy to detect denial of service attacks to zero-day exploits used for targeted exfiltration of data. Current intrusion detection systems cannot always keep-up with zero-day attacks and it is often the case that valuable data have already been communicated to an external party over an encrypted or plain text connection before the intrusion is detected. In this paper, we present a scalable approach called Network Interrogator (NetGator) to detect network-based malware that attempts to exfiltrate data over open ports and protocols. NetGator operates as a transparent proxy using protocol analysis to first identify the declared client application using known network flow signatures.Then we craft packets that "challenge" the application by exercising functionality present in legitimate applications but too complex or intricate to be present in malware. When the application is unable to correctly solve and respond to the challenge, NetGator flags the flow as potential malware. Our approach is seamless and requires no interaction from the user and no changes on the commodity application software. NetGator introduces a minimal traffic latency (0.35 seconds on average) to normal network communication while it can expose a wide-range of existing malware threats.

show abstract

Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications

Cited by 28 publications

References 27 publications

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

Click Fraud Detection on the Advertiser Side

NetGator: Malware Detection Using Program Interactive Challenges

Contact Info

Product

Resources

About