User Profiling and Re-identification: Case of University-Wide Network Analysis

Kumpošt, Marek; Matyáš, Vašek

doi:10.1007/978-3-642-03748-1_1

Cited by 17 publications

(24 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Kumpost's user re-identification technique relies on the destination IP addresses for HTTP(S) and SSH connections of each user [15]. His user profiles consist of sparse access frequency vectors that contain the number of connections to each destination IP address.…”

Section: Related Workmentioning

confidence: 99%

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Banse

Herrmann

Federrath

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. Traditionally, service providers, who want to track the activities of Internet users, rely on explicit tracking techniques like HTTP cookies. From a privacy perspective behavior-based tracking is even more dangerous, because it allows service providers to track users passively, i. e., without cookies. In this case multiple sessions of a user are linked by exploiting characteristic patterns mined from network traffic. In this paper we study the feasibility of behavior-based tracking in a real-world setting, which is unknown so far. In principle, behavior-based tracking can be carried out by any attacker that can observe the activities of users on the Internet. We design and implement a behavior-based tracking technique that consists of a Naive Bayes classifier supported by a cosine similarity decision engine. We evaluate our technique using a large-scale dataset that contains all queries received by a DNS resolver that is used by more than 2100 concurrent users on average per day. Our technique is able to correctly link 88.2 % of the surfing sessions on a day-to-day basis. We also discuss various countermeasures that reduce the effectiveness of our technique.

show abstract

Section: Related Workmentioning

confidence: 99%

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Banse

Herrmann

Federrath

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…Kumpǒst and Matyáš [21,22] analysed the possibility of user re-identification based on their past network behaviour. For their approach, they construct behavioural profiles from sampled NetFlow [8] data with focus on HTTPS, HTTP and SSH traffic.…”

Section: Related Workmentioning

confidence: 99%

A Small Data Approach to Identification of Individuals on the Transport Layer using Statistical Behaviour Templates

Abt

Gärtner

Baier

2014

Proceedings of the 7th International Conference on Security of Information and Networks

View full text Add to dashboard Cite

Our daily life is dominated by constant Internet connectivity. In order to retrieve up-to-date information and to share personal experiences and impressions, our computers and mobile devices periodically communicate with servers or peers. During this data exchange, we constantly leave digital traces on different systems across the communication stack. These traces can be used to compute profiles of individuals. While such profiles may be used to increase user experience and convenience, they seriously affect privacy of individuals. Typically, service providers like Google or Facebook collect gigabytes to terabytes of user payload data to compute user profiles from. That is, they make use of a big data approach. In contrast to that, this paper shows a novel small data approach to compute profiles using behaviour templates derived from IP address and port number statistics. Our use case is to increase network security through concurrent identification. Our approach is capable of identifying individuals with true-and false-positive rates of 0.995 and 0.001, respectively, without relying on payload information, significantly outperforming related work.

show abstract

“…Kumpost et al [5] believe that the websites visited by the user and the corresponding frequencies reflect his habits. Kumpost et al [5] believe that the websites visited by the user and the corresponding frequencies reflect his habits.…”

Section: Related Workmentioning

confidence: 99%

“…Unlike the scenarios mentioned in the preceding texts, in the traffic analysis field, the behavior-based tracking techniques are carried out by passively sniffing traffic and extracting behavioral features to link multiple sessions of the same user. Kumpost et al [5] believe that the websites visited by the user and the corresponding frequencies reflect his habits. They store the destination IP address, source IP address, and the number of connections in a two-dimensional matrix based on the NetFlow logs.…”

Section: Related Workmentioning

confidence: 99%

A novel attack to track users based on the behavior patterns

Shi

Ling

et al. 2016

Concurrency and Computation

View full text Add to dashboard Cite

Currently, people around the world daily use the Internet to access various services, such as e-mail and online shopping. However, the behavior-based tracking attacks have posed a considerable threat to users' privacy. Relying on characteristic patterns within the Internet activities, this attack can link a user's multiple sessions. In this paper, we investigate the behavior-based tracking attack and propose some countermeasures to mitigate the threat. We preprocess the raw traffic data and then extract features ranging from lower layer network packets to high-level application-related traffic. Specifically, we focus on four types of applicationlevel traffic to infer users' habits, including HTTP, IM, e-mail, and P2P. In addition, we extract the web queries entered into shopping websites and classify them to infer users' preferences. Then, we construct the preference models and propose an improved method. For evaluation, we collect traffic in the realworld environment to construct a large-scale dataset. Five hundred and nine users are selected in terms of the user's active degree. When the term frequency-inverse document frequency transformation is used, the improved method can identify an average of 93.79% instances correctly. Our extensive empirical experiments demonstrate the effectiveness and efficiency of our approaches. Finally, we discuss and evaluate several countermeasures.In the preceding texts, d 1 to d 7 represent the top seven online shopping websites. If the user has submitted queries to the ith website in a session, the value of d i is set to 1 and 0 otherwise. c 1 to c 10

show abstract

User Profiling and Re-identification: Case of University-Wide Network Analysis

Cited by 17 publications

References 3 publications

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility

A Small Data Approach to Identification of Individuals on the Transport Layer using Statistical Behaviour Templates

A novel attack to track users based on the behavior patterns

Contact Info

Product

Resources

About