Skip to main content
Article thumbnail
Location of Repository

Disambiguation of Residential Wired and Wireless Access in a Forensic Setting

By Sookhyun Yang, Jim Kurose and Brian Neil Levine


Abstract—Thousands of cases each year of child exploitation on P2P file sharing networks lead from an IP address to a home. A first step upon execution of a search warrant is to determine if the home’s open Wi-Fi or the closed wired Ethernet was used for trafficking; in the latter case, a resident user is more likely to be the responsible party. We propose methods that use remotely measured traffic to disambiguate wired and wireless residential medium access. Our practical techniques work across the Internet by estimating the perflow distribution of inter-arrival times for different home access network types. We observe that the change of inter-arrival time distribution is subject to several residential factors, including differences between OS network stacks, and cable network mechanisms. We propose a model to explain the observed patterns of inter-arrival times, and we study the ability of supervised learning classifiers to differentiate between wired and wireless access based on these remote traffic measurements. I

Year: 2013
OAI identifier: oai:CiteSeerX.psu:
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.