3,888 research outputs found
Measuring Information Leakage in Website Fingerprinting Attacks and Defenses
Tor provides low-latency anonymous and uncensored network access against a
local or network adversary. Due to the design choice to minimize traffic
overhead (and increase the pool of potential users) Tor allows some information
about the client's connections to leak. Attacks using (features extracted from)
this information to infer the website a user visits are called Website
Fingerprinting (WF) attacks. We develop a methodology and tools to measure the
amount of leaked information about a website. We apply this tool to a
comprehensive set of features extracted from a large set of websites and WF
defense mechanisms, allowing us to make more fine-grained observations about WF
attacks and defenses.Comment: In Proceedings of the 2018 ACM SIGSAC Conference on Computer and
Communications Security (CCS '18
Evaluation of Machine Learning Algorithms for Intrusion Detection System
Intrusion detection system (IDS) is one of the implemented solutions against
harmful attacks. Furthermore, attackers always keep changing their tools and
techniques. However, implementing an accepted IDS system is also a challenging
task. In this paper, several experiments have been performed and evaluated to
assess various machine learning classifiers based on KDD intrusion dataset. It
succeeded to compute several performance metrics in order to evaluate the
selected classifiers. The focus was on false negative and false positive
performance metrics in order to enhance the detection rate of the intrusion
detection system. The implemented experiments demonstrated that the decision
table classifier achieved the lowest value of false negative while the random
forest classifier has achieved the highest average accuracy rate
The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis
In recent years, mobile devices (e.g., smartphones and tablets) have met an
increasing commercial success and have become a fundamental element of the
everyday life for billions of people all around the world. Mobile devices are
used not only for traditional communication activities (e.g., voice calls and
messages) but also for more advanced tasks made possible by an enormous amount
of multi-purpose applications (e.g., finance, gaming, and shopping). As a
result, those devices generate a significant network traffic (a consistent part
of the overall Internet traffic). For this reason, the research community has
been investigating security and privacy issues that are related to the network
traffic generated by mobile devices, which could be analyzed to obtain
information useful for a variety of goals (ranging from device security and
network optimization, to fine-grained user profiling).
In this paper, we review the works that contributed to the state of the art
of network traffic analysis targeting mobile devices. In particular, we present
a systematic classification of the works in the literature according to three
criteria: (i) the goal of the analysis; (ii) the point where the network
traffic is captured; and (iii) the targeted mobile platforms. In this survey,
we consider points of capturing such as Wi-Fi Access Points, software
simulation, and inside real mobile devices or emulators. For the surveyed
works, we review and compare analysis techniques, validation methods, and
achieved results. We also discuss possible countermeasures, challenges and
possible directions for future research on mobile traffic analysis and other
emerging domains (e.g., Internet of Things). We believe our survey will be a
reference work for researchers and practitioners in this research field.Comment: 55 page
No NAT'd User left Behind: Fingerprinting Users behind NAT from NetFlow Records alone
It is generally recognized that the traffic generated by an individual
connected to a network acts as his biometric signature. Several tools exploit
this fact to fingerprint and monitor users. Often, though, these tools assume
to access the entire traffic, including IP addresses and payloads. This is not
feasible on the grounds that both performance and privacy would be negatively
affected. In reality, most ISPs convert user traffic into NetFlow records for a
concise representation that does not include, for instance, any payloads. More
importantly, large and distributed networks are usually NAT'd, thus a few IP
addresses may be associated to thousands of users. We devised a new
fingerprinting framework that overcomes these hurdles. Our system is able to
analyze a huge amount of network traffic represented as NetFlows, with the
intent to track people. It does so by accurately inferring when users are
connected to the network and which IP addresses they are using, even though
thousands of users are hidden behind NAT. Our prototype implementation was
deployed and tested within an existing large metropolitan WiFi network serving
about 200,000 users, with an average load of more than 1,000 users
simultaneously connected behind 2 NAT'd IP addresses only. Our solution turned
out to be very effective, with an accuracy greater than 90%. We also devised
new tools and refined existing ones that may be applied to other contexts
related to NetFlow analysis
- …