Profiling Users by Modeling Web Transactions

Users of electronic devices, e.g., laptop, smartphone, etc. have characteristic behaviors while surfing the Web. Profiling this behavior can help identify the person using a given device. In this paper, we introduce a technique to profile users based on their web transactions. We compute several features extracted from a sequence of web transactions and use them with one-class classification techniques to profile a user. We assess the efficacy and speed of our method at differentiating 25 users on a dataset representing 6 months of web traffic monitoring from a small company network.Comment: Extended technical report of an IEEE ICDCS 2017 publicatio

Automated Deauthentication using Web Transaction Analysis

Companies commonly provide work related devices enabled with Internet connection to their employees. Usually, all the company's incoming and outgoing Internet traffic is checked by some protection system, eg. by a firewall. Commonly deployed protection systems use static rules that ``allow'' or ``block'' the traffic. However, these rules can not detect changes in user behaviors. Modeling user behavior may be beneficial if it is sufficiently unique with respect to activities of other users or attackers. An automated deauthentication system that is able to recognize if behavior of an active user corresponds to the behavior of an authorized and expected user is proposed in the thesis. The system can recognize an innocent attacker in more than 50\% cases and a legitimate user in more than 95\% cases. The system is expected to work together with other authentication systems