Profiling Users by Modeling Web Transactions

Users of electronic devices, e.g., laptop, smartphone, etc. have characteristic behaviors while surfing the Web. Profiling this behavior can help identify the person using a given device. In this paper, we introduce a technique to profile users based on their web transactions. We compute several features extracted from a sequence of web transactions and use them with one-class classification techniques to profile a user. We assess the efficacy and speed of our method at differentiating 25 synthetic users on a benchmark dataset (from a major security vendor) representing 6 months of web traffic monitoring from a small enterprise network.

[1]  Srinivasan Seshan,et al.  802.11 user fingerprinting , 2007, MobiCom '07.

[2]  Patrick D. McDaniel,et al.  Enterprise Security: A Community of Interest Based Approach , 2006, NDSS.

[3]  Chih-Jen Lin,et al.  LIBSVM: A library for support vector machines , 2011, TIST.

[4]  Chandan Srivastava,et al.  Support Vector Data Description , 2011 .

[5]  Michalis Faloutsos,et al.  Profiling the End Host , 2007, PAM.

[6]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[7]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[8]  Nino Vincenzo Verde,et al.  Analyzing Android Encrypted Network Traffic to Identify User Actions , 2016, IEEE Transactions on Information Forensics and Security.

[9]  Radu State,et al.  Efficient Learning of Communication Profiles from IP Flow Records , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[10]  Stefano Zanero,et al.  Analyzing TCP Traffic Patterns Using Self Organizing Maps , 2005, ICIAP.

[11]  Christopher Krügel,et al.  PUBCRAWL: Protecting Users and Businesses from CRAWLers , 2012, USENIX Security Symposium.

[12]  Nino Vincenzo Verde,et al.  No NAT'd User Left Behind: Fingerprinting Users behind NAT from NetFlow Records Alone , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems.

[13]  Zhi-Li Zhang,et al.  Profiling internet backbone traffic: behavior models and applications , 2005, SIGCOMM '05.

[14]  Bernhard Schölkopf,et al.  Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.