A Novel Behavior-Based Tracking Attack for User Identification

Currently, people round the world daily use the Internet to access various services, such as, email and online shopping. However, the behavior-based tracking attacks have posed a considerable threat to users' privacy. Relying on characteristic patterns within the Internet activities, this attack can link a user's multiple sessions which are composed of a period of user's traffic. Once a user's personally identifiable information is disclosed in some session, the attacker can obtain the user's other network activities according to the linked sessions. In this paper, we investigate this behavior-based tracking attack and discuss the possible countermeasures. We preprocess the raw traffic data and then extract features ranging from lower layer network packets to high level application related traffic. Specifically, we focuses on four types of application-level traffic to infer users' habits, including HTTP, IM, Email, and P2P. A Multinomial Naive Bayes Classifier is employed to correlate users' sessions in distinct period. To evaluate the feasibility of our approach, we collect traffic in real-world environment to construct two distinct sizes of datasets. In the first dataset, we have 55 users' traffic during five weeks and the accuracy of our approach could reach 100%. To further illustrate the scalability of this approach, 509 users are selected from the second dataset in terms of the user's active degree. Finally, we can correctly correlate average 85.61% instances. Our extensive empirical experiments demonstrate the effectiveness and efficiency of our approach.

[1]  D Manyu,et al.  Hypertext transfer protocol , 2009 .

[2]  Sebastian Abt,et al.  A Small Data Approach to Identification of Individuals on the Transport Layer using Statistical Behaviour Templates , 2014, SIN.

[3]  Yinghui Yang,et al.  Web user behavioral profiling for user identification , 2010, Decis. Support Syst..

[4]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[5]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[6]  George M. Mohay,et al.  Mining e-mail content for author identification forensics , 2001, SGMD.

[7]  Jarmo Ilonen Keystroke Dynamics , 2009, Encyclopedia of Biometrics.

[8]  Ana L. N. Fred,et al.  A behavioral biometric system based on human-computer interaction , 2004, SPIE Defense + Commercial Sensing.

[9]  Hannes Federrath,et al.  Analyzing Characteristic Host Access Patterns for Re-identification of Web User Sessions , 2010, NordSec.

[10]  Hannes Federrath,et al.  Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility , 2012, SEC.

[11]  Peter Teufl,et al.  User Tracking Based on Behavioral Fingerprints , 2010, CANS.

[12]  Hannes Federrath,et al.  Behavior-based tracking: Exploiting characteristic patterns in DNS traffic , 2013, Comput. Secur..

[13]  Claude Castelluccia,et al.  Selling Off Privacy at Auction , 2014, NDSS 2014.

[14]  Haining Wang,et al.  An efficient user verification system via mouse movements , 2011, CCS '11.

[15]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[16]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[17]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.0 , 1996, RFC.

[18]  Balaji Padmanabhan,et al.  Clickprints on the Web: Are There Signatures in Web Browsing Data? , 2007 .

[19]  Christopher D. Manning,et al.  Introduction to Information Retrieval , 2010, J. Assoc. Inf. Sci. Technol..

[20]  Ian H. Witten,et al.  Data mining - practical machine learning tools and techniques, Second Edition , 2005, The Morgan Kaufmann series in data management systems.

[21]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[22]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[23]  Jan R. Magnus,et al.  The reliability of user authentication through keystroke dynamics , 2009 .

[24]  Vashek Matyas,et al.  User Profiling and Re-identification: Case of University-Wide Network Analysis , 2009, TrustBus.

[25]  Junzhou Luo,et al.  Online Identification of Tor Anonymous Communication Traffic: Online Identification of Tor Anonymous Communication Traffic , 2014 .