2,934 Hits in 6.0 sec

Behavior-based tracking: Exploiting characteristic patterns in DNS traffic

Dominik Herrmann, Christian Banse, Hannes Federrath
2013 Computers & security  
We review and evaluate three techniques that allow a passive adversary to track users who have dynamic IP addresses based on characteristic behavioral patterns, i. e., without cookies or similar techniques  ...  On the other hand, we find that the previously proposed DNS "range query" obfuscation techniques cannot prevent tracking reliably. Our findings are not limited to DNS traffic.  ...  Instead of active tracking with explicit identifiers we are interested in the feasibility of behavior-based tracking techniques that rely on characteristic patterns within the activities of the users.  ... 
doi:10.1016/j.cose.2013.03.012 fatcat:pngsouymz5b33g2o73p6sevamu

Analyzing Enterprise DNS Traffic to Classify Assets and Track Cyber-Health [article]

Minzhao Lyu, Hassan Habibi Gharakheili, Craig Russell, Vijay Sivaraman
2022 arXiv   pre-print
First, we perform a comprehensive analysis of all DNS traffic in two large organizations (a University Campus and a Government Research Institute) for over a month, and identify key behavioral profiles  ...  In this paper, we address the "DNS blind spot" by developing methods to passively analyze live DNS traffic, identify organizational DNS assets, and monitor their health on a continuous basis.  ...  Enterprise networks are often vulnerable to DNS-based cyber attacks due to insufficient monitoring of DNS traffic.  ... 
arXiv:2201.07352v1 fatcat:jh2jf7wvzzgnjju7wbp7yoefni

Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility [chapter]

Christian Banse, Dominik Herrmann, Hannes Federrath
2012 IFIP Advances in Information and Communication Technology  
In this case multiple sessions of a user are linked by exploiting characteristic patterns mined from network traffic.  ...  As our results show, DNS resolvers are in a good position for behavior-based tracking, though.  ...  Dataset We evaluate the feasibility of behavior-based tracking using DNS queries, i. e., from the viewpoint of a curious DNS resolver.  ... 
doi:10.1007/978-3-642-30436-1_20 fatcat:cn5lfczz35ddplf4c5dmfojuiq

Identifying and tracking suspicious activities through IP gray space analysis

Yu Jin, Zhi-Li Zhang, Kuai Xu, Feng Cao, Sambit Sahu
2007 Proceedings of the 3rd annual ACM workshop on Mining network data - MineNet '07  
Subsequently, we analyze the behavioral patterns such as dominant activities and target randomness, of the gray space traffic for individual outside hosts.  ...  Using one-month traffic data collected in a large campus network, we have monitored a significant amount of unwanted traffic towards IP gray space in various forms, such as worms, port scanning, and denial  ...  Acknowledgement The project was supported in part by NSF grants CNS-0435444 and CNS-0626812, a University of Minnesota Digital Technology Center DTI grant, a Cisco gift grant and an IBM Faculty Partnership  ... 
doi:10.1145/1269880.1269883 dblp:conf/minenet/JinZXCS07 fatcat:ijh6zkv65zbs3a7n5jqn4uf5vm

Tracking and Characterizing Botnets Using Automatically Generated Domains [article]

Stefano Schiavoni and Stefano Zanero Royal Holloway University of London)
2013 arXiv   pre-print
We propose a mechanism that overcomes the above limitations by analyzing DNS traffic data through a combination of linguistic and IP-based features of suspicious domains.  ...  Moreover, our system enriches these groups with new, previously unknown AGD names, and produce novel knowledge about the evolving behavior of each tracked botnet.  ...  We can track the behavior of a botnet to study its evolution over time.  ... 
arXiv:1311.5612v1 fatcat:smwpatcxybd5lnwpet6okj7di4

Worm evolution tracking via timing analysis

Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis
2005 Proceedings of the 2005 ACM workshop on Rapid malcode - WORM '05  
We generalize our mechanism by exploiting the change in the pattern of inter-arrival times exhibited during the early stages of such an outbreak to detect the presence and approximate size of the hit-list  ...  We present a technique to infer a worm's infection sequence from traffic traces collected at a network telescope.  ...  Acknowledgments This work is supported in part by National Science Foundation grant SCI-0334108. We thank our shepherd, Stuart Staniford, for his suggestions on ways to improve this paper.  ... 
doi:10.1145/1103626.1103637 dblp:conf/worm/RajabMT05 fatcat:pn2d2pzdfzdgdgjzmerkvxjexu

Modeling Health Seeking Behavior Based on Location-Based Service Data: A Case Study of Shenzhen, China

Wei Hu, Lin Li, Mo Su
2022 ISPRS International Journal of Geo-Information  
Taking Shenzhen, China as a case study, a supply–demand ratio calculation method based on observed data is developed to explore basic patterns of health seeking, while health seeking behavior is described  ...  In addition to the traditional distance decay effect and number of doctors, the results showed health seeking behavior to be determined by hospital characteristics such as hospital scale, service quality  ...  It has long been a challenging task to obtain data on actual health seeking behavior [35, 36] , but recently, GPS tracking technology has enabled the exploitation of big trajectory data such as mobile  ... 
doi:10.3390/ijgi11050295 fatcat:u2lkmhyfyvh3fnzf3znixo474y

A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior

Mitsuaki Akiyama, Takanori Kawamoto, Masayoshi Shimamura, Teruaki Yokoyama, Youki Kadobayashi, Suguru Yamaguchi
2007 2007 International Symposium on Applications and the Internet Workshops  
In this paper a detailed study of botnets vis-a-vis their creation, propagation, command and control techniques, communication protocols and relay mechanism is presented.  ...  Whereas previously hackers would satisfy themselves by breaking into someoneâ s system, in today's world hackers' work under an organized crime plan to obtain illicit financial gains.  ...  Botnet based click fraud is harder to detect because botnet comprises of large number of geographically dispersed IP addresses and click through pattern matching wherein geographical locations of IP addresses  ... 
doi:10.1109/saint-w.2007.14 dblp:conf/saint/AkiyamaKSYKY07 fatcat:gkihva73rjfqhls2ycuvasvwci

PortView: identifying port roles based on port fuzzy macroscopic behavior

Guang Cheng, Yongning Tang
2013 Journal of Internet Services and Applications  
Traditional studies on port role identification are only based on port behavior shown on an individual host, other than jointly viewed macroscopic port behavior embodied by all relevant traffic flows among  ...  Port role identification based on macroscopic behavior can reflect severs or clients to discover new services or attacks in the network.  ...  In this paper, we define and analyze port roles based on their macroscopic traffic behavior.  ... 
doi:10.1186/1869-0238-4-9 fatcat:656lsg677ndtjaci34mdvw3apa

HB-DIPM: Human Behavior Analysis-Based Malware Detection and Intrusion Prevention Model in the Future Internet

2016 Journal of Information Processing Systems  
In this paper, we analyze the security threats caused by malicious activities in the future Internet and propose a human behavior analysis-based security service model for malware detection and intrusion  ...  Our proposed service model provides high reliability services by responding to security threats by detecting various malware intrusions and protocol authentications based on human behavior.  ...  In addition, accuracy is strong while dealing with host-based behavior-monitoring; monitoring network-based actions; user-selected service; and usage patterns, such as the number of times; and can perform  ... 
doi:10.3745/jips.01.0009 fatcat:cwraliyhunfsrje3f6lbap4mky

Tracking Darkports for Network Defense

David Whyte, Paul C. van Oorschot, Evangelos Kranakis
2007 Proceedings of the Computer Security Applications Conference  
We exploit for defensive purposes the concept of darkports -the unused ports on active systems.  ...  The result is a scanning detection technique in which the utilized system detection state does not grow in proportion to the amount and fluctuation of external network traffic, but rather increases only  ...  Concluding Remarks We are the first to exploit the use of exposure maps and introduce the concept of darkports.  ... 
doi:10.1109/acsac.2007.4412986 fatcat:5cftdbioxjb7vl3ehf6exh5pym

Tracking Darkports for Network Defense

David Whyte, Paul C. van Oorschot, Evangelos Kranakis
2007 Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)  
We exploit for defensive purposes the concept of darkports -the unused ports on active systems.  ...  The result is a scanning detection technique in which the utilized system detection state does not grow in proportion to the amount and fluctuation of external network traffic, but rather increases only  ...  Concluding Remarks We are the first to exploit the use of exposure maps and introduce the concept of darkports.  ... 
doi:10.1109/acsac.2007.38 dblp:conf/acsac/WhyteOK07 fatcat:syikn4tpprcwjmlprypm322kum

A behavioral-based forensic investigation approach for analyzing attacks on water plants using GANs

Nataliia Neshenko, Elias Bou-Harb, Borko Furht
2021 Forensic Science International: Digital Investigation  
The proposed approach exploits Bidirectional Generative Adversarial Networks (BiGAN) to fingerprint the behavior of the system under regular operation.  ...  The proposed method also provides the capability to track and identify the attacked assets for prioritization purposes.  ...  ., 2014) , the investigation of physical measurements of the water plants will discover the attacks that originated in the physical realm, where no change in network traffic patterns could be observed.  ... 
doi:10.1016/j.fsidi.2021.301198 fatcat:ynuoaenwpvayhlbwm6fb3llomu

An Unsupervised Behavioral Modeling and Alerting System Based on Passive Sensing for Elderly Care

Rui Hu, Bruno Michel, Dario Russo, Niccolò Mora, Guido Matrella, Paolo Ciampolini, Francesca Cocchi, Enrico Montanari, Stefano Nunziata, Thomas Brunschwiler
2020 Future Internet  
Personal behavioral habits were identified and compared to typical patterns reported in behavioral science, as a quality-of-life indicator.  ...  We consider the activity patterns extracted across all users as a dictionary, and represent each patient's behavior as a 'Bag of Words', based on which patients can be categorized into sub-groups for precision  ...  The progression of behavior change over time can be tracked as the change of patterns.  ... 
doi:10.3390/fi13010006 fatcat:7pjmnxz5gjebhn3t2o5aklqgca

Communication-Efficient Tracking of Distributed Cumulative Triggers

Ling Huang, Minos Garofalakis, Anthony D. Joseph, Nina Taft
2007 27th International Conference on Distributed Computing Systems (ICDCS '07)  
There has been growing interest in large-scale distributed monitoring systems, such as Dynamic Denial of Service attack detectors and sensornet-based environmental monitors.  ...  In sharp contrast to earlier work focusing on instantaneous violations, we introduce a general model of threshold conditions that enables us to track distributed cumulative violations over time windows  ...  In both scenarios, tracking the aggregate behavior over a physicallydistributed monitoring infrastructure is much more revealing than tracking the local behavior of individual network elements or hosts  ... 
doi:10.1109/icdcs.2007.93 dblp:conf/icdcs/HuangGJT07 fatcat:4y4iju3xmvectca3cqwo5szv7a
« Previous Showing results 1 — 15 out of 2,934 results