A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Behavior-based tracking: Exploiting characteristic patterns in DNS traffic
2013
Computers & security
Preserved Fulltext
We review and evaluate three techniques that allow a passive adversary to track users who have dynamic IP addresses based on characteristic behavioral patterns, i. e., without cookies or similar techniques ...
On the other hand, we find that the previously proposed DNS "range query" obfuscation techniques cannot prevent tracking reliably. Our findings are not limited to DNS traffic. ...
Instead of active tracking with explicit identifiers we are interested in the feasibility of behavior-based tracking techniques that rely on characteristic patterns within the activities of the users. ...
doi:10.1016/j.cose.2013.03.012
fatcat:pngsouymz5b33g2o73p6sevamu
Analyzing Enterprise DNS Traffic to Classify Assets and Track Cyber-Health
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
First, we perform a comprehensive analysis of all DNS traffic in two large organizations (a University Campus and a Government Research Institute) for over a month, and identify key behavioral profiles ...
In this paper, we address the "DNS blind spot" by developing methods to passively analyze live DNS traffic, identify organizational DNS assets, and monitor their health on a continuous basis. ...
Enterprise networks are often vulnerable to DNS-based cyber attacks due to insufficient monitoring of DNS traffic. ...
arXiv:2201.07352v1
fatcat:jh2jf7wvzzgnjju7wbp7yoefni
Tracking Users on the Internet with Behavioral Patterns: Evaluation of Its Practical Feasibility
[chapter]
2012
IFIP Advances in Information and Communication Technology
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
In this case multiple sessions of a user are linked by exploiting characteristic patterns mined from network traffic. ...
As our results show, DNS resolvers are in a good position for behavior-based tracking, though. ...
Dataset We evaluate the feasibility of behavior-based tracking using DNS queries, i. e., from the viewpoint of a curious DNS resolver. ...
doi:10.1007/978-3-642-30436-1_20
fatcat:cn5lfczz35ddplf4c5dmfojuiq
Identifying and tracking suspicious activities through IP gray space analysis
2007
Proceedings of the 3rd annual ACM workshop on Mining network data - MineNet '07
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Subsequently, we analyze the behavioral patterns such as dominant activities and target randomness, of the gray space traffic for individual outside hosts. ...
Using one-month traffic data collected in a large campus network, we have monitored a significant amount of unwanted traffic towards IP gray space in various forms, such as worms, port scanning, and denial ...
Acknowledgement The project was supported in part by NSF grants CNS-0435444 and CNS-0626812, a University of Minnesota Digital Technology Center DTI grant, a Cisco gift grant and an IBM Faculty Partnership ...
doi:10.1145/1269880.1269883
dblp:conf/minenet/JinZXCS07
fatcat:ijh6zkv65zbs3a7n5jqn4uf5vm
Tracking and Characterizing Botnets Using Automatically Generated Domains
[article]
2013
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
We propose a mechanism that overcomes the above limitations by analyzing DNS traffic data through a combination of linguistic and IP-based features of suspicious domains. ...
Moreover, our system enriches these groups with new, previously unknown AGD names, and produce novel knowledge about the evolving behavior of each tracked botnet. ...
We can track the behavior of a botnet to study its evolution over time. ...
arXiv:1311.5612v1
fatcat:smwpatcxybd5lnwpet6okj7di4
Worm evolution tracking via timing analysis
2005
Proceedings of the 2005 ACM workshop on Rapid malcode - WORM '05
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We generalize our mechanism by exploiting the change in the pattern of inter-arrival times exhibited during the early stages of such an outbreak to detect the presence and approximate size of the hit-list ...
We present a technique to infer a worm's infection sequence from traffic traces collected at a network telescope. ...
Acknowledgments This work is supported in part by National Science Foundation grant SCI-0334108. We thank our shepherd, Stuart Staniford, for his suggestions on ways to improve this paper. ...
doi:10.1145/1103626.1103637
dblp:conf/worm/RajabMT05
fatcat:pn2d2pzdfzdgdgjzmerkvxjexu
Modeling Health Seeking Behavior Based on Location-Based Service Data: A Case Study of Shenzhen, China
2022
ISPRS International Journal of Geo-Information
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Taking Shenzhen, China as a case study, a supply–demand ratio calculation method based on observed data is developed to explore basic patterns of health seeking, while health seeking behavior is described ...
In addition to the traditional distance decay effect and number of doctors, the results showed health seeking behavior to be determined by hospital characteristics such as hospital scale, service quality ...
It has long been a challenging task to obtain data on actual health seeking behavior [35, 36] , but recently, GPS tracking technology has enabled the exploitation of big trajectory data such as mobile ...
doi:10.3390/ijgi11050295
fatcat:u2lkmhyfyvh3fnzf3znixo474y
A Proposal of Metrics for Botnet Detection Based on Its Cooperative Behavior
2007
2007 International Symposium on Applications and the Internet Workshops
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper a detailed study of botnets vis-a-vis their creation, propagation, command and control techniques, communication protocols and relay mechanism is presented. ...
Whereas previously hackers would satisfy themselves by breaking into someoneâ s system, in today's world hackers' work under an organized crime plan to obtain illicit financial gains. ...
Botnet based click fraud is harder to detect because botnet comprises of large number of geographically dispersed IP addresses and click through pattern matching wherein geographical locations of IP addresses ...
doi:10.1109/saint-w.2007.14
dblp:conf/saint/AkiyamaKSYKY07
fatcat:gkihva73rjfqhls2ycuvasvwci
PortView: identifying port roles based on port fuzzy macroscopic behavior
2013
Journal of Internet Services and Applications
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Traditional studies on port role identification are only based on port behavior shown on an individual host, other than jointly viewed macroscopic port behavior embodied by all relevant traffic flows among ...
Port role identification based on macroscopic behavior can reflect severs or clients to discover new services or attacks in the network. ...
In this paper, we define and analyze port roles based on their macroscopic traffic behavior. ...
doi:10.1186/1869-0238-4-9
fatcat:656lsg677ndtjaci34mdvw3apa
HB-DIPM: Human Behavior Analysis-Based Malware Detection and Intrusion Prevention Model in the Future Internet
2016
Journal of Information Processing Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
In this paper, we analyze the security threats caused by malicious activities in the future Internet and propose a human behavior analysis-based security service model for malware detection and intrusion ...
Our proposed service model provides high reliability services by responding to security threats by detecting various malware intrusions and protocol authentications based on human behavior. ...
In addition, accuracy is strong while dealing with host-based behavior-monitoring; monitoring network-based actions; user-selected service; and usage patterns, such as the number of times; and can perform ...
doi:10.3745/jips.01.0009
fatcat:cwraliyhunfsrje3f6lbap4mky
Tracking Darkports for Network Defense
2007
Proceedings of the Computer Security Applications Conference
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We exploit for defensive purposes the concept of darkports -the unused ports on active systems. ...
The result is a scanning detection technique in which the utilized system detection state does not grow in proportion to the amount and fluctuation of external network traffic, but rather increases only ...
Concluding Remarks We are the first to exploit the use of exposure maps and introduce the concept of darkports. ...
doi:10.1109/acsac.2007.4412986
fatcat:5cftdbioxjb7vl3ehf6exh5pym
Tracking Darkports for Network Defense
2007
Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We exploit for defensive purposes the concept of darkports -the unused ports on active systems. ...
The result is a scanning detection technique in which the utilized system detection state does not grow in proportion to the amount and fluctuation of external network traffic, but rather increases only ...
Concluding Remarks We are the first to exploit the use of exposure maps and introduce the concept of darkports. ...
doi:10.1109/acsac.2007.38
dblp:conf/acsac/WhyteOK07
fatcat:syikn4tpprcwjmlprypm322kum
A behavioral-based forensic investigation approach for analyzing attacks on water plants using GANs
2021
Forensic Science International: Digital Investigation
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
The proposed approach exploits Bidirectional Generative Adversarial Networks (BiGAN) to fingerprint the behavior of the system under regular operation. ...
The proposed method also provides the capability to track and identify the attacked assets for prioritization purposes. ...
., 2014) , the investigation of physical measurements of the water plants will discover the attacks that originated in the physical realm, where no change in network traffic patterns could be observed. ...
doi:10.1016/j.fsidi.2021.301198
fatcat:ynuoaenwpvayhlbwm6fb3llomu
An Unsupervised Behavioral Modeling and Alerting System Based on Passive Sensing for Elderly Care
2020
Future Internet
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Personal behavioral habits were identified and compared to typical patterns reported in behavioral science, as a quality-of-life indicator. ...
We consider the activity patterns extracted across all users as a dictionary, and represent each patient's behavior as a 'Bag of Words', based on which patients can be categorized into sub-groups for precision ...
The progression of behavior change over time can be tracked as the change of patterns. ...
doi:10.3390/fi13010006
fatcat:7pjmnxz5gjebhn3t2o5aklqgca
Communication-Efficient Tracking of Distributed Cumulative Triggers
2007
27th International Conference on Distributed Computing Systems (ICDCS '07)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
There has been growing interest in large-scale distributed monitoring systems, such as Dynamic Denial of Service attack detectors and sensornet-based environmental monitors. ...
In sharp contrast to earlier work focusing on instantaneous violations, we introduce a general model of threshold conditions that enables us to track distributed cumulative violations over time windows ...
In both scenarios, tracking the aggregate behavior over a physicallydistributed monitoring infrastructure is much more revealing than tracking the local behavior of individual network elements or hosts ...
doi:10.1109/icdcs.2007.93
dblp:conf/icdcs/HuangGJT07
fatcat:4y4iju3xmvectca3cqwo5szv7a
« Previous
Showing results 1 — 15 out of 2,934 results