Herrmann, Dominik and Gerber, Christoph and Banse, Christian and Federrath, Hannes (2010) Analyzing Characteristic Host Access Patterns for Re-Identification of Web User Sessions. In: 15th Nordic Conference in Secure IT Systems (Nordsec 2010), 27. -30. Oktober 2010, Aalto University, Espoo, Finland.
An attacker, who is able to observe a web user over a long period of time, learns a lot about his interests. It may be difficult to track users with regularly changing IP addresses, though. We show how patterns mined from web traffic can be used to re-identify a majority of users, i. e. link multiple sessions of them. We implement the web user re-identification attack using a Multinomial Naive Bayes classifier and evaluate it using a real-world dataset from 28 users. Our evaluation setup complies with the limited knowledge of an attacker on a malicious web proxy server, who is only able to observe the host names visited by its users. The results suggest that consecutive sessions can be linked with high probability for session durations from 5 minutes to 48 hours and that user profiles degrade only slowly over time. We also propose basic countermeasures and evaluate their efficacy.
|Item Type:||Conference or Workshop Item (Paper)|
|Institutions:||Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Retired Professors > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath)|
|Subjects:||000 Computer science, information & general works > 004 Computer science|
|Refereed:||Yes, this version has been refereed|
|Created at the University of Regensburg:||Yes|
|Deposited On:||07 Jun 2011 05:30|
|Last Modified:||21 Jul 2011 02:14|