Publication:
USER IDENTIFICATION IN DYNAMIC WEB TRAFFIC VIA DEEP TEMPORAL FEATURES

Loading...
Thumbnail Image
Authors
Kim, Jihye
Subjects
network traffic analysis
keystroke biometrics
dynamic web traffic
side channel attack
recurrent neural network
triplet loss
user identification
Advisors
Monaco, John
Date of Issue
2021-03
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Web applications that process sensitive information have become prevalent. Modern web applications rely heavily on dynamic content (i.e., page updates made by the browser using an XMLHttpRequest, and more recently the JavaScript Fetch API). Ajax technology provides fast client-server communication, which generates web traffic that updates the document object model (DOM) object in the browser interface often induced by user input. Therefore, the user’s actions are strongly correlated with timing and size of packets that carry Ajax requests. This research aims to characterize the relationship between keystroke dynamics and Ajax packets in dynamic web traffic. We investigate several dynamic web applications and the ability to measure human behavior in encrypted network traffic. Two approaches to Ajax packet detection are proposed and evaluated: longest increasing subsequence (LIS), which uses packet sizes, and dynamic time warping (DTW), which uses keystroke and packet timings. From the detected packets of recognized patterns, we examine the extent to which remote user identification in dynamic web traffic can be performed. We use a recurrent neural network (RNN) trained with triplet loss to extract deep temporal features from the detected packet timings. Leveraging recent work in keystroke dynamics, we show that user identification can be performed with modest accuracy utilizing the packet timings invoked by a user typing in a web search engine.
Type
Thesis
Description
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release. distribution is unlimited
Rights
Copyright is reserved by the copyright owner.
Collections