Show simple item record

dc.contributor.advisorBeverly, Robert
dc.contributor.authorNolan, Le E.
dc.dateSep-12
dc.date.accessioned2012-11-14T00:02:55Z
dc.date.available2012-11-14T00:02:55Z
dc.date.issued2012-09
dc.identifier.urihttp://hdl.handle.net/10945/17429
dc.descriptionApproved for public release; distribution is unlimiteden_US
dc.description.abstractThis thesis investigates a novel approach to identifying discriminating features of communications involving abusive hosts. The technique uses per-packet TCP header and timing features to identify congestion, flow-control, and other low-level network and system characteristics. These characteristics are inherent to the poorly connected, under-provisioned, low-end, and overloaded hosts or links typical of abusive infrastructure making them difficult for an adversary to manipulate. Supervised classifiers use these features to infer likely abusive network hosts. Prior work investigates such features to opportunistically identify inbound abusive traffic, this thesis seeks to perform active probing to generally characterize abusive infrastructure. Our approach is IP address and content agnostic, and therefore privacy-preserving to permit wider deployment than known-abusive web sites, we achieve a classification accuracy of 94 percent with a 3 percent false positive rate using only transport features. Our results suggest that transport traffic analysis can block and identify, in real-time, abusive hosts unknown to blocklists, and provide a difficult-to-subvert addition to existing schemes.en_US
dc.publisherMonterey, California. Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined
in Title 17, United States Code, Section 101. As such, it is in the
public domain, and under the provisions of Title 17, United States
Code, Section 105, is not copyrighted in the U.S.en_US
dc.titleTransport Traffic Analysis for Abusive Infrastructure Characterizationen_US
dc.typeThesisen_US
dc.contributor.secondreaderYoung, Joel D.
dc.contributor.departmentComputer Science
dc.subject.authorNetwork Security, Supervised Learning, Abusive Network Behavioren_US
dc.description.recognitionOutstanding Thesisen_US
dc.description.serviceCaptain, United States Marine Corpsen_US
etd.thesisdegree.nameMaster of Science In Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record