Transport traffic analysis for abusive infrastructure characterization
Abstract
We investigate a promising approach that identifies discriminating features of likely communications involving abusive hosts
from per-packet TCP header and timing information. These features identify congestion, flow-control, and other low-level
network and system characteristics indicative of an abusive network host. Our approach is IP address and content agnostic, and
therefore privacy-preserving to permit wider deployment than previously possible. Importantly, the modeled characteristics are
inherent to the poorly connected, under-provisioned, low-end, and overloaded hosts or links typical of abusive infrastructure
making them difficult for an adversary to manipulate. In contrast to existing network-centric approaches reliant on flow-level
records, fine-grained per-packet features yield superior performance with negligible processing impact. On real-world traces
from accessing 40,000 Alexa and 30,000 known-abusive web sites, we achieve a classification accuracy of 94% with a
3% false positive rate using only transport features.
NPS Report Number
NPS-CS-12-005Related items
Showing items related by title, author, creator and subject.
-
Transport Traffic Analysis for Abusive Infrastructure Characterization
Nolan, Le E. (Monterey, California. Naval Postgraduate School, 2012-09);This thesis investigates a novel approach to identifying discriminating features of communications involving abusive hosts. The technique uses per-packet TCP header and timing features to identify congestion, flow-control, ... -
Negative Creativity in Leader-Follower Relations: a Daily Investigation of Leaders’ Creative Mindset, Moral Disengagement, and Abusive Supervision
Qin, Xin; Dust, Scott B.; DiRenzo, Marco S.; Wang, Song (Springer, 2019-08);Contributing to abusive supervision, creative leadership, and negative creativity research, we examine how and when leaders’ creative mindset relates to interpersonal aggression toward followers in the form of abusive ... -
MalWebID_Autodetection and Identification of Malicious Web Hosts Through Live Traffic Analysis
Nichols, Tony (Monterey, California. Naval Postgraduate School, 2013-03);This thesis investigates the ability for recently devised packet-level Transmission Control Protocols (TCP) transport classifiers to discover abusive traffic flows, especially those not found via traditional methods, e.g., ...