Show simple item record

dc.contributor.advisorXie, Geoffrey
dc.contributor.advisorBeverly, Robert
dc.contributor.authorWeant, Matthew S.
dc.dateSep-13
dc.date.accessioned2013-11-20T23:36:35Z
dc.date.available2013-11-20T23:36:35Z
dc.date.issued2013-09
dc.identifier.urihttp://hdl.handle.net/10945/37740
dc.description.abstractReverse proxy servers are valuable assets to defend outside hosts from seeing the internal network structure upon which the reverse proxy is serving. They are frequently used to protect valuable files, systems, and internal users from external users while still providing services to outside hosts. Another aspect of reverse proxies is that they can be installed remotely by malicious actors onto compromised machines in order to service malicious content while masking where the content is truly hosted. Reverse proxies interact over the HyperText Transfer Protocol (HTTP), which is delivered via the Transmission Control Protocol (TCP). TCP flows provide various details regarding connections between an end host and a server. One such detail is the timestamp of each packet delivery. Concurrent timestamps may be used to calculate round trip times with some scrutiny. Previous work in timing analysis suggests that active HTTP probes to servers can be analyzed at the originating host in order to classify servers as reverse proxies or otherwise. We collect TCP session data from a variety of global vantage points, actively probing a list of servers with a goal of developing an effective classifier to discern whether each server is a reverse proxy or not based on the timing of packet round trip times.en_US
dc.description.urihttp://archive.org/details/fingerprintingre1094537740
dc.publisherMonterey, California: Naval Postgraduate Schoolen_US
dc.rightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.en_US
dc.titleFingerprinting reverse proxies using timing analysis of TCP flowsen_US
dc.typeThesisen_US
dc.contributor.secondreaderRohrer, Justin P.
dc.contributor.departmentComputer Science
dc.subject.authorActive Measurement, Timing Analysis, Reverse Proxy, Fingerprintingen_US
dc.description.recognitionOutstanding Thesisen_US
dc.description.serviceCaptain, United States Marine Corpsen_US
etd.thesisdegree.nameMaster Of Science In Computer Scienceen_US
etd.thesisdegree.levelMastersen_US
etd.thesisdegree.disciplineComputer Scienceen_US
etd.thesisdegree.grantorNaval Postgraduate Schoolen_US
dc.description.distributionstatementApproved for public release; distribution is unlimited.


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record