Analysis of a local-area wireless network
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Characterizing user behavior and network performance in a public wireless LAN
SIGMETRICS '02 Proceedings of the 2002 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Analysis of a campus-wide wireless network
Proceedings of the 8th annual international conference on Mobile computing and networking
On a Pattern-Oriented Model for Intrusion Detection
IEEE Transactions on Knowledge and Data Engineering
Characteristics of WWW Client-based Traces
Characteristics of WWW Client-based Traces
A high-level programming environment for packet trace anonymization and transformation
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
The changing usage of a mature campus-wide wireless network
Proceedings of the 10th annual international conference on Mobile computing and networking
Web tap: detecting covert web traffic
Proceedings of the 11th ACM conference on Computer and communications security
Characterizing mobility and network usage in a corporate wireless local-area network
Proceedings of the 1st international conference on Mobile systems, applications and services
The devil and packet trace anonymization
ACM SIGCOMM Computer Communication Review
SC2D: an alternative to trace anonymization
Proceedings of the 2006 SIGCOMM workshop on Mining network data
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Wide-scale botnet detection and characterization
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Predicting web spam with HTTP session information
Proceedings of the 17th ACM conference on Information and knowledge management
SS'08 Proceedings of the 17th conference on Security symposium
Measurement and classification of humans and bots in internet chat
SS'08 Proceedings of the 17th conference on Security symposium
| Hi-index | 0.00 |
Conventional network security solutions are performed on network-layer packets using statistical measures. These types of traffic analysis may not catch stealthy attacks carried out by today's malware. We aim to develop a host-based security tool that identifies suspicious outbound network connections through analyzing the user's surfing activities. Specifically, our solution for Web applications predicts user's network connections by analyzing Web content; unpredicted traffic is further investigated with the user's help. We describe our method and implementation as well as the experimental results in evaluating its efficiency and effectiveness. We describe how our studies can be applied to detecting bot infection. In order to assess the workload of our host-based traffic-analysis tool, we also perform a large-scale characterization study on 500 university-users' wireless network traces for 4-month period. We study both the statistical and temporal patterns of individuals' web usage behaviors from collected wireless network traces. Users are classified into different profiles based on their web usage patterns. Our results show that users have regularities in their Web activities and the expected workload of our traffic-analysis solution is low.