[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

A Passive External Web Surveillance Technique for Private Networks

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Abstract

The variety and richness of what users browse on the Internet has made the communications of web-browsing hosts an attractive target for surveillance. We show that passive external surveillance of web-browsing hosts in private networks is possible despite the anonymizing effects of NATs and HTTP proxies at the gateway. These devices effectively anonymize the origin of communication streams, and remove many identifying features, making it difficult to group web traffic into mutually disjoint same-host single user sets called sessions. Sessions offer a complete picture of each user’s web browsing experience. Without them, passive external surveillance is of little use. This paper offers a content analysis technique called Link Chaining that aids the sessionization process by recovering large pieces of sessions called session fragments. The technique is based on the knowledge that the majority of downloaded web resources are clicked-to from other web pages. By following hyperlinks in the bodies of HTTP messages in passively collected trace data, web traffic can be be coalesced into session fragments and used by human analysts to isolate individual users’ sessions. The technique gives the human analyst a significant advantage over manual methods. The implementation presented here has been tested on accumulated local data and demonstrates the feasibility of the scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Clarke, F., Ekeland, I.: Nonlinear oscillations and boundary-value proeblems for Hamiltonian systems. Arch. Rat. Mech. Anal. 78, 315–333 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  2. Wong, C.: HTTP Pocket Reference. O’Reilly, Sebastopol (2000)

    Google Scholar 

  3. Gourley, D., et al.: HTTP: The Definitive Guide. O’Reilly, Cambridge (2002)

    MATH  Google Scholar 

  4. Bellovin, S.M.: A Technique for Counting NATed Hosts (2003), http://www.research.att.com/~smb/papers/fnat.pdf , AT&T Labs Reseach

  5. Berendt, B., Mobasher, B., Spiliopoulou, M.: Web Usage Mining for E-Business Applications. In: ECML/PKDD 2002, August 19 (2002)

    Google Scholar 

  6. Snort IDS, http://www.snort.org/about.html

  7. MySQL, http://www.mysql.com/

  8. MySQL++, http://tangentsoft.net/mysql++/

  9. TCPdump, http://tcpdump.org/

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Daicos, C., Knight, S. (2005). A Passive External Web Surveillance Technique for Private Networks. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_7

Download citation

  • DOI: https://doi.org/10.1007/11560326_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics