Abstract
The variety and richness of what users browse on the Internet has made the communications of web-browsing hosts an attractive target for surveillance. We show that passive external surveillance of web-browsing hosts in private networks is possible despite the anonymizing effects of NATs and HTTP proxies at the gateway. These devices effectively anonymize the origin of communication streams, and remove many identifying features, making it difficult to group web traffic into mutually disjoint same-host single user sets called sessions. Sessions offer a complete picture of each user’s web browsing experience. Without them, passive external surveillance is of little use. This paper offers a content analysis technique called Link Chaining that aids the sessionization process by recovering large pieces of sessions called session fragments. The technique is based on the knowledge that the majority of downloaded web resources are clicked-to from other web pages. By following hyperlinks in the bodies of HTTP messages in passively collected trace data, web traffic can be be coalesced into session fragments and used by human analysts to isolate individual users’ sessions. The technique gives the human analyst a significant advantage over manual methods. The implementation presented here has been tested on accumulated local data and demonstrates the feasibility of the scheme.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Clarke, F., Ekeland, I.: Nonlinear oscillations and boundary-value proeblems for Hamiltonian systems. Arch. Rat. Mech. Anal. 78, 315–333 (1982)
Wong, C.: HTTP Pocket Reference. O’Reilly, Sebastopol (2000)
Gourley, D., et al.: HTTP: The Definitive Guide. O’Reilly, Cambridge (2002)
Bellovin, S.M.: A Technique for Counting NATed Hosts (2003), http://www.research.att.com/~smb/papers/fnat.pdf , AT&T Labs Reseach
Berendt, B., Mobasher, B., Spiliopoulou, M.: Web Usage Mining for E-Business Applications. In: ECML/PKDD 2002, August 19 (2002)
Snort IDS, http://www.snort.org/about.html
MySQL, http://www.mysql.com/
MySQL++, http://tangentsoft.net/mysql++/
TCPdump, http://tcpdump.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Daicos, C., Knight, S. (2005). A Passive External Web Surveillance Technique for Private Networks. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_7
Download citation
DOI: https://doi.org/10.1007/11560326_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29113-8
Online ISBN: 978-3-540-31998-6
eBook Packages: Computer ScienceComputer Science (R0)