User profiling from network traffic via novel application-level interactions

Document Type

Conference Proceeding

Publication Title

2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)

Publisher

Institute of Electrical and Electronics Engineers Inc.

Place of Publication

United States

School

Security Research Institute

RAS ID

22937

Comments

Alotibi, G., Clarke, N., Li, F., & Furnell, S. (2017). User profiling from network traffic via novel application-level interactions. In 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 279-285). IEEE. Available here.

Abstract

Insider misuse has become a significant issue for organisations. Traditional information security has focussed upon threats from the outside rather than employees. A wide range of research has been undertaken to develop approaches to detect the insider-often referred to as Data Loss Prevention (DLP) tools. Unfortunately, the fundamental limitation of these tools is that they provide information resolved to IP addresses rather than people. This assumes the IP is static and linkable to an individual, which is often not the case. IPs are increasingly unreliable due to the mobile natural of devices and the dynamic allocation of IP addresses. This paper builds upon prior work to propose and investigate a biometric-based behavioural profile created from a novel feature extraction process that identifies user's application-level interactions (e.g. not simply that they are accessing Facebook but whether they are posting, reading or watching a video) from raw network traffic metadata. It also proceeds to describe various types of user's interactions that can be derived from applications. Validation of the model was conducted by collecting 62 GBs of metadata over a 2 months period from 27 participants. The average results of identifying users at first rank in the top three applications Skype, Hotmail and BBC are scored 98.1%, 96.2% and 81.8% respectively.

DOI

10.1109/ICITST.2016.7856712

Access Rights

subscription content

Share

 
COinS