N. Clarke
A novel privacy preserving user identification approach for network traffic
Clarke, N.; Li, F.; Furnell, S.
Abstract
© 2017 The Author(s) The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, however, investigators are not actually interested in the IP address but rather the associated user (whose account might have been compromised). However, given the range of devices (e.g., laptop, mobile, and tablet) that a user might be using and the widespread use of DHCP, IP is not a reliable and consistent means of understanding the traffic from a user. This paper presents a novel approach to the identification of users from network traffic using only the meta-data of the traffic (i.e. rather than payload) and the creation of application-level user interactions, which are proven to provide a far richer discriminatory feature set to enable more reliable identity verification. A study involving data collected from 46 users over a two-month period generated over 112 GBs of meta-data traffic was undertaken to examine the novel user-interaction based feature extraction algorithm. On an individual application basis, the approach can achieve recognition rates of 90%, with some users experiencing recognition performance of 100%. The consequence of this recognition is an enormous reduction in the volume of traffic an investigator has to analyse, allowing them to focus upon a particular suspect or enabling them to disregard traffic and focus upon what is left.
Citation
Clarke, N., Li, F., & Furnell, S. (2017). A novel privacy preserving user identification approach for network traffic. Computers and Security, 70, 335-350. https://doi.org/10.1016/j.cose.2017.06.012
Journal Article Type | Article |
---|---|
Acceptance Date | Jun 26, 2017 |
Online Publication Date | Jul 10, 2017 |
Publication Date | 2017-09 |
Deposit Date | Sep 14, 2020 |
Publicly Available Date | Sep 14, 2020 |
Journal | Computers and Security |
Print ISSN | 0167-4048 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 70 |
Pages | 335-350 |
DOI | https://doi.org/10.1016/j.cose.2017.06.012 |
Keywords | Law; General Computer Science |
Public URL | https://nottingham-repository.worktribe.com/output/4868105 |
Publisher URL | https://www.sciencedirect.com/science/article/pii/S0167404817301384?via%3Dihub |
Files
A novel privacy preserving user identification approach for network traffic
(4.7 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Automatically Labeling Cyber Threat Intelligence reports using Natural Language Processing
(2023)
Conference Proceeding
Evaluation of Contextual and Game-Based Training for Phishing Detection
(2022)
Journal Article
Accessible authentication: Assessing the applicability for users with disabilities
(2021)
Journal Article
Developing a cyber security culture: Current practices and future needs
(2021)
Journal Article
An empirical analysis of the information security culture key factors framework
(2021)
Journal Article
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search