Loading…
Detecting Proxy User Based on Communication Behavior Portrait
Abstract Proxies can help users to bypass the network filtering system, leaving the network open to banned content, and can also enable users to anonymize themselves for terminal security protection. Proxies are widely used in the current network environment. However, certain spy proxies record user...
Saved in:
Published in: | Computer journal 2019-12, Vol.62 (12), p.1777-1792 |
---|---|
Main Authors: | , , , , |
Format: | Article |
Language: | English |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Abstract
Proxies can help users to bypass the network filtering system, leaving the network open to banned content, and can also enable users to anonymize themselves for terminal security protection. Proxies are widely used in the current network environment. However, certain spy proxies record user information for privacy theft. In addition, attackers can use such technologies to anonymize malicious behaviors and hide identities. Such behaviors have posed serious challenges to the internal defense and security threat assessment of an organization; however, the anonymity of the proxy makes it consistent with normal network communication, and general network traffic identification methods are not able to detect it. To accurately and effectively discover proxy users in the organization based on s, a proxy user detection method based on communication behavior portrait offers the following: (1) analysis of the communication behavior from the perspective of the portrait. Based on not abandoning the effective information of the traffic itself, the label system is established by introducing exogenous data to identify the difference between proxy communication and normal communication. (2) Construction of the portrait feature set of proxy user detection based on the traffic file and external data by studying the differences between the attribute sets of communication behavior labels for proxy users and non-proxy users. (3) Design and implementation a data-driven machine learning method to supply guidance for automatic recognition of such behavior. The experimental results show that, compared with state-of-the-art methods, the detection accuracy for the proxy user exceeds 95%, and that of real network traffic environment exceeds 85%. These results indicate that the detection method proposed in this paper can accurately distinguish proxy communication and normal communication and thus achieves precise proxy user detection. |
---|---|
ISSN: | 0010-4620 1460-2067 |
DOI: | 10.1093/comjnl/bxz065 |