Traffic Classification for the Detection of Anonymous Web Proxy Routing

Shane Miller, K Curran, Tom Lunney

Research output: Contribution to journalArticle

Abstract

There is an increasing need to be able to classify whether an incoming packet is from a legitimate originating IP address or has been modified through an intermediate proxy or node. Being able to verify the originating IP address allows a business (e.g. bank) to use geolocation services in order to then ascertain which geographical location that packet was sent from. This can then feed into the system intrusion system or backend fraud alert mechanisms. The web however is going 'dark'. There is a noticeable uptake in the amount of encrypted data and third party anonymous traffic proxies which aim to mask the try location and IP address of a web request. We present here a system which identifies the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies.
LanguageEnglish
Pages538-545
JournalInternational Journal for Information Security Research
Volume5
Issue number1
DOIs
Publication statusPublished - Mar 2015

Fingerprint

Masks
Industry

Keywords

  • anonymous proxies
  • traffic classification
  • security
  • networking

Cite this

@article{75334962c8fc42f09202b071fdbc9d2d,
title = "Traffic Classification for the Detection of Anonymous Web Proxy Routing",
abstract = "There is an increasing need to be able to classify whether an incoming packet is from a legitimate originating IP address or has been modified through an intermediate proxy or node. Being able to verify the originating IP address allows a business (e.g. bank) to use geolocation services in order to then ascertain which geographical location that packet was sent from. This can then feed into the system intrusion system or backend fraud alert mechanisms. The web however is going 'dark'. There is a noticeable uptake in the amount of encrypted data and third party anonymous traffic proxies which aim to mask the try location and IP address of a web request. We present here a system which identifies the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies.",
keywords = "anonymous proxies, traffic classification, security, networking",
author = "Shane Miller and K Curran and Tom Lunney",
year = "2015",
month = "3",
doi = "10.20533/ijisr.2042.4639.2015.0061",
language = "English",
volume = "5",
pages = "538--545",
journal = "International Journal for Information Security Research",
issn = "2042-4639",
number = "1",

}

Traffic Classification for the Detection of Anonymous Web Proxy Routing. / Miller, Shane; Curran, K; Lunney, Tom.

In: International Journal for Information Security Research, Vol. 5, No. 1, 03.2015, p. 538-545.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Traffic Classification for the Detection of Anonymous Web Proxy Routing

AU - Miller, Shane

AU - Curran, K

AU - Lunney, Tom

PY - 2015/3

Y1 - 2015/3

N2 - There is an increasing need to be able to classify whether an incoming packet is from a legitimate originating IP address or has been modified through an intermediate proxy or node. Being able to verify the originating IP address allows a business (e.g. bank) to use geolocation services in order to then ascertain which geographical location that packet was sent from. This can then feed into the system intrusion system or backend fraud alert mechanisms. The web however is going 'dark'. There is a noticeable uptake in the amount of encrypted data and third party anonymous traffic proxies which aim to mask the try location and IP address of a web request. We present here a system which identifies the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies.

AB - There is an increasing need to be able to classify whether an incoming packet is from a legitimate originating IP address or has been modified through an intermediate proxy or node. Being able to verify the originating IP address allows a business (e.g. bank) to use geolocation services in order to then ascertain which geographical location that packet was sent from. This can then feed into the system intrusion system or backend fraud alert mechanisms. The web however is going 'dark'. There is a noticeable uptake in the amount of encrypted data and third party anonymous traffic proxies which aim to mask the try location and IP address of a web request. We present here a system which identifies the characteristics or signatures whenever a user is using a web proxy by developing a Detection System that records packets and analyses them looking for identifying patterns of web proxies.

KW - anonymous proxies

KW - traffic classification

KW - security

KW - networking

U2 - 10.20533/ijisr.2042.4639.2015.0061

DO - 10.20533/ijisr.2042.4639.2015.0061

M3 - Article

VL - 5

SP - 538

EP - 545

JO - International Journal for Information Security Research

T2 - International Journal for Information Security Research

JF - International Journal for Information Security Research

SN - 2042-4639

IS - 1

ER -