AbstractConventional network security solutions are performed on networklayer packets using statistical measures. These types of traffic analysis may not catch stealthy attacks carried out by today’s malware. We aim to develop a host-based security tool that identifies suspicious outbound network connections through analyzing the user’s surfing activities. Specifically, our solution for Web applications predicts user’s network connections by analyzing Web content; unpredicted traffic is further investigated with the user’s help. We describe our method and implementation as well as the experimental results in evaluating its efficiency and effectiveness. We describe how our studies can be applied to detecting bot infection. In order to assess the workload of our host-based traffic-analysis tool, we also perform a large-scale characterization study on 500 university-users’ wireless network traces for 4-month period. We study both the statistical and temporal patterns of individuals’ web usage behaviors from collected wireless network traces. Users are classified into different profiles based on their web usage patterns. Our results show that users have regularities in their Web activities and the expected workload of our traffic-analysis solution is low.
RightsThis Item is protected by copyright and/or related rights.You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use.For other uses you need to obtain permission from the rights-holder(s).