A Web Traffic Analysis Attack Using Only Timing Information.

We introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. This attack is therefore impervious to existing packet padding defences. ... In addition, unlike existing approaches this timing-only attack does not require knowledge of the start/end of web fetches and so is effective against traffic streams. ... SUMMARY AND CONCLUSIONS We introduce an attack against encrypted web traffic that makes use only of packet timing information on the uplink. ...

arXiv:1410.2087v3 fatcat:pble4wpvo5bgfpenuoctmnz43m

Multiple Versions

Our tool, called SDToW, is designed to effectively use the structure of the WMNs to block the Slowloris attack. SDToW uses three different modules to detect and block the attack. ... Our solution blocks the attacker on its first WMN hop, reducing the malicious traffic on the network and avoiding further attacks from the blocked user. ... Slowloris Traffic Analyses We performed the attack analysis using a scenario with a Web server receiving a direct attack. ...

doi:10.3390/info11120544 fatcat:toeyusutvngylnm4cjgtck4zgy

DOAJ Szczepanski

This approach applies encrypted traffic analysis to intrusion detection, which analyzes contents of encrypted traffic using only data size and timing without decryption. ... First, the system extracts information from encrypted traffic, which is a set comprising data size and timing for each web client. ... The approach applies encrypted traffic analysis to intrusion detection. Our approach uses only data size and timing of traffic without decryption to analyze the content of encrypted traffic. ...

doi:10.1109/ainaw.2007.212 dblp:conf/aina/YamadaMTSP07 fatcat:hiltqjvquvgqxpx6cxy5dkrm24

We present a novel web page fingerprinting attack that is able to defeat several recently proposed defenses against traffic analysis attacks, including the application-level defenses HTTPOS [15] and randomized ... Regardless of the defense scheme, our attack was able to guess which of 100 web pages a victim was visiting at least 50% of the time and, with some defenses, over 90% of the time. ... We thank Eelco Herder for providing us with the URL traces we used to evaluate our web site classifier. ...

doi:10.1145/2382196.2382260 dblp:conf/ccs/CaiZJJ12 fatcat:6qaowii7l5e2vnhfnbvhnyloci

Such an application-level attack can efficiently and effectively compromise the anonymity of clients without using invasive plugins like Java or any other active content systems in a web browser, posing ... Tor has become one of the most popular overlay networks for anonymizing TCP traffic, however, the anonymity of Tor clients is threatened by various attacks exploiting traffic analysis or Tor's design features ... Traffic analysis attacks are the practices of inferring sensitive information from communication patterns, where features such as packet timings, sizes and counts can be used to correlate network flows ...

doi:10.1016/j.future.2010.04.007 fatcat:szxiycn3w5d2bhw42onqr6rwgm

Website fingerprinting is a known type of traffic analysis attacks that aims to identify which websites are visited in encrypted traffic traces. ... To this end, five fine-grained measures are used to point out very subtle differences in the network traffic of each web browser. ... Indeed, Yen et al. developed a technique to identify the web browser software used by hosts based only on The web browser factor in traffic analysis attacks S. Zhioua "coarse" traffic summaries. ...

doi:10.1002/sec.1338 fatcat:jcy2odc3ijctpov7vcas63feqe

DOAJ

This information overhead leads to difficulty in finding relevant and useful knowledge, therefore web mining is used as a tool to discover and extract the knowledge from the web. ... In this paper we use web mining techniques for security purposes, in detecting, preventing and predicting cyber attacks on virtual space. ... Some web sites make user identification by getting the personal information (user profile) and allow them to access their web sites by using a username and password.  Date: date and time of a request. ...

doi:10.1109/ecdc.2013.6556719 fatcat:c5tqamvelbadjpnlagd5oqmnay

Keywords-port and vulnerability scans; attacks; Web-based systems; empirical analysis of malicious traffic; distribution fitting ... aimed at individual components, allowed us to observe and study vulnerability scans and attacks that span multiple system components; and (3) Statistical characterization of the malicious traffic. ... The analysis was again based only on the network traffic data and included most often scanned ports, number of attacking hosts, persistence of attackers, and the distribution of the time between the first ...

doi:10.1109/aina.2010.138 dblp:conf/aina/Goseva-PopstojanovaMPD10 fatcat:s5jzqebn4jal3lf557r2dgfhyi

We introduce a new class of lower overhead tunnel that is resistant to traffic analysis. ... We build an experimental prototype of the tunnel and carry out an extensive performance evaluation that demonstrates its effectiveness under a range of network conditions and real web page fetches. ... While attacks against HTTPS were initially based on packet sizes and counts, attacks using only packet timing information have recently been demonstrated, e.g. [7] . ...

arXiv:1610.07141v4 fatcat:i7apxas3gffl7jaiyp3meqxvfq

Multiple Versions

A client delivers information to a server carried by a client web browser. ... An HTTP distributed denial of service (DDoS) attack occurs when the attacker is able to mimic client information, which makes a DDoS attack at the application layer difficult to distinguish as the traffic ... Existing datasets for DDoS attacks only capture network layer information while concealing application layer information [32] . ...

doi:10.30534/ijatcse/2019/86842019 fatcat:pudb3m5orjaevlsexv2p2egj74

In experiments, the processing time for performance evaluation compares a patten detection of attack features with the Snort detection. ... This study proposes a method of integration between HTTP GET flooding among DDOS attacks and MapReduce processing for a fast attack detection in cloud computing environment. ... detect a attack except analysis of web site. ...

doi:10.22667/jisis.2013.11.31.028 dblp:journals/jisis/ChoiCKCK13 fatcat:rkqtrpy3krbthchhcofdze6wra

DOAJ

Based on the deformation of Web attack , according to the principle of Web application vulnerabilities occur, attack methods and targets, the attack characteristics is extended, Proposed a structural model ... The experiments showed that the feature recognition-based Intrusion Prevention System can ensure higher performance in high-speed attack traffic network environment. ... More specifically, the protected information flow must represent the date access to a computer system Characteristics of Web Attack IPS Technology:  Embedded operation: only in embedded mode operation ...

doi:10.14257/ijfgcn.2014.7.2.18 fatcat:ux5xajw5pvez5j2omtgvuh2une

Our main observations include the following: (1) Some characteristics of the malicious Web traffic were invariant across different servers and time periods, such as for example the dominant use of the ... Empirical study Malicious web sessions Vulnerability scans Attacks Statistical inference Classification a b s t r a c t Web systems commonly face unique set of vulnerabilities and security threats due ... In this paper we used information gain feature selection method which ranks the features from the most informative to least informative using the information gain as a measure (Liu and Yu, 2005) . ...

doi:10.1016/j.cose.2014.01.006 fatcat:azawx4vvpzc6bnlvkwe3b2uzs4

Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. ... Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to ... the web board and perform remote traffic analysis. ...

arXiv:1109.0097v1 fatcat:xheg2phwpbbgffkwlnwlcorzau

Open Access

We validate our approach using datasets collected in the production network of a large Web hoster in the Netherlands. 2 Web shells provide a remote server shell, yielding serious security risks. ... Talks with several Top-10 Web hosting companies in the Netherlands reflect that detection of these attacks is often done based on log file analysis on servers, or by deploying host-based intrusion detection ... Since retrieving thumbnails is typically done in batches, e.g., when opening a Web page, we expect that timing characteristics may be useful for discriminating traffic towards galleries from attack traffic ...

doi:10.1007/s10922-017-9421-4 fatcat:byi7erdlbndmxg4sfpulxw6xpa

A Web Traffic Analysis Attack Using Only Timing Information [article]

Preserved Fulltext

Other Versions

SDToW: A Slowloris Detecting Tool for WMNs

Preserved Fulltext

Intrusion Detection for Encrypted Web Accesses

Preserved Fulltext

Touching from a distance

Preserved Fulltext

A potential HTTP-based application-level attack against Tor

Preserved Fulltext

The web browser factor in traffic analysis attacks

Preserved Fulltext

The application of web usage mining in E-commerce security

Preserved Fulltext

Empirical Analysis of Attackers Activity on Multi-tier Web Systems

Preserved Fulltext

An Efficient Web Traffic Defence Against Timing-Analysis Attacks [article]

Preserved Fulltext

Other Versions

Enhanced Detection Algorithms to Detect HTTP DDoS

Preserved Fulltext

Detecting Web based DDoS Attack using MapReduce operations in Cloud Computing Environment

Preserved Fulltext

For Deformation Web Attacks based on Feature Recognition IPS Intrusion Prevention Technology Research

Preserved Fulltext

Characterization and classification of malicious Web traffic

Preserved Fulltext

Website Detection Using Remote Traffic Analysis [article]

Preserved Fulltext

Flow-Based Web Application Brute-Force Attack and Compromise Detection

Preserved Fulltext