De-anonymizing the Internet Using Unreliable IDs

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

ESafe Reporter V3.0 eSafe Learning and Certification Program February 2007.
Global MP3 Geoffrey Beers Deborah Ford Mike Quinn Mark Ridao.
Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
1 BotGraph: Large Scale Spamming Botnet Detection Yao Zhao EECS Department Northwestern University.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao Yinglian Xie *, Fang Yu *, Qifa Ke *, Yuan Yu *, Yan Chen and Eliot Gillum ‡ EECS Department,
1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:
Intrusion Prevention, Detection & Response. IDS vs IPS IDS = Intrusion detection system IPS = intrusion prevention system.
JOHN P. JOHN FANG YU YINGLIAN XIE MARTÍN ABADI ARVIND KRISHNAMURTHY PRESENTATION BY SAM KLOCK Searching the Searchers with SearchAudit.
John P., Fang Yu, Yinglian Xie, Martin Abadi, Arvind Krishnamurthy University of California, Santa Cruz USENIX SECURITY SYMPOSIUM, August, 2010 John P.,
1 ITGS - introduction A computer may have: a direct connection to a net (cable); or remote access (modem). Connect network to other network through: cables.
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.
MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.
Protecting Students on the School Computer Network Enfield High School.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
BotGraph: Large Scale Spamming Botnet Detection Yao Zhao, Yinglian Xie, Fang Yu, Qifa Ke, Yuan Yu, Yan Chen, and Eliot Gillum Speaker: 林佳宜.
REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Geoff Hulten, and Ivan Osipkov. SIGCOMM, Presented.
1 DMG900 + EXP1015 (GSM-GPRS) DMG900 + EXP1015 Sending SMS: to modify REM variables status and required plant information Receiving SMS: plant status,
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Minding your business on the internet Kelly Trevino Regional Director October 6,2015.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
SybilGuard: Defending Against Sybil Attacks via Social Networks.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
Web Application (In)security Note: Unless noted differently, all scanned figures were from the textbook, Stuttard & Pinto, 2011.
Spamming Botnets: Signatures and Characteristics Yinglian Xie, Fang Yu, Kannan Achan, Rina Panigrahy, Microsoft Research, Silicon Valley Geoff Hulten,
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
LO2 Understand the key components used in networking.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
How dynamic are IP addresses? Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moises Goldszmidt, Ted Wobber SIGCOMM ‘07 Chulhyun Park
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
Some Network Commands n Some useful network commands –ping –finger –nslookup –tracert –ipconfig.
Published: USENIX HotBots, 2007 Presented: Wei-Cheng Xiao 2016/10/11.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Hotspot Shield Protect Your Online Identity
Chapter 7: Identifying Advanced Attacks
Chapter 6 Application Hardening
The Devil and Packet Trace Anonymization
Address Resolution Protocol (ARP)
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.
Chapter 14: Representing Identity
HWP2 – Distributed search
Distributed Peer-to-peer Name Resolution
Operating Systems Security
Address Resolution Protocol (ARP)
Balancing Risk and Utility in Flow Trace Anonymization
Computer Security.
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
REVISITING DEFENSES AGAINST LARGE SCALE ONLINE PASSWORD GUESSING ATTACKS Mansour Alsaleh,Mohammad Mannan and P.C van Oorschot.
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Introduction to Internet Worm
Chapter 15 - IP: Software To Create A Virtual Network
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Yinzhi Cao, Ionut Trestian

Problem A free but troublesome network Problems we try to solve: To what extent can we use IP addresses to track hosts? Can we use the binding information between hosts and IP addresses to strengthen network security?

Host-Tracking Graph Formally, we define the host-tracking graph G : H × T → IP, where H is the space of all hosts on the Internet, T is the space of time, and IP is the IP-address space.

Host-Tracking Graph

Host Representation Since we lack strong authentication mechanisms, we consider leveraging application-level identifiers such as user email IDs, messenger login IDs, social network IDs, or cookies.

Goals We would like to generate two outputs The first being an identity-mapping table that represents the mappings from unreliable IDs to hosts The second being the host-tracking graph that tracks each host’s activity across different IP addresses over time

Tracking Host Activities

Application-ID Grouping To quantitatively compute the probability of two independent user IDs u1 and u2 appearing consecutively, let us assume that each host’s connection (hence the corresponding user login) to the Internet is a random, independent event.

Host-Tracking Graph Construction

Resolving Inconsistency Proxy Identification To find both types of proxies/NATs, HostTracker gradually expands all the overlapped conflict binding windows associated with a common IP address. Guest Removal

Input Dataset A month-long user-login trace collected at a large Web-email service provider in October, 2008 (about 330 GB). Each entry has 3 fields: (1) an anonymized user ID (550 million) (2) the IP address that was used to perform the email login (220 million) (3) the timestamp of the login event For validation: A month-long software-update log collected by a global software provider during the same period of October, 2008. a unique hardware ID for each remote host that performs an update, the IP address of the remote host the software update timestamp.

Tracked events

Tracked Hosts vs. Active Hosts

Validation results

Tracked User Population

Signup Date

Email sending behavior

Applications – Detecting Malicious Activity In a previous study we identified 5.6 million malicious IDs that are used to conduct spam campaigns Intersection between malicious IDs and tracked IDs (220 million) is small (50k)

Signup Date - Revisited

Host Tracking – Security

Country Code Comparison

Seed Size Analysis

Conclusions Although email accesses provide only a limited view of the Internet one can use other information for tracking – social network IDs, cookies etc Hard to evade HostTracker and maintain attack effectiveness at the same time

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.