Skip to main content
SpringerLink
Log in

A Passive External Web Surveillance Technique for Private Networks

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3685))

Abstract

The variety and richness of what users browse on the Internet has made the communications of web-browsing hosts an attractive target for surveillance. We show that passive external surveillance of web-browsing hosts in private networks is possible despite the anonymizing effects of NATs and HTTP proxies at the gateway. These devices effectively anonymize the origin of communication streams, and remove many identifying features, making it difficult to group web traffic into mutually disjoint same-host single user sets called sessions. Sessions offer a complete picture of each user’s web browsing experience. Without them, passive external surveillance is of little use. This paper offers a content analysis technique called Link Chaining that aids the sessionization process by recovering large pieces of sessions called session fragments. The technique is based on the knowledge that the majority of downloaded web resources are clicked-to from other web pages. By following hyperlinks in the bodies of HTTP messages in passively collected trace data, web traffic can be be coalesced into session fragments and used by human analysts to isolate individual users’ sessions. The technique gives the human analyst a significant advantage over manual methods. The implementation presented here has been tested on accumulated local data and demonstrates the feasibility of the scheme.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Clarke, F., Ekeland, I.: Nonlinear oscillations and boundary-value proeblems for Hamiltonian systems. Arch. Rat. Mech. Anal. 78, 315–333 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  2. Wong, C.: HTTP Pocket Reference. O’Reilly, Sebastopol (2000)

    Google Scholar 

  3. Gourley, D., et al.: HTTP: The Definitive Guide. O’Reilly, Cambridge (2002)

    MATH  Google Scholar 

  4. Bellovin, S.M.: A Technique for Counting NATed Hosts (2003), http://www.research.att.com/~smb/papers/fnat.pdf , AT&T Labs Reseach

  5. Berendt, B., Mobasher, B., Spiliopoulou, M.: Web Usage Mining for E-Business Applications. In: ECML/PKDD 2002, August 19 (2002)

    Google Scholar 

  6. Snort IDS, http://www.snort.org/about.html

  7. MySQL, http://www.mysql.com/

  8. MySQL++, http://tangentsoft.net/mysql++/

  9. TCPdump, http://tcpdump.org/

Download references

Author information

Authors and Affiliations

  1. Royal Military College of Canada, PO Box 17000, Station Forces Kingston, Ontario, K7K 7B4, Canada

    Constantine Daicos & Scott Knight

Authors
  1. Constantine Daicos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Scott Knight
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Daicos, C., Knight, S. (2005). A Passive External Web Surveillance Technique for Private Networks. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_7

Download citation

  • DOI: https://doi.org/10.1007/11560326_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation