Identifying click-requests for the network-side through traffic behavior

https://doi.org/10.1016/j.jnca.2020.102872Get rights and content
Under a Creative Commons license
open access

Abstract

With the rapid development of web-based applications, clicking on hyperlinks has become a general means for accessing various network services. Understanding the visiting behavior of web users not only helps improve the personalized service quality and user experience, but also plays an important role in network management and early threat detection. Click-stream identification is a fundamental issue for user behavior analysis. However, most existing approaches are designed for non-encrypted HTTP requests and only focus on server-side scenarios, which makes them inapplicable to the increasingly popular HTTPS and network-side management. In this work, we propose an encryption-independent scheme from a network-side perspective that adopts the web traffic collected at the network boundary to identify the HTTP(S) requests generated by the click actions of web users. The proposed scheme employs hidden Markov models (HMMs) to describe the time-varying behavior of click and non-click web traffic. A deep neural network (DNN) is integrated into the HMMs to capture the context of web traffic, which eliminates the limitations caused by the independence hypothesis of the traditional HMMs. Finally, a DNN-based rear classifier is proposed to determine the type of HTTP(S) requests according to the fitting degree between the HTTP(S) requests and the HMM-based behavior models. We derive the algorithms for model learning and click identification. Experiments are conducted to validate the proposed approach. Performance-related issues and comparisons are discussed. Results show that both the average precision and recall rate of the proposed approach exceed 92%, which is better than most existing benchmark methods in terms of performance and stability.

Keywords

Web traffic
Click
Traffic behavior
Hidden Markov model
Deep neural network

Cited by (0)

Xingrui Fei received the B.S. degree in Soochow University. He is currently a postgraduate student at Sun Yat-sen University, Guangzhou, China. His research interests focus on cyber security.

Yi Xie received the B.Sc., M.Sc. and Ph.D. degrees from Sun Yat-Sen University, Guangzhou, China. He was a visiting scholar at George Mason University and Deakin University during 2007 to 2008, and 2014 to 2015, respectively. He is currently an Associate Professor at the School of Information Science and Technology, Sun Yat-Sen University. His recent research interests include networking, network security, behavior modeling and algorithms.

Shensheng Tang is currently with the Department of Electrical and Computer Engineering at St Cloud State University, USA. He received his Ph.D. from The University of Toledo, USA. He has eight years of product design and development experience in wireless industry as hardware engineer, system engineer, and manager respectively. His current research interests include embedded systems, networking (wireless, wired), Internet of things (IoT), and modeling and performance evaluation. He has served or is serving as an editor or Guest Editor for International Journals and a TPC member of international conferences. He is a senior member of IEEE.

Jiankun Hu is a full professor of Cyber Security at the School of Engineering and Information Technology, the University of New South Wales at the Australian Defence Force Academy (UNSW@ADFA), Australia. Prof. Hu received his Bachelor’s degree in Industrial Automation in 1983 from Hunan University, PR China; a Ph.D. degree in engineering in 1993 from the Harbin Institute of Technology, PR China; and a Master’s degree by research in the School of Computer Science and Software Engineering from Monash University, Australia, in 2000. Hu’s major research interest is in computer security, especially biometric security.