De-anonymizing the internet using unreliable IDs

12 years 10 months ago
De-anonymizing the internet using unreliable IDs
Today’s Internet is open and anonymous. While it permits free traffic from any host, attackers that generate malicious traffic cannot typically be held accountable. In this paper, we present a system called HostTracker that tracks dynamic bindings between hosts and IP addresses by leveraging application-level data with unreliable IDs. Using a month-long user login trace from a large email provider, we show that HostTracker can attribute most of the activities reliably to the responsible hosts, despite the existence of dynamic IP addresses, proxies, and NATs. With this information, we are able to analyze the host population, to conduct forensic analysis, and also to blacklist malicious hosts dynamically. Categories and Subject Descriptors C.2.0 [Computer Communication Networks]: General—security and protection; C.2.3 [Computer Communication Networks]: Network Operations—network management General Terms Measurement, Security
Yinglian Xie, Fang Yu, Martín Abadi
Added 28 May 2010
Updated 28 May 2010
Type Conference
Year 2009
Authors Yinglian Xie, Fang Yu, Martín Abadi
Comments (0)