identifying personal information in internet traffic
play

Identifying Personal Information in Internet Traffic Yabing Liu Han - PowerPoint PPT Presentation

Jan 13, 2024 •270 likes •639 views

Identifying Personal Information in Internet Traffic Yabing Liu Han Hee Song Ignacio Bermudez Alan Mislove Mario Baldi Alok Tongaonkar Northeastern University Cisco Systems Symantec Corporation November 2, 2015,

  1. Identifying Personal Information in Internet Traffic Yabing Liu † Han Hee Song ‡ Ignacio Bermudez § Alan Mislove † Mario Baldi ‡ Alok Tongaonkar § † Northeastern University ‡ Cisco Systems § Symantec Corporation November 2, 2015, COSN’15

  2. Web-based services Most popular Internet-based services • Web sites, smartphone apps • Traditional PCs, tablets, and smartphones • Facebook (1.44 B) WhatApp (800 M) Users share significant data explicitly • Name, gender, email, locations… • Photos, videos, blogs, news, statuses… Applications collect user data implicitly • Monetizing personal information (third parties) Yabing Liu 2

  3. Web-based services Users don’t have control • Cannot keep content secret from provider • Little visibility into what apps do with PI Organizations concerned about their user privacy • Companies, universities, … • Alert users about potential leak + Goal: Important to understand PI transmitted • Develop system which can automatically detect it Yabing Liu 3

  4. Personal Information Definition of PI • Anything the web site or app can receive about the user Users today have many types of PI • Name, birthday, income, interests, user ID, … • Photos, videos, statuses, … Focus: certain types of text-based PI Yabing Liu 4

  5. Motivating Experiment Controlled Lab traffic in Aug. 2014 • Set up web/HTTPS-MITM proxy • Configured iPhone to use the proxy • Downloaded and ran top 35 free apps from the App Store • Examined network traces (only HTTP/HTTPS) Yabing Liu 5

  6. PI in App Traffic What is the fraction of HTTP VS. HTTPS flows? • 62% HTTP VS. 38% HTTPS What applications are collecting user PI? • All of them! • Examples: Email, Name, UserID, Location, Gender, … What fraction of flows have PI? • 3% Upshot: Lots of PI, but needle in a haystack Yabing Liu 6

  7. Goal Automatically detect when web sites or smartphone apps collect PI In-network ISP Internet User (monitors traffic, looks for PI) Explore in-network measurement and analysis • Large organizations who control the network • Not end-host-based approach (e.g., devices, browsers) • Only HTTP transactions (44% of ground truth PI from Lab traffic) Reasons • Significantly lower barriers to deployment • Higher coverage than end-host-based approach Yabing Liu 7

  8. Outline • Motivation • Dataset • Methodology • Evaluation Yabing Liu 8

  9. Dataset Real ISP operational traffic • 24 hour PCAP data [Aug. 2011, one European City] • 13K users without ground truth • To test methodologies at scale Dataset HTTP flows ISP traffic 40,775,119 Locate the flows with PI Yabing Liu 9

  10. Domain-Keys Deconstruct fields from HTTP traffic trace • Key — HTTP GET request, Referrer header, Cookie • Domain — Host header • <Domain, Key> (DK) - Value pairs Observed HTTP transaction GET /foo.html?user_firstname=Alice HTTP/1.1 Host: imagevenue.com Cookie: a=293&g=00s9229daa&age=39&id=27 ETag: 2039-2dc90ea2-12 Referer: http://www.facebook.com/?user_id=89 Accept-Encoding: deflate,gzip HTTP/1.1 200 OK Date: Mon, 23, May 2013 22:38:34 GMT Yabing Liu 10

  11. Domain-Keys Deconstruct fields from HTTP traffic trace • Key — HTTP GET request, Referrer header, Cookie • Domain — Host header • <Domain, Key> (DK) - Value pairs Derived domain-keys and values Observed HTTP transaction GET /foo.html?user_firstname=Alice HTTP/1.1 Domain Key Field Value Host: imagevenue.com imagevenue.com user_firstname GET Alice Cookie: a=293&g=00s9229daa&age=39&id=27 ETag: 2039-2dc90ea2-12 imagevenue.com a Cookie 293 Referer: http://www.facebook.com/?user_id=89 Cookie 00s9229da imagevenue.com g Accept-Encoding: deflate,gzip a imagevenue.com age Cookie 39 HTTP/1.1 200 OK imagevenue.com id Cookie 27 Date: Mon, 23, May 2013 22:38:34 GMT imagevenue.com user_id Referer 89 Yabing Liu 10

  12. Domain-Keys Deconstruct fields from HTTP traffic trace • Key — HTTP GET request, Referrer header, Cookie • Domain — Host header Tuples Domain-keys • <Domain, Key> (DK) - Value pairs 51,368,712 3,113,696 Derived domain-keys and values Observed HTTP transaction GET /foo.html?user_firstname=Alice HTTP/1.1 Domain Key Field Value Host: imagevenue.com imagevenue.com user_firstname GET Alice Cookie: a=293&g=00s9229daa&age=39&id=27 ETag: 2039-2dc90ea2-12 imagevenue.com a Cookie 293 Referer: http://www.facebook.com/?user_id=89 Cookie 00s9229da imagevenue.com g Accept-Encoding: deflate,gzip a imagevenue.com age Cookie 39 HTTP/1.1 200 OK imagevenue.com id Cookie 27 Date: Mon, 23, May 2013 22:38:34 GMT imagevenue.com user_id Referer 89 Yabing Liu 10

  13. Seeded Approach Look for domain-keys with many values that “look like” PI But many challenges in analyzing data 1 Do every domain-keys have enough number of values? 2 What kinds of value are PI we look for? 3 How to filter out keys with many mismatched values? 4 How to discover missing values? Yabing Liu 11

  14. Step1: Pre-processing Does every DK have enough number of values? 1 Yabing Liu 12

  15. Step1: Pre-processing Does every DK have enough number of values? 1 Out of 3.1M DKs, only the top 9% of DKs has at least 10 tuples. Yabing Liu 12

  16. Step1: Pre-processing Does every DK have enough number of values? 1 9% of heavy hitter DKs cover over 90% of values. Yabing Liu 12

  17. Step2: Seed rules What kinds of value are PI we look for? 2 • Regular expressions with constraints and dictionaries PI Type Seed Rules AgeRange /^[0-9]{1,3}-[0-9]{1,3}$/ (where the second number is larger than the first) City Dictionary of cities, such as {“boston”, “new york”, “chicago”, …} Email /^(\w|\-|\_|\.)+\@((\w|\-|\_)+\.)+[a-zA-Z]{2,}$/ /^[\+\-]{0,1}\d+\.\d{4}\d+$/ (where the value is within the range of the Geo country) /^[mf]$/ or /^(fe)?male$/ or the corresponding words for the male/female in Gender local language Name Dictionary of boy and girl names, such as {“alice”, “christian”, …} /^([+]code?((38[{8,9}|0])|(34[{7-9}|0])|(36[6|6|0])|(33[{3-9}|0])|(32[{3-9}| Phone 0])|(32[{8,9}]))([\d]{7})$/ Yabing Liu 13

  18. Step2: Seed rules What kinds of value are PI we look for? 2 • Regular expressions with constraints and dictionaries PI Type Seed Rules AgeRange /^[0-9]{1,3}-[0-9]{1,3}$/ (where the second number is larger than the first) City Dictionary of cities, such as {“boston”, “new york”, “chicago”, …} Email /^(\w|\-|\_|\.)+\@((\w|\-|\_)+\.)+[a-zA-Z]{2,}$/ /^[\+\-]{0,1}\d+\.\d{4}\d+$/ (where the value is within the range of the Geo country) /^[mf]$/ or /^(fe)?male$/ or the corresponding words for the male/female in Gender local language Name Dictionary of boy and girl names, such as {“alice”, “christian”, …} /^([+]code?((38[{8,9}|0])|(34[{7-9}|0])|(36[6|6|0])|(33[{3-9}|0])|(32[{3-9}| Phone 0])|(32[{8,9}]))([\d]{7})$/ Yabing Liu 13

  19. Step2: Seed rules What kinds of value are PI we look for? 2 • Regular expressions with constraints and dictionaries PI Type Seed Rules AgeRange /^[0-9]{1,3}-[0-9]{1,3}$/ (where the second number is larger than the first) City Dictionary of cities, such as {“boston”, “new york”, “chicago”, …} Email /^(\w|\-|\_|\.)+\@((\w|\-|\_)+\.)+[a-zA-Z]{2,}$/ /^[\+\-]{0,1}\d+\.\d{4}\d+$/ (where the value is within the range of the Geo country) /^[mf]$/ or /^(fe)?male$/ or the corresponding words for the male/female in Gender local language Name Dictionary of boy and girl names, such as {“alice”, “christian”, …} /^([+]code?((38[{8,9}|0])|(34[{7-9}|0])|(36[6|6|0])|(33[{3-9}|0])|(32[{3-9}| Phone 0])|(32[{8,9}]))([\d]{7})$/ Yabing Liu 13

  20. Step3: Filtering domain-keys How to filter out DKs with many mismatched values? 3 • For each DK, plot ratio of matched values Yabing Liu 14

  21. Step3: Filtering domain-keys How to filter out DKs with many mismatched values? 3 • For each DK, plot ratio of matched values Yabing Liu 14

  22. Step3: Filtering domain-keys How to filter out DKs with many mismatched values? 3 • For each DK, plot ratio of matched values 23% of Email candidate domain-keys have ratio =1 Yabing Liu 14

  23. Step3: Filtering domain-keys How to filter out DKs with many mismatched values? 3 • For each DK, plot ratio of matched values 40% of Email candidate domain-keys have ratio >=0.2 Pick knee points to select threshold Yabing Liu 14

  24. Step3: Filtering domain-keys How to filter out DKs with many mismatched values? 3 • For each DK, plot ratio of matched values 62% of Geo candidate domain-keys have ratio >=0.9 Pick knee points to select threshold Yabing Liu 14

  25. Step4: Expansion How to expand the missing values? 4 • Seed rules do not cover all possible cases User-Index Domain Key Value 1 google-analytics.com email johnDoe@gmail.com 2 google-analytics.com email janeDoe@hotmail.com 1 google-analytics.com email johnDoe 2 google-analytics.com email janeDoe 3 facebook.com gender female 4 facebook.com gender m 5 facebook.com gender f 6 facebook.com gender 1 7 facebook.com gender f-f 8 facebook.com gender f-m Take all values of DKs with enough matches Yabing Liu 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Identifying Network Traffic Activity Via Flow Sizes Overview Motivation identifying

Identifying Network Traffic Activity Via Flow Sizes Overview Motivation identifying

Identifying Network Traffic Activity Via Flow Sizes Overview Motivation identifying activity via payload Theory behind the idea Measuring NetFlow Measuring DNS traffic captures Implications and future work Motivation

580 views • 17 slides
Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance

Internet traffic measurements Renata Teixeira (Inria) Why measure traffic? Performance analysis Anomaly and intrusion detec=on Network engineering Traffic at different granulari=es IP-level packets Capture per-packet

539 views • 40 slides
5.2 MAS for managing the personal information space: ILTIS Lorenz (2001) ILTIS: Information

5.2 MAS for managing the personal information space: ILTIS Lorenz (2001) ILTIS: Information

5.2 MAS for managing the personal information space: ILTIS Lorenz (2001) ILTIS: Information Location and Tracking by Integrating Services Scenario: A human user creates for him- or herself a personal information space in the Internet and with

260 views • 23 slides
DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet,

DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet,

QUEUING THEORY: EXPONENTIAL DISTRIBUTION Describing traffic How can we describe traffic? Cars, pedestrian, internet, etc. Also: how can we describe how traffic is processed? What are some metrics? Rate at which people

945 views • 13 slides
Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

Internet Governance Forum the World Malta Internet Traffic Statistics Introduction

6/7/2011 Outline State of the Internet Internet Governance Forum the World Malta Internet Traffic Statistics Introduction Usage and trends Internet Governance Definition/s History and today Launch of Malta I

84 views • 6 slides
Three Layers of Internet Governance protection of personal data illegal and harmful

Three Layers of Internet Governance protection of personal data illegal and harmful

Internet Governance Revisited: Think Decentralization ! Dr. Marc Holitscher, University of Zurich Presentation given at the ITU-workshop on Internet Governance February 26th 2004 Three Layers of Internet Governance protection of personal

407 views • 5 slides
Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline Why do we need to measure traffic in the Internet? Active measurement vs. passive

771 views • 31 slides
Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet?

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Traffic Measurement Lothar Braun Outline q Why do we need to measure traffic in the Internet? q Active measurement vs. passive

654 views • 31 slides
COVID-19: Identifying &amp; Managing Stress Wednesday, May 20, 2020 1:00 2:00 pm Serving

COVID-19: Identifying &amp; Managing Stress Wednesday, May 20, 2020 1:00 2:00 pm Serving

COVID-19: Identifying &amp; Managing Stress Wednesday, May 20, 2020 1:00 2:00 pm Serving Commercial Fishermen and their Families About Todays Webinar Personal Information Information provided by participants during registration will

457 views • 8 slides
Identifying MMORPG Bots: Identifying MMORPG Bots: A Traffic Analysis Approach A Traffic Analysis

Identifying MMORPG Bots: Identifying MMORPG Bots: A Traffic Analysis Approach A Traffic Analysis

Identifying MMORPG Bots: Identifying MMORPG Bots: A Traffic Analysis Approach A Traffic Analysis Approach (MMORPG: Massively Multiplayer Online Role Playing Game) (MMORPG: Massively Multiplayer Online Role Playing Game) Kuan-Ta Chen National

593 views • 30 slides
MISSION Leadership OnDemand AGENDA Personal Values Overview Identifying your Personal

MISSION Leadership OnDemand AGENDA Personal Values Overview Identifying your Personal

PERSONAL VALUES AND MISSION Leadership OnDemand AGENDA Personal Values Overview Identifying your Personal Values Activity Creating a Mission Statement What are values? WHAT ARE VALUES? Personal Values: A

221 views • 11 slides
CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic

CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic

NASDAQ CCOI Internet Networks in Europe an overview of Internet Geography, Regulation, Traffic Exchange, Infrastructure and Major Players. by Teresa Wan Sales Director Singapore Office Francois Lemaigre Sales VP - EMEA 2 Europe

159 views • 11 slides
Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous

Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous

Reducing BitTorrent Traffic at the Internet Scale Stevens Le Blond , Arnaud Legout, Walid Dabbous 1 Two open questions about BitTorrent locality AS 2 AS 3 # connections Internet Internet AS 1 Reduces traffic AS 4 AS 5 How far can we

366 views • 14 slides
Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna Frster Sustainable Communication Networks University of Bremen Germany ITU-CBS, Santo Domingo, June 19 th 2018 Core Questions What is the Internet

135 views • 12 slides
An Empirical Study of Real Introduction Audio Traffic Internet is growing Web facilitates

An Empirical Study of Real Introduction Audio Traffic Internet is growing Web facilitates

An Empirical Study of Real Introduction Audio Traffic Internet is growing Web facilitates integration of streaming audio Radio juke boxes A. Mena and J. Heidemann Broadcast radio USC/Information Sciences Institute Live

414 views • 7 slides
Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019

Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019

19 Internet Traffic Analysis: Mohammed Alasmar Co Cosen ener ers, , 2019 2019 https://ieeexplore.ieee.org/document/8737483 Motivations Reliable traffic modelling is important for network planning, deployment and management;

447 views • 29 slides
Unit-7: Linear Temporal Logic B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Unit-7: Linear Temporal Logic B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Unit-7: Linear Temporal Logic B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 13 Module 1: Introduction to LTL 2 / 13 Transition Systems + G, F, X, GF + NuSMV State-space Bchi Automata LTL CTL

1.25k views • 110 slides
Trig Identities An identity is an equation that is true for all values of the variables. Examples

Trig Identities An identity is an equation that is true for all values of the variables. Examples

Trig Identities An identity is an equation that is true for all values of the variables. Examples of identities might be obvious results like Elementary Functions Part 4, Trigonometry 2 x + 2 x = 4 x Lecture 4.8a, Trig Identities and

276 views • 6 slides
JUST THE MATHS SLIDES NUMBER 6.3 COMPLEX NUMBERS 3 (The polar &amp; exponential forms)

JUST THE MATHS SLIDES NUMBER 6.3 COMPLEX NUMBERS 3 (The polar &amp; exponential forms)

JUST THE MATHS SLIDES NUMBER 6.3 COMPLEX NUMBERS 3 (The polar &amp; exponential forms) by A.J.Hobson 6.3.1 The polar form 6.3.2 The exponential form 6.3.3 Products and quotients in polar form UNIT 6.3 - COMPLEX NUMBERS 3 THE POLAR

240 views • 10 slides
What Am I Doing Here? EBP - PI - Research Sharlene Toney, PhD, RN Director, Professional Nursing

What Am I Doing Here? EBP - PI - Research Sharlene Toney, PhD, RN Director, Professional Nursing

What Am I Doing Here? EBP - PI - Research Sharlene Toney, PhD, RN Director, Professional Nursing Practice and Development Session Objectives: Define evidence-based practice (EBP) Identify the difference between Process Improvement and

490 views • 16 slides
Optimal Pricing in Finite Server Systems Ashok Krishnan K.S. a , Chandramani Singh a , Siva Theja

Optimal Pricing in Finite Server Systems Ashok Krishnan K.S. a , Chandramani Singh a , Siva Theja

Optimal Pricing in Finite Server Systems Ashok Krishnan K.S. a , Chandramani Singh a , Siva Theja Maguluri b , Parimal Parag a a Indian Institute of Science b Georgia Institute of Technology Introduction The Problem 1 5 servers, 2 busy 2 3 4

731 views • 27 slides
January 17, 2019 1 Objectives of PI Working Group Strive for focused, consensus-based

January 17, 2019 1 Objectives of PI Working Group Strive for focused, consensus-based

January 17, 2019 1 Objectives of PI Working Group Strive for focused, consensus-based decision making Recommend appropriate PI calculation methodology for 2020 by the end of Q2 2018 To extent possible, recommended methodology should

737 views • 18 slides
OS RAA PI Letter Outreach S ession Office for S ponsored Research and Award Administration

OS RAA PI Letter Outreach S ession Office for S ponsored Research and Award Administration

OS RAA PI Letter Outreach S ession Office for S ponsored Research and Award Administration Zach Gill- S enior Grant and Contract Officer Amanda Watts- Team Lead S et Up Coordinator Vickie Watkins- Grant and Contract Officer Agenda OS RAA

304 views • 12 slides
Imperfect Competition 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Coumot (quantity)

Imperfect Competition 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Coumot (quantity)

Lecture 7 Imperfect Competition 14.12 Game Theory Muhamet Yildiz 1 Road Map 1. Coumot (quantity) competition 1. Rationalizability 2. Nash Equilibrium 2. Bertrand (price) competition 1. Nash Equilibrium 2. Rationalizability with discrete prices

425 views • 16 slides

More recommend