Finding Proxy Users at the Service Using Anomaly Detection Conference Paper uri icon

abstract

  • 2016 IEEE. Compromised machines or handsets can be used by attackers as stepping stones for accessing sensitive or protected information. We propose a class of detection methods based on anomaly detection at the service and present two lightweight methods of detecting proxies at the service: one for TCP and one for the application layer. These methods can potentially be deployed to monitor connections in real time so attackers may be stopped before accessing sensitive data. We evaluate these methods on local and wide area networks, with different proxy applications, and under different load conditions to show that the proposed techniques can provide high detection rates at low false positive rates. Our techniques are effective even when the client to proxy connections are out of scope of surveillance and resilient to attacks even during training.

name of conference

  • 2016 IEEE Conference on Communications and Network Security (CNS)

published proceedings

  • 2016 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS)

author list (cited authors)

  • Webb, A. T., & Reddy, A.

citation count

  • 2

complete list of authors

  • Webb, Allen T||Reddy, AL Narasima

publication date

  • January 2016