Finding Proxy Users at the Service Using Anomaly Detection
Conference Paper
Overview
Identity
Additional Document Info
Other
View All
Overview
abstract
2016 IEEE. Compromised machines or handsets can be used by attackers as stepping stones for accessing sensitive or protected information. We propose a class of detection methods based on anomaly detection at the service and present two lightweight methods of detecting proxies at the service: one for TCP and one for the application layer. These methods can potentially be deployed to monitor connections in real time so attackers may be stopped before accessing sensitive data. We evaluate these methods on local and wide area networks, with different proxy applications, and under different load conditions to show that the proposed techniques can provide high detection rates at low false positive rates. Our techniques are effective even when the client to proxy connections are out of scope of surveillance and resilient to attacks even during training.
name of conference
2016 IEEE Conference on Communications and Network Security (CNS)