Abstract
The identification of encrypted Instant Messaging (IM) channels between users is made difficult by the presence of variable and high levels of uncorrelated background traffic. In this paper, we propose a novel Cross-correlation Outlier Detector (CCOD) to identify communicating end-users in a large group of users. Our technique uses traffic flow traces between individual users and IM service provider's data center. We evaluate the CCOD on a data set of Yahoo! IM traffic traces with an average SNR of -6.11dB (data set includes ground truth). Results show that our technique provides 88% true positives (TP) rate, 3% false positives (FP) rate and 96% ROC area. Performance of the previous correlation-based schemes on the same data set was limited to 63% TP rate, 4% FP rate and 85% ROC area.
Original language | English |
---|---|
Title of host publication | 2015 49th Annual Conference on Information Sciences and Systems (CISS) |
Publisher | IEEE |
Pages | 1-5 |
Number of pages | 5 |
ISBN (Print) | 978-1-4799-8428-2 |
DOIs | |
Publication status | Published - 20 Mar 2015 |
Event | 2015 49th Annual Conference on Information Sciences and Systems (CISS) - Baltimore, MD, USA Duration: 18 Mar 2015 → 20 Mar 2015 |
Conference
Conference | 2015 49th Annual Conference on Information Sciences and Systems (CISS) |
---|---|
Period | 18/03/15 → 20/03/15 |
Keywords
- Correlation
- Privacy
- Instant messaging
- Time series analysis
- Security
- Delays
- Signal to noise ratio