Inferring the presence of reverse proxies through timing analysis
Approved for public release; distribution is unlimited === This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web content from the ac...
| Main Author: | |
|---|---|
| Other Authors: | |
| Published: |
Monterey, California: Naval Postgraduate School
2015
|
| Online Access: | http://hdl.handle.net/10945/45803 |
| Summary: | Approved for public release; distribution is unlimited === This thesis presents a method for inferring the presence of a reverse proxy server using packet timing analysis from the vantage point of a client system. This method can determine whether Internet users are receiving web content from the actual source or from some potentially spoofed proxy device; leading to better risk assessment and understanding of the cyber terrain. By using only the measurement and comparison of three-way handshake and content request/delivery packet round trip times, we identify an accurate classifier that detects the presence of a reverse proxy server with over 98% accuracy. This is an improvement over other inference methods because all measurements can be done from an external client machine. A secondary yet significant contribution is the robust data set that was produced as a result of this research. We have collected a set of over 6 million data points from a known set of 30 globally dispersed machines, which was instrumental in our research efforts and will be used for further studies and exploration. |
|---|