U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Disambiguation of Residential Wired and Wireless Access in a Forensic Setting Sookhyun.

Slides:



Advertisements
Similar presentations
INTRODUCTION TO Wi-Fi TECHNOLOGY.
Advertisements

Computer Concepts – Illustrated 8th edition
Computer Networks TCP/IP Protocol Suite.
Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Multihoming and Multi-path Routing
1 IEEE Media Independent Handoff Overview of services and scenarios for 3GPP2 Stefano M. Faccin Liaison officer to 3GPP2.
Extending Drive-Thru Data Access by Vehicle-to-Vehicle Relay Jing Zhao Todd Arnold Yang Zhang Guohong Cao Pennsylvania State University September 15 th,
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science R3: Robust Replication Routing in Wireless Networks with Diverse Connectivity Characteristics.
1 Model-based Identification of Dominant Congested Links Wei Wei, Bing Wang, Don Towsley, Jim Kurose {weiwei, bing, towsley,
1 / 18 Network Characteristics of Video Streaming Traffic Ashwin Rao, Yeon-sup Lim *, Chadi Barakat, Arnaud Legout, Don Towsley *, and Walid Dabbous INRIA.
Wireless LAN Security Understanding and Preventing Network Attacks.
0 - 0.
Addition Facts
Peer-to-peer and agent-based computing P2P Algorithms.
HotNets-VI 1 Architecting Citywide Ubiquitous Wi-Fi Access Nishanth Sastry Jon Crowcroft, Karen Sollins.
Universitá degli Studi di LAquila Mälardalens Högskola, Västerås 10th September 2009 Integrating Wireless Systems into Process Industry and Business Management.
Communicating over the Network
Protocol layers and Wireshark Rahul Hiran TDTS11:Computer Networks and Internet Protocols 1 Note: T he slides are adapted and modified based on slides.
The internet. Background Created in 1969, connected computers at UCLA, Stanford Research Institute, U. of Utah, and UC at Santa Barbara With an estimated.
IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Faculty of Computer Science & Engineering
Networks: Introduction 1 CS4514 Computer Networks Term B06 Professor Bob Kinicki.
Local Area Networks - Internetworking
Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
An OpenFlow Extension for the OMNeT++ INET Framework
Inferring Peer Centrality in Socially-Informed P2P Systems Nicolas Kourtellis, Adriana Iamnitchi Department of Computer Science & Engineering University.
INTRODUCTION TO SIMULATION WITH OMNET++ José Daniel García Sánchez ARCOS Group – University Carlos III of Madrid.
June 4, 2004 A Robust Reputation System for P2P and Mobile Ad-hoc Networks Sonja Buchegger 1 A Robust Reputation System for P2P and Mobile Ad-hoc Networks.
1 Sizing the Streaming Media Cluster Solution for a Given Workload Lucy Cherkasova and Wenting Tang HPLabs.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Towards Software Defined Cellular Networks
Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.
How does a network identify computers and transmissions?
INTRODUCTION TO COMPUTER NETWORKS Zeeshan Abbas. Introduction to Computer Networks INTRODUCTION TO COMPUTER NETWORKS.
Addition 1’s to 20.
Test B, 100 Subtraction Facts
URCA: Pulling out Anomalies by their Root Causes Fernando Silveira and Christophe Diot.
How To Set Up A Wireless Network Using A D-Link Wireless Router
TCP/IP MODEL Maninder Kaur
HEALTHCARE INFORMATION SERVICES TESTBED THROUGH CONTENT CENTRIC NETWORK: A PROTOTYPE Advisor: Asst.Prof.Dr.Panjai Tantatsanawong Presented by: Prasertsak.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science R3: Robust Replication Routing in Wireless Networks with Diverse Connectivity Characteristics.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
How’s My Network (HMN)? A Java approach to Home Network Measurement Alan Ritacco, Craig Wills, and Mark Claypool Computer Science Department Worcester.
Performance Analysis of Orb Rabin Karki and Thangam V. Seenivasan 1.
Technology for Computer Forensics by Alicia Castro.
Chapter 5 Link Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 20.
Advanced Computer Networks Classification of Access Network Types: Ethernet, Wireless LAN, ADSL, Cable Modem or Dialup? Wei Wei, Bing Wang, Chun Zhang,
NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.
U NIVERSITY OF M ASSACHUSETTS, A MHERST School of Computer Science Measurement and Modeling of User Transitioning among Networks Sookhyun Yang, Jim Kurose,
Introduction 1 Lecture 23 Link Layer (Error Detection/Correction) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science.
Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.
Forensics Investigation of Peer-to- Peer File Sharing Networks Authors: Marc Liberatore, Robert Erdely, Thomas Kerle, Brian Neil Levine & Clay Shields.
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
Windows 7 Firewall.
FiG: Automatic Fingerprint Generation Shobha Venkataraman Joint work with Juan Caballero, Pongsin Poosankam, Min Gyung Kang, Dawn Song & Avrim Blum Carnegie.
Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.
User Fingerprinting Jeffrey Pang 1 Ben Greenstein 2 Ramakrishna Gummadi 3 Srinivasan Seshan 1 David Wetherall 2,4 Presenter: Nan Jiang Most Slides:
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Link Layer introduction,
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Connecting to the Network Introduction to Networking Concepts.
PACKET SWITCHING AND CIRCUIT SWITCHING AS PART OF NETWORK AND HARDWARE.
Networking Components Assignment 3 Corbin Watkins.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Connecting to the Network
Network programming Lecture 1 Prepared by: Dr. Osama Mokhtar.
Presentation transcript:

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Disambiguation of Residential Wired and Wireless Access in a Forensic Setting Sookhyun Yang, Jim Kurose, Brian Neil Levine University of Massachusetts Amherst This research is supported by NSF awards CNS and CNS

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Outline Introduction Problem Statement Experimental Methodology Classification Results Conclusion 2

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science P2P network peer Law enforcement Step2. Known sender locationStep2. location Illegal content distributed P2P from known location 3 Challenge: Can we legally determine that a suspect used wired access, thus making the resident user more likely to be a responsible party? Illegal content distributor (e.g., CP) Wireless router wired or wireless access? Step1. Public IP addressStep1. address Someone used my open Wi-Fi!

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Can We Intercept Data at Intermediate Nodes? 4 No, law enforcement can not legally take traces at intermediate nodes without a warrant or wiretap. Illegal content distributor peer … … Law enforcement Data interception via a sniffer Data interception router Wireless router Reasonable expectation of privacy (REP) for the sources of data. The Wiretap Act and the Pen Register statute.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science P2P network Can We Intercept Data as a Peer? 5 Law enforcement peer Yes, measurements taken at a peer, before a warrant, are legal! Wireless router Users of P2P file sharing networks have no reasonable expectation of privacy. Software designed for law enforcement to monitor P2P activity does not violate US 4th amendment protections. Illegal content distributor

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Outline Introduction Problem Statement Experimental Methodology Classification Results Conclusion 6

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Our Problem Setting 7 Target Wi-Fi AP Law enforcement peer Cable modem P2P Internet Cable network Wiredaccess?Wiredaccess? Challenge: can we classify the access network type of target sender using remotely measured P2P traces? Challenges in this forensic setting: hidden and unknown residential factors can affect classification results. ???? ? ? ? ? ? ? ? Ethernet

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Our Contribution Investigate performance of several wired-vs- wireless classification algorithms in various home network scenarios. Observe how several scenario factors affect classifier performance. Single flow vs. Multiple flows from a target. Operating systems. P2P application rate limit. Wireless channel contention. Explain when, why and how the classifier works reliably or poorly. 8 See Tech. Rep. UM-CS , Dept. of CS, UMass Amherst.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Outline Introduction Problem Statement Experimental Methodology Classification Results Conclusion 9

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Diversely Emulated P2P Traces in Controlled Settings 10 Houses near UMass Wired sniffer g or 1Gbps Ethernet. Target device Single full-rate TCP flow. Wi-Fi AP Cable modem Less than 1m (the worst case) … UMass server Internet Remotely collecting pairs of wired and wireless datasetsRemotely collecting pairs of wired and wireless datasets Linux vs. Windows XP Cable network effect (different times, and houses) Host-side vs. Cable network Host-side vs. Cable network Purdue server Multiple TCP flows. We take measurement here to help us explain/understand classification. but do NOT use them in classification.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Outline Introduction Problem Statement Experimental Methodology Classification Results Conclusion 11

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Classification Procedure Classification features. 25th, 50th, 75th percentiles, entropy of packet inter- arrival times distribution for datasets. We train and cross-validate decision tree, logistic regression, SVM, and EM classifiers. Classification performance metrics. TPR (True Positive Rate). FPR (False Positive Rate). FPR0.10 and 0.90TPR are acceptable classification results. 12

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Single-flow Classification Results 13 LinuxWindows XP 25 th percentile InconsistentNot acceptable EntropyNot acceptableInconsistent Accurate classification is difficult in single full-rate flow cases.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Multiple Flows Classification Results 14 Multiple flows cases can show better classification results than single full-rate flow cases. LinuxWindows XP 25 th percentile AcceptableNot acceptable EntropyAcceptable

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Classification: insight into how it works 15 Key insight: Classify at receiver using packet inter-arrival times at sender that were not significantly changed a by cable network access protocol or a network at sender. Target device Wi-Fi AP Cable modem UMass server Packet inter-arrival times before a cable network … Packet inter-arrival times after a cable network … Cable network access protocol or Ethernet access protocol

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Discussion Classification features showing acceptable results are different for Linux and Windows XP. Windowss small 8 KB TCP send buffer. This is also found in other Windows versions. Single full-rate flow vs. multiple-flows. A flow generated with multiple competing flows from a target would be less-affected by a cable network. 16 See Tech. Rep. UM-CS , Dept. of CS, UMass Amherst.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Conclusion We justified our traces gathering methods legality based on US law. We proposed a classifier for determining whether a target used wired or wireless. Through extensive experimentation, we determined scenarios where classifier works reliably. Traces: traces.cs.umass.edu.traces.cs.umass.edu 17

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Other hidden or unknown residential factors. Mac OS n, MIMO. Modified TCP implementation. Multiple-flow across multiple sites. Long-term traces. 18 Open Questions

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science End Questions or comments welcome!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.