Etd

 

Augmenting Network Flows with User Interface Context to Inform Access Control Decisions Public

Downloadable Content

Download PDF

Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic.<br /> Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. <br /> However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage.<br /> Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations.<br /> In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity.<br /> We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place.<br /> We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications.<br /> We find that Harbinger can reduce false positives-positive detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.<br />

Last modified
  • 01/05/2021
Creator
Contributors
Degree
Unit
Publisher
Identifier
  • etd-3101
Keyword
Advisor
Defense date
Year
  • 2019
Date created
  • 2019-12-12
Resource type
Rights statement
License

Relationships

In Collection:

Items

Permanent link to this page: https://digital.wpi.edu/show/fx719p46g