Abstract
Residential IP Proxies (RESIPs) enable proxying out requests from a vast network of residential devices without inserting any information revealing it. While RESIPs can be used for legitimate purposes, previous studies also associate them with malicious activities. In our last work, we proposed a server-side detection method for RESIP connections based on the difference in the Round Trip Time at the TCP and TLS layers. In this new work, thanks to real-world connections, we investigate if and how specific factors in the client environment influence the technique. We show that genuine users utilizing web browsers or performing hotspots do not result in false positives for our technique. Moreover, our early results suggest that false positives caused by Mobile TCP Terminating Proxies used by mobile Internet Service Providers have a Round Trip Time difference higher than the detection threshold but much smaller than the average RESIP one. This suggests that we can reduce these false positives by highering the detection threshold for mobile connections.
Original language | English (US) |
---|---|
Title of host publication | IMC 2023 - Proceedings of the 2023 ACM on Internet Measurement Conference |
Publisher | Association for Computing Machinery |
Pages | 712-713 |
Number of pages | 2 |
ISBN (Electronic) | 9798400703829 |
DOIs | |
State | Published - Oct 24 2023 |
Event | 23rd Edition of the ACM Internet Measurement Conference, IMC 2023 - Montreal, Canada Duration: Oct 24 2023 → Oct 26 2023 |
Publication series
Name | Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC |
---|
Conference
Conference | 23rd Edition of the ACM Internet Measurement Conference, IMC 2023 |
---|---|
Country/Territory | Canada |
City | Montreal |
Period | 10/24/23 → 10/26/23 |
Bibliographical note
Publisher Copyright:© 2023 Owner/Author.
Keywords
- botnet
- residential ip proxy
- resips
- round trip time measurement
- security
- tls
ASJC Scopus subject areas
- Software
- Computer Networks and Communications