Identifying User Actions From HTTP(S) Traffic

Georgios Rizothanasis, Niklas Carlsson, and Aniket Mahanti


This project consider the problem how to best identify user actions within network traffic. Below is a paper describing our evaluation methodology, classifiers for HTTP/HTTPS traffic, and an evaluation thereof. A link to the source code is also available. If you use our datafiles or software in your research, please include a reference to our IEEE LCN 2016 paper (pdf) in your work.

test
Paper:
Georgios Rizothanasis, Niklas Carlsson, and Aniket Mahanti, "Identifying User Actions From HTTP(S) Traffic", Proc. IEEE Conference on Local Computer Networks (IEEE LCN), Dubai, Nov. 2016. (pdf)

Abstract: When understanding modern web usage and providing optimized personalized service, it is important to identify the HTTP(S) requests directly caused by user actions like clicks and typing web addresses. With a majority of HTTP(S) requests being due to content that has not been explicitly requested by a user, the problem of identifying user actions at proxies or middleboxes becomes non-trivial. We present an automated evaluation framework for identifying user actions while also automatically providing a “ground truth” of the user actions. We utilize the framework to compare the performance of timing-based and HTTP-aware request classifiers, including timing-based classifiers operating on both per-request and perconnection basis to identify user actions. We emphasize the value of diverse information used by the classifiers when comparing identification accuracy both among classifiers and relative to the browser-based ground truth. Our classifiers can be useful to better understand users' web usage and connection prioritization.


Software

The full scripts will be shared with the final publication. In the meantime, some of the scripts can be found here.
Again, if you use our datafiles and/or software in your research, please include a reference to our IEEE LCN 2016 paper (pdf) in your work.