@inproceedings{45fe87c4b98e45bba6830449ce2bdef7,
title = "IM session identification by outlier detection in cross-correlation functions",
abstract = "The identification of encrypted Instant Messaging (IM) channels between users is made difficult by the presence of variable and high levels of uncorrelated background traffic. In this paper, we propose a novel Cross-correlation Outlier Detector (CCOD) to identify communicating end-users in a large group of users. Our technique uses traffic flow traces between individual users and IM service provider's data center. We evaluate the CCOD on a data set of Yahoo! IM traffic traces with an average SNR of -6.11dB (data set includes ground truth). Results show that our technique provides 88% true positives (TP) rate, 3% false positives (FP) rate and 96% ROC area. Performance of the previous correlation-based schemes on the same data set was limited to 63% TP rate, 4% FP rate and 85% ROC area.",
author = "Saad Saleh and Ilyas, {M. U.} and K. Khurshid and Liu, {A. X.} and H. Radha",
year = "2015",
doi = "10.1109/CISS.2015.7086851",
language = "English",
series = "49th Annual Conference on Information Sciences and Systems (CISS)",
publisher = "IEEE",
booktitle = "2015 49th Annual Conference on Information Sciences and Systems (CISS)",
note = " 2015 49th Annual Conference on Information Sciences and Systems (CISS) ; Conference date: 18-03-2015 Through 20-03-2015",
}