An Extensive Study of Residential Proxies in China
We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also be...
Gespeichert in:
| Veröffentlicht in: | arXiv.org 2022-09 |
|---|---|
| Hauptverfasser: | , , , , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Yang, Mingshuo Yu, Yunnan Xianghang Mi Tang, Shujun Guo, Shanqing Li, Yilin Zheng, Xiaofeng Duan, Haixin |
| description | We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also been identified to capture RESIPs without interacting with and relaying traffic through RESIP services, which can significantly lower the cost and thus allow a continuous monitoring of RESIPs. Our RESIP service classifier has achieved a good performance with a recall of 99.7% and a precision of 97.6% in 10-fold cross validation. Applying the classifier has identified 399 RESIP services, a much larger set compared to 38 RESIP services collected in all previous works. Our effort of RESIP capturing lead to a collection of 9,077,278 RESIP IPs (51.36% are located in China), 96.70% of which are not covered in publicly available RESIP datasets. An extensive measurement on RESIPs and their services has uncovered a set of interesting findings as well as several security implications. Especially, 80.05% RESIP IPs located in China have sourced at least one malicious traffic flows during 2021, resulting in 52-million malicious traffic flows in total. And RESIPs have also been observed in corporation networks of 559 sensitive organizations including government agencies, education institutions and enterprises. Also, 3,232,698 China RESIP IPs have opened at least one TCP/UDP ports for accepting relaying requests, which incurs non-negligible security risks to the local network of RESIPs. Besides, 91% China RESIP IPs are of a lifetime less than 10 days while most China RESIP services show up a crest-trough pattern in terms of the daily active RESIPs across time. |
| doi_str_mv | 10.48550/arxiv.2209.06056 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2209_06056</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2714193514</sourcerecordid><originalsourceid>FETCH-LOGICAL-a524-e6c8f4c1ae3ded8b4fb5d077bc4b1ac4d9f8014cf9921a6728ab97da8af6bda73</originalsourceid><addsrcrecordid>eNotj11LwzAYRoMgOOZ-gFcGvG7NZ5NcjjI_YKDo7subJsGMmc6mHd2_d25ePTeHh3MQuqOkFFpK8gj9FA8lY8SUpCKyukIzxjkttGDsBi1y3hJCWKWYlHyG2DLh1TT4lOPB489hdEfcBfzhc3Q-DRF2-L3vpugzjgnXXzHBLboOsMt-8b9ztHlabeqXYv32_Fov1wVIJgpftTqIloLnzjttRbDSEaVsKyyFVjgTNKGiDcYwCicdDdYoBxpCZR0oPkf3l9tzULPv4zf0x-YvrDmHnYiHC7Hvu5_R56HZdmOfTk4NU1RQwyUV_BfD1lBp</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2714193514</pqid></control><display><type>article</type><title>An Extensive Study of Residential Proxies in China</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Yang, Mingshuo ; Yu, Yunnan ; Xianghang Mi ; Tang, Shujun ; Guo, Shanqing ; Li, Yilin ; Zheng, Xiaofeng ; Duan, Haixin</creator><creatorcontrib>Yang, Mingshuo ; Yu, Yunnan ; Xianghang Mi ; Tang, Shujun ; Guo, Shanqing ; Li, Yilin ; Zheng, Xiaofeng ; Duan, Haixin</creatorcontrib><description>We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also been identified to capture RESIPs without interacting with and relaying traffic through RESIP services, which can significantly lower the cost and thus allow a continuous monitoring of RESIPs. Our RESIP service classifier has achieved a good performance with a recall of 99.7% and a precision of 97.6% in 10-fold cross validation. Applying the classifier has identified 399 RESIP services, a much larger set compared to 38 RESIP services collected in all previous works. Our effort of RESIP capturing lead to a collection of 9,077,278 RESIP IPs (51.36% are located in China), 96.70% of which are not covered in publicly available RESIP datasets. An extensive measurement on RESIPs and their services has uncovered a set of interesting findings as well as several security implications. Especially, 80.05% RESIP IPs located in China have sourced at least one malicious traffic flows during 2021, resulting in 52-million malicious traffic flows in total. And RESIPs have also been observed in corporation networks of 559 sensitive organizations including government agencies, education institutions and enterprises. Also, 3,232,698 China RESIP IPs have opened at least one TCP/UDP ports for accepting relaying requests, which incurs non-negligible security risks to the local network of RESIPs. Besides, 91% China RESIP IPs are of a lifetime less than 10 days while most China RESIP services show up a crest-trough pattern in terms of the daily active RESIPs across time.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2209.06056</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Classifiers ; Computer Science - Cryptography and Security ; Relaying ; Security ; Traffic flow</subject><ispartof>arXiv.org, 2022-09</ispartof><rights>2022. This work is published under http://creativecommons.org/licenses/by-nc-nd/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://creativecommons.org/licenses/by-nc-nd/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.1145/3548606.3559377$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.48550/arXiv.2209.06056$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Yang, Mingshuo</creatorcontrib><creatorcontrib>Yu, Yunnan</creatorcontrib><creatorcontrib>Xianghang Mi</creatorcontrib><creatorcontrib>Tang, Shujun</creatorcontrib><creatorcontrib>Guo, Shanqing</creatorcontrib><creatorcontrib>Li, Yilin</creatorcontrib><creatorcontrib>Zheng, Xiaofeng</creatorcontrib><creatorcontrib>Duan, Haixin</creatorcontrib><title>An Extensive Study of Residential Proxies in China</title><title>arXiv.org</title><description>We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also been identified to capture RESIPs without interacting with and relaying traffic through RESIP services, which can significantly lower the cost and thus allow a continuous monitoring of RESIPs. Our RESIP service classifier has achieved a good performance with a recall of 99.7% and a precision of 97.6% in 10-fold cross validation. Applying the classifier has identified 399 RESIP services, a much larger set compared to 38 RESIP services collected in all previous works. Our effort of RESIP capturing lead to a collection of 9,077,278 RESIP IPs (51.36% are located in China), 96.70% of which are not covered in publicly available RESIP datasets. An extensive measurement on RESIPs and their services has uncovered a set of interesting findings as well as several security implications. Especially, 80.05% RESIP IPs located in China have sourced at least one malicious traffic flows during 2021, resulting in 52-million malicious traffic flows in total. And RESIPs have also been observed in corporation networks of 559 sensitive organizations including government agencies, education institutions and enterprises. Also, 3,232,698 China RESIP IPs have opened at least one TCP/UDP ports for accepting relaying requests, which incurs non-negligible security risks to the local network of RESIPs. Besides, 91% China RESIP IPs are of a lifetime less than 10 days while most China RESIP services show up a crest-trough pattern in terms of the daily active RESIPs across time.</description><subject>Classifiers</subject><subject>Computer Science - Cryptography and Security</subject><subject>Relaying</subject><subject>Security</subject><subject>Traffic flow</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotj11LwzAYRoMgOOZ-gFcGvG7NZ5NcjjI_YKDo7subJsGMmc6mHd2_d25ePTeHh3MQuqOkFFpK8gj9FA8lY8SUpCKyukIzxjkttGDsBi1y3hJCWKWYlHyG2DLh1TT4lOPB489hdEfcBfzhc3Q-DRF2-L3vpugzjgnXXzHBLboOsMt-8b9ztHlabeqXYv32_Fov1wVIJgpftTqIloLnzjttRbDSEaVsKyyFVjgTNKGiDcYwCicdDdYoBxpCZR0oPkf3l9tzULPv4zf0x-YvrDmHnYiHC7Hvu5_R56HZdmOfTk4NU1RQwyUV_BfD1lBp</recordid><startdate>20220913</startdate><enddate>20220913</enddate><creator>Yang, Mingshuo</creator><creator>Yu, Yunnan</creator><creator>Xianghang Mi</creator><creator>Tang, Shujun</creator><creator>Guo, Shanqing</creator><creator>Li, Yilin</creator><creator>Zheng, Xiaofeng</creator><creator>Duan, Haixin</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20220913</creationdate><title>An Extensive Study of Residential Proxies in China</title><author>Yang, Mingshuo ; Yu, Yunnan ; Xianghang Mi ; Tang, Shujun ; Guo, Shanqing ; Li, Yilin ; Zheng, Xiaofeng ; Duan, Haixin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a524-e6c8f4c1ae3ded8b4fb5d077bc4b1ac4d9f8014cf9921a6728ab97da8af6bda73</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Classifiers</topic><topic>Computer Science - Cryptography and Security</topic><topic>Relaying</topic><topic>Security</topic><topic>Traffic flow</topic><toplevel>online_resources</toplevel><creatorcontrib>Yang, Mingshuo</creatorcontrib><creatorcontrib>Yu, Yunnan</creatorcontrib><creatorcontrib>Xianghang Mi</creatorcontrib><creatorcontrib>Tang, Shujun</creatorcontrib><creatorcontrib>Guo, Shanqing</creatorcontrib><creatorcontrib>Li, Yilin</creatorcontrib><creatorcontrib>Zheng, Xiaofeng</creatorcontrib><creatorcontrib>Duan, Haixin</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Yang, Mingshuo</au><au>Yu, Yunnan</au><au>Xianghang Mi</au><au>Tang, Shujun</au><au>Guo, Shanqing</au><au>Li, Yilin</au><au>Zheng, Xiaofeng</au><au>Duan, Haixin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>An Extensive Study of Residential Proxies in China</atitle><jtitle>arXiv.org</jtitle><date>2022-09-13</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>We carry out the first in-depth characterization of residential proxies (RESIPs) in China, for which little is studied in previous works. Our study is made possible through a semantic-based classifier to automatically capture RESIP services. In addition to the classifier, new techniques have also been identified to capture RESIPs without interacting with and relaying traffic through RESIP services, which can significantly lower the cost and thus allow a continuous monitoring of RESIPs. Our RESIP service classifier has achieved a good performance with a recall of 99.7% and a precision of 97.6% in 10-fold cross validation. Applying the classifier has identified 399 RESIP services, a much larger set compared to 38 RESIP services collected in all previous works. Our effort of RESIP capturing lead to a collection of 9,077,278 RESIP IPs (51.36% are located in China), 96.70% of which are not covered in publicly available RESIP datasets. An extensive measurement on RESIPs and their services has uncovered a set of interesting findings as well as several security implications. Especially, 80.05% RESIP IPs located in China have sourced at least one malicious traffic flows during 2021, resulting in 52-million malicious traffic flows in total. And RESIPs have also been observed in corporation networks of 559 sensitive organizations including government agencies, education institutions and enterprises. Also, 3,232,698 China RESIP IPs have opened at least one TCP/UDP ports for accepting relaying requests, which incurs non-negligible security risks to the local network of RESIPs. Besides, 91% China RESIP IPs are of a lifetime less than 10 days while most China RESIP services show up a crest-trough pattern in terms of the daily active RESIPs across time.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2209.06056</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2022-09 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_arxiv_primary_2209_06056 |
| source | arXiv.org; Free E- Journals |
| subjects | Classifiers Computer Science - Cryptography and Security Relaying Security Traffic flow |
| title | An Extensive Study of Residential Proxies in China |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T00%3A47%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=An%20Extensive%20Study%20of%20Residential%20Proxies%20in%20China&rft.jtitle=arXiv.org&rft.au=Yang,%20Mingshuo&rft.date=2022-09-13&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2209.06056&rft_dat=%3Cproquest_arxiv%3E2714193514%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2714193514&rft_id=info:pmid/&rfr_iscdi=true |