{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,3]],"date-time":"2026-05-03T10:59:50Z","timestamp":1777805990716,"version":"3.51.4"},"reference-count":46,"publisher":"SAGE Publications","issue":"2","license":[{"start":{"date-parts":[[2016,3,9]],"date-time":"2016-03-09T00:00:00Z","timestamp":1457481600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2016,4,19]]},"abstract":"<jats:p>In telecommunication networks, the user attribution problem refers to the challenge faced in recognizing communication traffic as belonging to a given user when information needed to identify the user is missing. This problem becomes more difficult to tackle as users move across many mobile networks (complex networks) owned and operated by different providers. The traditional approach of using the source IP address as a tracking identifier does not work when used to identify mobile users. Recent efforts to address this problem by exclusively relying on web browsing behavior to identify users, brought to light the challenges of solutions which try to link up multiple user sessions together when these approaches rely exclusively on the frequency of web sites visited by the user. This study has tackled this problem by utilizing behavior based identification while accounting for time and the sequential order of web visits by a user. Hierarchical Temporal Memories (HTM) were used to classify historical navigational patterns for different users. This approach enables linking multiple user sessions together forgoing the need for a tracking identifier such as the source IP address. Results are promising. HTMs outperform traditional Markov chains based approaches and can provide high levels of identification accuracy.<\/jats:p>","DOI":"10.3233\/jcs-160546","type":"journal-article","created":{"date-parts":[[2016,4,19]],"date-time":"2016-04-19T12:25:33Z","timestamp":1461068733000},"page":"235-288","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":2,"title":["The user attribution problem and the challenge of persistent surveillance of user activity in complex networks"],"prefix":"10.1177","volume":"24","author":[{"given":"Claudio","family":"Taglienti","sequence":"first","affiliation":[{"name":"Nova Southeastern University, Fort Lauderdale, FL 33314, USA. E-mails:\u00a0,\u00a0"}]},{"given":"James","family":"Cannady","sequence":"additional","affiliation":[{"name":"Nova Southeastern University, Fort Lauderdale, FL 33314, USA. E-mails:\u00a0,\u00a0"}]}],"member":"179","published-online":{"date-parts":[[2016,3,9]]},"reference":[{"key":"ref001","first-page":"5","volume":"1","author":"Adamic A.L.","year":"2000","journal-title":"Quarterly Journal of Electronic Commerce"},{"key":"ref002","doi-asserted-by":"publisher","DOI":"10.1126\/science.287.5461.2115a"},{"key":"ref003","doi-asserted-by":"crossref","unstructured":"P.\u00a0Baldi, P.\u00a0Frasconi and P.\u00a0Smyth, Modelling the Internet and the Web: Probabilistic Methods and Algorithms, John Wiley & Sons, Chichester, 2003.","DOI":"10.1002\/047086799X"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"C.\u00a0Banse, D.\u00a0Herrmann and H.\u00a0Federrath, Tracking users on the Internet with behavioral patterns: Evaluation of its practical feasibility, in: Information Security and Privacy Research, IFIP Advances in Information and Communication Technology, Vol.\u00a0376, Springer, Berlin, 2012, pp.\u00a0235\u2013248.","DOI":"10.1007\/978-3-642-30436-1_20"},{"key":"ref005","doi-asserted-by":"publisher","DOI":"10.1126\/science.286.5439.509"},{"key":"ref006","doi-asserted-by":"publisher","DOI":"10.1002\/bltj.20519"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2003.1215651"},{"key":"ref008","unstructured":"B.\u00a0Bobier, Handwritten digit recognition using hierarchical temporal memory, Unpublished manuscript, Ontario, Canada, 2007, available at: http:\/\/arts.uwaterloo.ca\/~cnrglab\/?q=system\/files\/SoftComputingFinalProject.pdf."},{"key":"ref009","unstructured":"H.\u00a0Burch and B.\u00a0Cheswick, Tracing anonymous packets to their approximate source, in: Lisa\u201900: Proceedings of the 14th Conference on Systems Administration, USENIX Association, Berkeley, CA, 2000, pp.\u00a0319\u2013328."},{"key":"ref010","unstructured":"M.\u00a0Casado and M.J.\u00a0Freedman, Peering through the shroud: The effect of edge opacity on IP-based client identification, in: Proceedings of the 4th USENIX\/ACM Symposium on Networked Systems Design and Implementation (NSDI), USENIX Association, Berkeley, CA, 2007, pp.\u00a0173\u2013186."},{"key":"ref011","doi-asserted-by":"crossref","unstructured":"H.Y.\u00a0Chang, R.\u00a0Narayanan, S.F.\u00a0Wu, B.M.\u00a0Vetter, X.\u00a0Wang, M.\u00a0Brown and F.\u00a0Gong, Deciduous: Decentralized source identification for network-based intrusions, in: Proceedings of the Sixth IFIP\/IEEE International Symposium on Integrated Network Management, IEEE Computer Society, 1999, pp.\u00a0701\u2013714.","DOI":"10.1109\/INM.1999.770717"},{"key":"ref012","unstructured":"D.D.\u00a0Clark and S.\u00a0Landau, Untangling attribution, in: Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, The National Academies Press, Washington, DC, 2010, pp.\u00a025\u201340."},{"key":"ref013","doi-asserted-by":"publisher","DOI":"10.1007\/BF03325089"},{"key":"ref014","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/30.6.541"},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1145\/990301.990304"},{"key":"ref016","doi-asserted-by":"crossref","unstructured":"R.\u00a0Dingledine, N.\u00a0Mathewson and P.\u00a0Syverson, Tor: The second-generation onion router, in: Proceedings of the 13th USENIX Security Symposium, 2004.","DOI":"10.21236\/ADA465464"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"J.V.\u00a0Doremalen and L.\u00a0Boves, in: Spoken Digit Recognition Using a Hierarchical Temporal Memory. 9th Annual Conference of the International Speech Communication Association, ISCA, Brisbane, Australia, 2008, pp.\u00a02566\u20132569.","DOI":"10.21437\/Interspeech.2008-636"},{"key":"ref018","unstructured":"W.\u00a0Duch, R.J.\u00a0Oentaryo and M.\u00a0Pasquier, Cognitive architectures: Where do we go from here? in: Proceedings of the First Conference on Artificial General Intelligence, IOS Press, Amsterdam, 2008, pp.\u00a0122\u2013136."},{"key":"ref019","unstructured":"D.\u00a0George and B.\u00a0Widrow, How the brain might work: A hierarchical and temporal model for learning and recognition, Dissertation (Dissertation Abstract International, 69(04), 177; UMI No. 3313576), Stanford University, 2008."},{"key":"ref020","doi-asserted-by":"crossref","unstructured":"J.\u00a0Gray, P.\u00a0Sundaresan, S.\u00a0Engler, K.\u00a0Baclawski and P.J.\u00a0Weinberger, Quickly generating billion-record synthetic databases, in: Proceedings of the 1994 ACM SIGMOD International Conference on Management of Data, Vol.\u00a023, ACM, New York, NY, 1994, pp.\u00a0243\u2013252.","DOI":"10.1145\/191839.191886"},{"key":"ref021","unstructured":"M.\u00a0Gr\u010dar, User profiling: Web usage mining, in: Proceedings of the 7th International Multiconference Information Society, Jo\u017eef Stefan Institute, Ljubljana, Slovenia, 2004, pp.\u00a075\u201378."},{"key":"ref022","unstructured":"K.\u00a0Greff, Extending hierarchical temporal memory for sequence classification, Master thesis, Technische Universit\u00e4t Kaiserslautern AG Wissensbasierte Systeme, Saarbr\u00fccken, Germany, 2010, available at: http:\/\/www.dfki.de\/lt\/publication_show.php?id=5462."},{"key":"ref023","doi-asserted-by":"publisher","DOI":"10.1098\/rstb.2008.0322"},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.03.012"},{"key":"ref025","doi-asserted-by":"crossref","unstructured":"D.\u00a0Herrmann, C.\u00a0Gerber, C.\u00a0Banse and H.\u00a0Federrath, Analyzing characteristic host access patterns for re-identification of Web user sessions, in: 15th Nordic Conference on Secure IT Systems (NordSec), Springer, Berlin, 2010, pp.\u00a0136\u2013154.","DOI":"10.1007\/978-3-642-27937-9_10"},{"key":"ref026","doi-asserted-by":"publisher","DOI":"10.1145\/980972.981001"},{"key":"ref027","doi-asserted-by":"publisher","DOI":"10.1198\/106186006X139162"},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"M.\u00a0Honda, Y.\u00a0Nishida, C.\u00a0Raiciu, A.\u00a0Greenhalgh, M.\u00a0Handley and H.\u00a0Tokuda, Is it still possible to extend TCP? in: ACM\/USENIX Internet Measurement Conference (IMC), ACM, New York, NY 2011, pp.\u00a0181\u2013194.","DOI":"10.1145\/2068816.2068834"},{"key":"ref029","doi-asserted-by":"crossref","unstructured":"V.\u00a0Jacobson, R.\u00a0Braden and D.\u00a0Borman, TCP extensions for high performance, Network Working Group Report no. RFC 1323, 1992, available at: The Internet Engineering Task Force (IETF) website.","DOI":"10.17487\/rfc1323"},{"key":"ref030","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2005.26"},{"key":"ref031","doi-asserted-by":"publisher","DOI":"10.4018\/jdwm.2010100102"},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"M.\u00a0Kumpo\u0161t and V.\u00a0Maty\u00e1\u0161, User profiling and re-identification: Case of university-wide network analysis, in: Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business, Springer-Verlag, Berlin, 2009, pp.\u00a01\u201310.","DOI":"10.1007\/978-3-642-03748-1_1"},{"key":"ref033","unstructured":"B.\u00a0Liu, Web Data Mining Exploring Hyperlinks, Contents and Usage Data, Springer-Verlag, Berlin, 2008."},{"key":"ref034","doi-asserted-by":"crossref","unstructured":"W.J.C.\u00a0Melis, S.\u00a0Chizuwa and M.\u00a0Kameyama, Evaluation of hierarchical temporal memory for a real world application, in: Fourth International Conference on Innovative Computing, Information and Control, IEEE Computer Society, 2009, pp.\u00a0144\u2013147.","DOI":"10.1109\/ICICIC.2009.195"},{"key":"ref035","doi-asserted-by":"publisher","DOI":"10.1109\/26.61469"},{"key":"ref036","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-08-051489-5.50010-2"},{"key":"ref037","unstructured":"J.\u00a0Pitkow, In search for reliable usage data on the WWW, in: Proceedings of the Sixth International WWW Conference, 1997, pp.\u00a0451\u2013463."},{"key":"ref038","unstructured":"J.\u00a0Pitkow and P.\u00a0Pirolli, Mining longest repeating subsequence to predict World Wide Web surfing, in: Proceedings of USITS\u201999: The 2nd USENIX Symposium on Internet Technologies & Systems, Vol.\u00a02, USENIX Association, Berkeley, CA, 1999."},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1002\/asi.4630270505"},{"key":"ref040","doi-asserted-by":"crossref","unstructured":"E.\u00a0Ravasz and A.L.\u00a0Barabasi, Hierarchical organization in complex networks, Physical Review E 67(2) (2003), 026112.","DOI":"10.1103\/PhysRevE.67.026112"},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"M.\u00a0Rosenstein, What is actually taking place in Web sites: E-commerce lessons from Web server logs, in: ACM Conference on Electronic Commerce, ACM, New York, NY, 2000, pp.\u00a038\u201343.","DOI":"10.1145\/352871.352876"},{"key":"ref042","first-page":"79","volume":"1","author":"Santhanam L.","year":"2006","journal-title":"Journal of Information Assurance and Security"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"S.\u00a0Savage, D.\u00a0Wetherall, A.\u00a0Karlin and T.\u00a0Anderson, Practical network support for IP traceback, in: Proceedings of the ACM SIGCOM 2000, ACM, New York, NY, 2001, pp.\u00a0295\u2013306.","DOI":"10.1145\/347057.347560"},{"key":"ref044","doi-asserted-by":"publisher","DOI":"10.1038\/nature03248"},{"key":"ref045","unstructured":"R.\u00a0Stone, CenterTrack: An IP overlay network for tracking DoS floods, in: Proceedings of the 9th USENIX Security Symposium, Vol.\u00a09, USENIX Association, Berkeley, CA, 2000."},{"key":"ref046","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.03.001"}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-160546","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-160546","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-160546","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T20:44:57Z","timestamp":1777495497000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-160546"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,9]]},"references-count":46,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,4,19]]}},"alternative-id":["10.3233\/JCS-160546"],"URL":"https:\/\/doi.org\/10.3233\/jcs-160546","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"value":"0926-227X","type":"print"},{"value":"1875-8924","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,3,9]]}}}