William Huba


The accurate tracking of web clients has historically been a difficult problem. Accurate tracking can be used to monitor the activity of attackers which would otherwise be anonymous. Since HTTP is a stateless protocol, there is no built-in method for tracking clients. Many methods have been developed for this purpose; however they primarily rely on the cooperation of the client and are limited to the current session and are not designed to track a client long-term or through different environments. This paper takes an in-depth look at the most popular methods of tracking web users and how well they preserve information when a client attempts to remove them. Each method is evaluated based on the amount of unique information they provide and how easy a client can defeat the method. The tracking methods are then combined using a profiling algorithm to correlate all of the available information into a single profile. The algorithm is designed with different weights for each method, allowing for environmental flexibility. Test results demonstrate that this approach accurately determines the correct profile for a client in situations where the individual methods alone could not.

Library of Congress Subject Headings

Cyber intelligence (Computer security); Computer networks--Safety measures; Client/server computing

Publication Date


Document Type



Yuan, Bo

Advisor/Committee Member

Pan, Yin

Advisor/Committee Member

Mishra, Sumita


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013. Physical copy available through RIT's The Wallace Library at: QA76.9.A25 H82 2012


RIT – Main Campus