Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications
نویسندگان
چکیده
We demonstrate that the browser implementation used at a host can be passively identified with significant precision and recall, using only coarse summaries of web traffic to and from that host. Our techniques utilize connection records containing only the source and destination addresses and ports, packet and byte counts, and the start and end times of each connection. We additionally provide two applications of browser identification. First, we show how to extend a network intrusion detection system to detect a broader range of malware. Second, we demonstrate the consequences of web browser identification to the deanonymization of web sites in flow records that have been anonymized.
منابع مشابه
Website Fingerprinting using Traffic Analysis Attacks
Website fingerprinting is the act of recognizing web traffic through surveillance despite the use of encryption or anonymizing software. The overall idea is to leverage the fact that many web sites have specific request patterns, response byte counts, and other similar coarse features that are known beforehand. This information can be used to recognize and classify different website traffic des...
متن کاملTraffic Analysis of Web Browsers
Tor network is currently the most commonly used anonymity system with more than 300,000 users and almost 3000 relays. Attacks against Tor are typically confirmation attacks where the adversary injects easily discernible traffic pattern and observes which clients and/or relays exhibit such patterns. The main limitation of these attacks is that they require a “powerful” adversary. Website fingerp...
متن کاملBrowser Fingerprinting : Analysis , Detection , and Prevention at Runtime
Most Web users are unaware of being identified or followed by web agents which leverage techniques such as browser fingerprinting (or fingerprinting). Data obtained through such fingerprinting techniques can be utilized for various purposes ranging from understanding the types and properties of the user’s browser to learning the user Web experience (e.g., through the browsing history). For ente...
متن کاملFingerprinting Defenses at the Application Layer
Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of...
متن کاملWebsite Fingerprinting Defenses at the Application Layer
Website Fingerprinting (WF) allows a passive network adversary to learn the websites that a client visits by analyzing traffic patterns that are unique to each website. It has been recently shown that these attacks are particularly effective against .onion sites, anonymous web servers hosted within the Tor network. Given the sensitive nature of the content of these services, the implications of...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009