Research On Fingerprinting Based Web Surveillance

The continuous innovation of Web technologies has promoted the development of Internet,providing people with access to services without the limitation of time and place,which accordingly changes the way that people acquires,exchanges and displays information profoundly.However,due to the lack of network identity management mechanisms,as well as the wide use of anonymous tools such as SSH proxies,the challenges of network security have become increasingly severe,including network rumors,cyber fraud,cyber terrorism and so on.Traditional Web tracking technologies based on explicit identifiers,such as IP addresses,domain names,cookies,and user names,are not enough to meet the needs of network surveillance any more.Therefore,it is necessary to conduct indepth research of the fingerprinting technologies based on implicit identifiers for three participants in Web services,including the terminal devices,servers,and users.With the help of fingerprinting technologies,we can identify the terminal devices through browser fingerprints,determine the servers when users anonymously visit through website fingerprints,and track users through behavioral patterns.Based on these,effective Web surveillance will be achieved.Essentially,the fingerprinting technology based on implicit identifiers is a kind of side channel attack.It does not rely on explicit identifiers and always uses features that are not easily hidden or tampered with.Therefore,the fingerprinting technology has become the tide of current research.Although the existing work has initially demonstrated its effectiveness,it still has a large limitation in accuracy and practical feasibility when it is actually applied.To be specific,for the browser fingerprinting technology,existing work aims to construct a unique identifier for each browser essentially.But it can't effectively link fingerprints belong to the same browser when they change.For the website fingerprinting technology,the recognition accuracy needs to be further improved.In addition,the general attack model assumes that the adversary can filter out all background traffic,which is not practical in application.For the user tracking technology,there exists little related work and user behavior is awlays inaccurate characterized.Furthermore,the values of selected features are blur and prone to jitter.To address these issues above,this dissertation studies fingerprinting technologies based on implicit identifiers from four aspects.Firstly,to solve the problem of unstable browser fingerprints on PC,we accordingly propose two different matching algorithms based on weighted K-nearest neighbor and Bayesian network to implement browser fingerprinting,respectively.Secondly,to solve the problem of website identification of anonymous communication traffic,a novel website fingerprinting attack based on hyperlink relations is proposed,according to users' Web navigation behaviors.Hidden Markov Models are utilized to build traffic models for the target websites to improve the fingerprint recognition accuracy.Furthermore,we evaluate assumptions of the current attack model and outline a preliminary solution for the presence of background traffic.Thirdly,to solve the problem of user tracking,user behavior is firstly accurately profiled and then many features are extracted from traffic to construct an abstract model of user behavior and preferences,including destination domain,access frequency,categories of Web queries and so on.Bayes classifiers are chosen to classify the behavioral fingerprints.Finally,on the basis of theoretical results,a toolkits prototype system which can identify users' Web behavior is designed and implemented.The prototype system has been deployed for testing on Internet.After thorough studies on the fingerprinting technologies based on implicit identifiers,a set of effective techniques which can identify the terminal devices,servers,and users respectively,are proposed to meet the various requirements of Web surveillance.Compared with existing methods,the proposed browser fingerprinting,website fingerprinting and user tracking approaches are proved more accurate and practical,which can provide effective technologies for Web surveillance.