Network security thread is not only from the proactive attack, but also from the side channel privacy information leakage caused by channel and protocol. With the encryption technology widely used and developed on Web, the attacker has been difficult to obtain information from the message in encrypted channel, but they can use traffic analysis to obtain valuable information. Website identify attacks based on fingerprint technology has been widespread concern of researcher, and the attack is focus on inferring the user’s current behavior with cipher text stream mode.This paper mainly studied the website fingerprinting attack and protection technology based on HTTPS protocol, focused on encrypted data stream with multi-sites classification and recognition problems, and launched an in-depth exploration around the fingerprint selection, fingerprint recognition and other issues. Based on this research, runnable attack and protection prototype system has been deployed. The main content and contribution of this article are:(1) In fingerprint extraction, analysis the impact on traffic patterns under HTTP protocol, information leakage data structures in SSL/TLS protocol and the principle of proxy realization. And the fingerprint extraction methods based on the request/response pairs has been proposed. The experimental results show that this approach can be effective to characterize the traffic patterns in the mixed data stream.(2) In fingerprint identification, propose Mixed-Flow Fingerprinting Algorithm based on Difference Distribution Clusteringto solve the separation problem of mixed-flow data, which can effectively adapt to the changes in network status, and extract as much as possible a sense of fingerprint object of interest, while reducing the rate of false positives. Website combined mixed stream recognition algorithm is proposed using further attribute values and weights, the algorithm can solve single-site, multi-site identification in mixed stream, and control the final speculated results by the proportion of convergence.(3) In the protection of fingerprinting attack, the paper combined with the network protocol stack features and integrated defense thinking, proposed a fully client-basedcross-layer protection method which can be easily deployed on the client. |