Font Size: a A A

Confusing Traffic Against Intra-domain Webpage Fingerprinting Attacks

Posted on:2024-04-26Degree:MasterType:Thesis
Country:ChinaCandidate:W L YangFull Text:PDF
GTID:2558307067973229Subject:Computer technology
Abstract/Summary:PDF Full Text Request
Website fingerprinting attack is one of the threats to leaking the privacy of users’ network access.Even if the access traffic is encrypted,the attacker can still use the time,direction,size and other characteristics of the network traffic to use machine learning or deep learning.Classifiers to identify the websites a user visits.Recent work has shown that website fingerprinting attacks can not only occur between domains(inter-domain WSF),but also within domains(intra-domain WPF),where intra-domain WPF obviously exposes more detailed content of users,through content distribution networks(Content Delivery Network(CDN)delivers large data such as images and videos to make intra-domain website fingerprinting feasible,which is usually reflected in the content management system(Content Management System,CMS)that is currently widely used in the market.WPF attackers are keen to identify specific web pages visited by target users.In addition to using the previous inter-domain WSF attack technology,they can also use the burst traffic generated by specific IP addresses in the CDN as a feature to identify intra-domain pages.This is called CDN burst.This paper simulates a CDN and conducts traffic analysis experiments on CDN bursts to verify that there is a risk of privacy leakage on web pages in the domain.For this reason,use two defense strategies to confuse traffic generation to resist website fingerprinting attacks:(1)LRSO-Pad changes the size of a specific object in a webpage in the domain by filling noise at fixed time intervals on the server side,so that the traffic pattern generated by each visit to the webpage is dynamic.(2)DeOS,according to the DOM structure,sends a fake object first when loading a specific object on the page,and disguises part of the traffic as the traffic pattern of other pages in the domain.In order to verify the feasibility and performance of the defense,we selected a number of classifiers and defense strategies that have been recognized so far for experimental testing.The results are in line with our expectations: LRSO-Pad has a fairly high defensive performance,but as the complexity of the page object changes,the overhead increases;DeOS,although not up to the level of random guessing,is relatively stable in various situations.
Keywords/Search Tags:website fingerprint, machine learning, CDN, traffic burst, traffic analysis
PDF Full Text Request
Related items