2009
DOI: 10.1007/978-3-642-02918-9_10
|View full text |Cite
|
Sign up to set email alerts
|

Browser Fingerprinting from Coarse Traffic Summaries: Techniques and Implications

Abstract: Abstract. We demonstrate that the browser implementation used at a host can be passively identified with significant precision and recall, using only coarse summaries of web traffic to and from that host. Our techniques utilize connection records containing only the source and destination addresses and ports, packet and byte counts, and the start and end times of each connection. We additionally provide two applications of browser identification. First, we show how to extend a network intrusion detection syste… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
19
0

Year Published

2010
2010
2021
2021

Publication Types

Select...
3
3
2

Relationship

0
8

Authors

Journals

citations
Cited by 29 publications
(19 citation statements)
references
References 27 publications
0
19
0
Order By: Relevance
“…Even within a single network, the network's most basic characteristics-such as bandwidth, duration of connections, and application mixcan exhibit immense variability, rendering them unpredictable over short time intervals (seconds to hours). The 3 We note that in fact the literature holds some fairly amazing demonstrations of how much more information a dataset can provide than what we might intuitively expect: Wright et al [27] infer the language spoken on encrypted VOIP sessions; Yen et al [28] identify the particular web browser a client uses from flow-level data; Narayanan et al [29] identify users in the anonymized Netflix datasets via correlation with their public reviews in a separate database; and Kumar et al [30] determine from lossy and remote packet traces the number of disks attached to systems infected by the "Witty" worm, as well as their uptime to millisecond precision.…”
Section: Diversity Of Network Trafficmentioning
confidence: 99%
“…Even within a single network, the network's most basic characteristics-such as bandwidth, duration of connections, and application mixcan exhibit immense variability, rendering them unpredictable over short time intervals (seconds to hours). The 3 We note that in fact the literature holds some fairly amazing demonstrations of how much more information a dataset can provide than what we might intuitively expect: Wright et al [27] infer the language spoken on encrypted VOIP sessions; Yen et al [28] identify the particular web browser a client uses from flow-level data; Narayanan et al [29] identify users in the anonymized Netflix datasets via correlation with their public reviews in a separate database; and Kumar et al [30] determine from lossy and remote packet traces the number of disks attached to systems infected by the "Witty" worm, as well as their uptime to millisecond precision.…”
Section: Diversity Of Network Trafficmentioning
confidence: 99%
“…The first category fingerprints a browser by collecting application-layer information, including HTTP request header information and system configuration information from the browser [23]. The second category performs browser fingerprinting by examining coarse traffic generated by the browsers [24]. However, both of them have their limitations in detecting clickbots.…”
Section: Related Workmentioning
confidence: 99%
“…), cookie information [22], or search for platform specific components like Flash blockers or Silverlight [12]. Another approach is to search traffic flows for known, specific identifiers like connections to Firefox update servers [30]. Conversely, techniques like the well-known CAPTCHA puzzles attempt to prove the existence of a human user.…”
Section: Related Workmentioning
confidence: 99%