Website Detection Using Remote Traffic Analysis

Gong, Xun; Borisov, Nikita; Kiyavash, Negar; Schear, Nabíl

doi:10.1007/978-3-642-31680-7_4

Cited by 56 publications

(41 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several related works do not focus on website fingerprinting in particular, but rather on the detection of other distinct characteristics of network traffic, e.g., the language of a Voice-over-IP (VoIP) call [30], or spoken phrases in encrypted VoIP calls [29]. Gong et al [10] even showed the feasibility of a remote traffic analysis (where the adversary does not directly observe the traffic pattern) by exploiting queuing side channel in routers.…”

Section: A Traffic Analysis On Encrypted Connectionsmentioning

confidence: 99%

“…We then randomly selected a link with a probability of 0.5 from the first, 0.25 from the second, 0.125 from the third, and 0.0625 from the fourth and fifth result pages and included the selected target web page in our dataset. 4) Googling at random: We selected 20,000 English terms at random from the Beolingus German-English dictionary 10 and entered them into Google Search. From the results, we selected web pages with the same method as described for Google trends.…”

Section: B Rnd-www: An Unbiased Random Sample Of the World Wide Webmentioning

confidence: 99%

See 1 more Smart Citation

Website Fingerprinting at Internet Scale

Panchenko

Lanze

Zinnen

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

418

389

View full text Add to dashboard Cite

Abstract-The website fingerprinting attack aims to identify the content (i.e., a webpage accessed by a client) of encrypted and anonymized connections by observing patterns of data flows such as packet size and direction. This attack can be performed by a local passive eavesdropper -one of the weakest adversaries in the attacker model of anonymization networks such as Tor.In this paper, we present a novel website fingerprinting attack. Based on a simple and comprehensible idea, our approach outperforms all state-of-the-art methods in terms of classification accuracy while being computationally dramatically more efficient. In order to evaluate the severity of the website fingerprinting attack in reality, we collected the most representative dataset that has ever been built, where we avoid simplified assumptions made in the related work regarding selection and type of webpages and the size of the universe. Using this data, we explore the practical limits of website fingerprinting at Internet scale. Although our novel approach is by orders of magnitude computationally more efficient and superior in terms of detection accuracy, for the first time we show that no existing method -including our own -scales when applied in realistic settings. With our analysis, we explore neglected aspects of the attack and investigate the realistic probability of success for different strategies a real-world adversary may follow.

show abstract

Section: A Traffic Analysis On Encrypted Connectionsmentioning

confidence: 99%

Section: B Rnd-www: An Unbiased Random Sample Of the World Wide Webmentioning

confidence: 99%

Website Fingerprinting at Internet Scale

Panchenko

Lanze

Zinnen

et al. 2016

Proceedings 2016 Network and Distributed System Security Symposium

418

389

View full text Add to dashboard Cite

show abstract

“…However, in this section we used our approach with Https traffic and the results are showed in table (6). The results in table 6 shows a good result for Https traffic using 3-gram, unless for google.com this is due to the natural design of google web page that has a less content.…”

Section: Second Level (Https) Websites Fingerprintmentioning

confidence: 96%

“…Gong in [6] proposed work is trying to prove that the remote traffic analysis could be used by eavesdroppers. The adversary can identify the websites that a remote user is accessing by knowing his/her IP address.…”

Section: Related Workmentioning

confidence: 99%

Hierarchy Website Fingerprint Using N-gram Byte Distribution

Aldarwbi

Shahra

2017

TNC

View full text Add to dashboard Cite

According to www.internetlivestats.com, there are over one billion websites on the world wide web (WWW) today while in 1991, there were only one single website. Websites classification based on traffic analysis has become a difficult problem due to the large number of websites within the internet. All the proposed approaches in the literature could not classify more than 100 websites which is a very trivial number compared to the total number of websites over the internet. In this paper, a two-level websites' classification technique is proposed. At the first level, the traffic is classified to a general category such as sports, news, social, healthy, education, etc. Then, for further information the packet could be classified within the same category to identify from which websites the packet came.

show abstract

“…Gong et al [26] present a kind of inference attack using RTT measurement to infer which website the victim is browsing. They recover victims' network traffic patterns based on the queuing side channel happened at the Internet router.…”

Section: Related Workmentioning

confidence: 99%

Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense

Zhou

Chen

Zhang

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

As the most competitive solution for next-generation network, SDN and its dominant implementation OpenFlow are attracting more and more interests. But besides convenience and flexibility, SDN/OpenFlow also introduces new kinds of limitations and security issues. Of these limitations, the most obvious and maybe the most neglected one is the flow table capacity of SDN/OpenFlow switches. In this paper, we proposed a novel inference attack targeting at SDN/OpenFlow network, which is motivated by the limited flow table capacities of SDN/OpenFlow switches and the following measurable network performance decrease resulting from frequent interactions between data and control plane when the flow table is full. To the best of our knowledge, this is the first proposed inference attack model of this kind for SDN/OpenFlow. We implemented an inference attack framework according to our model and examined its efficiency and accuracy. The evaluation results demonstrate that our framework can infer the network parameters (flow table capacity and usage) with an accuracy of 80% or higher. We also proposed two possible defense strategies for the discovered vulnerability, including routing aggregation algorithm and multilevel flow table architecture. These findings give us a deeper understanding of SDN/OpenFlow limitations and serve as guidelines to future improvements of SDN/OpenFlow.

show abstract

Website Detection Using Remote Traffic Analysis

Cited by 56 publications

References 26 publications

Website Fingerprinting at Internet Scale

Website Fingerprinting at Internet Scale

Hierarchy Website Fingerprint Using N-gram Byte Distribution

Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense

Contact Info

Product

Resources

About