You searched for subject:(Website Fingerprinting).
Showing records 1 – 9 of
9 total matches.
No search limiters apply to these results.
1.
Wang, Tao.
Website Fingerprinting: Attacks and Defenses.
Degree: 2016, University of Waterloo
URL: http://hdl.handle.net/10012/10123 
► Website fingerprinting attacks allow a local, passive eavesdropper to determine a client's web activity by leveraging features from her packet sequence. These attacks break the…
(more)
▼ Website fingerprinting attacks allow a local, passive eavesdropper to determine a client's web activity by leveraging features from her packet sequence. These attacks break the privacy expected by users of privacy technologies, including low-latency anonymity networks such as proxies, VPNs, or Tor. As a discipline, website fingerprinting is an application of machine learning techniques to the diverse field of privacy.
To perform a website fingerprinting attack, the eavesdropping attacker passively records the time, direction, and size of the client's packets. Then, he uses a machine learning algorithm to classify the packet sequence so as to determine the web page it came from. In this work we construct and evaluate three new website fingerprinting attacks: Wa-OSAD, an attack using a modified edit distance as the kernel of a Support Vector Machine, achieving greater accuracy than attacks before it; Wa-FLev, an attack that quickly approximates an edit distance computation, allowing a low-resource attacker to deanonymize many clients at once; and Wa-kNN, the current state-of-the-art attack, which is effective and fast, with a very low false positive rate in the open-world scenario.
While our new attacks perform well in theoretical scenarios, there are significant differences between the situation in the wild and in the laboratory. Specifically, we tackle concerns regarding the freshness of the training set, splitting packet sequences so that each part corresponds to one web page access (for easy classification), and removing misleading noise from the packet sequence.
To defend ourselves against such attacks, we need defenses that are both efficient and provable. We rigorously define and motivate the notion of a provable defense in this work, and we present three new provable defenses: Tamaraw, which is a relatively efficient way to flood the channel with fixed-rate packet scheduling; Supersequence, which uses smallest common supersequences to save on bandwidth overhead; and Walkie-Talkie, which uses half-duplex communication to significantly reduce both bandwidth and time overhead, allowing a truly efficient yet provable defense.
Subjects/Keywords: privacy; privacy-enhancing technologies; website fingerprinting; anonymity networks
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Wang, T. (2016). Website Fingerprinting: Attacks and Defenses. (Thesis). University of Waterloo. Retrieved from http://hdl.handle.net/10012/10123
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Wang, Tao. “Website Fingerprinting: Attacks and Defenses.” 2016. Thesis, University of Waterloo. Accessed January 16, 2021.
http://hdl.handle.net/10012/10123.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Wang, Tao. “Website Fingerprinting: Attacks and Defenses.” 2016. Web. 16 Jan 2021.
Vancouver:
Wang T. Website Fingerprinting: Attacks and Defenses. [Internet] [Thesis]. University of Waterloo; 2016. [cited 2021 Jan 16].
Available from: http://hdl.handle.net/10012/10123.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Wang T. Website Fingerprinting: Attacks and Defenses. [Thesis]. University of Waterloo; 2016. Available from: http://hdl.handle.net/10012/10123
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Oklahoma State University
2.
Cui, Weiqi.
Website Fingerprinting Attacks.
Degree: Computer Science, 2019, Oklahoma State University
URL: http://hdl.handle.net/11244/321512
► One main concern about website fingerprinting is its practicality. The common assumption in previous work is that a victim is visiting one website at a…
(more)
▼ One main concern about
website fingerprinting is its practicality. The common assumption in previous work is that a victim is visiting one
website at a time and has access to the complete network trace of that
website. However, this is not realistic. In our work, we aim to reduce the distance between the lab experiments with the realistic conditions. We propose a new algorithm based on Hidden Markov Model to deal with situations when the victim visits one
website after another. After that, we employ deep learning algorithm to handle the situations when the captured traces are not perfect, such as partial traces, two-page traces or traces with background noise.
Advisors/Committee Members: Chan-Tin, Eric (advisor), Park, Nohpill (committee member), Crick, Christopher (committee member), Gong, Yanmin (committee member).
Subjects/Keywords: anonymity; cover traffic; deep learning; practicality; privacy; website fingerprinting
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Cui, W. (2019). Website Fingerprinting Attacks. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/321512
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Cui, Weiqi. “Website Fingerprinting Attacks.” 2019. Thesis, Oklahoma State University. Accessed January 16, 2021.
http://hdl.handle.net/11244/321512.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Cui, Weiqi. “Website Fingerprinting Attacks.” 2019. Web. 16 Jan 2021.
Vancouver:
Cui W. Website Fingerprinting Attacks. [Internet] [Thesis]. Oklahoma State University; 2019. [cited 2021 Jan 16].
Available from: http://hdl.handle.net/11244/321512.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Cui W. Website Fingerprinting Attacks. [Thesis]. Oklahoma State University; 2019. Available from: http://hdl.handle.net/11244/321512
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Oklahoma State University
3.
Chen, Tao.
Privacy Analysis of Online and Offline Systems.
Degree: Computer Science, 2019, Oklahoma State University
URL: http://hdl.handle.net/11244/323338
► Further more, the effectiveness of website fingerprinting (WF) has been shown to have an accuracy of over 90% when using Tor as the anonymity network.…
(more)
▼ Further more, the effectiveness of
website fingerprinting (WF) has been shown to have an accuracy of over 90% when using Tor as the anonymity network. The common assumption in previous work is that a victim is visiting one
website at a time and has access to the complete network trace of that
website. Our main concern about
website fingerprinting is its practicality. Victims could visit another
website in the middle of visiting one
website (overlapping visits). Or an adversary may only get an incomplete network traffic trace. When two
website visits are overlapping, the
website fingerprinting accuracy falls dramatically. Using our proposed "sectioning" algorithm, the accuracy for predicting the
website in overlapping visits improves from 22.80% to 70%. When part of the network trace is missing (either the beginning or the end), the accuracy when using our sectioning algorithm increases from 20% to over 60%.
Advisors/Committee Members: Chan-Tin, Eric (advisor), Park, Nohpill (committee member), Crick, Christopher (committee member), Sheng, Weihua (committee member).
Subjects/Keywords: password; privacy; security; shoulder surfing; tor relay popularity; website fingerprinting
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Chen, T. (2019). Privacy Analysis of Online and Offline Systems. (Thesis). Oklahoma State University. Retrieved from http://hdl.handle.net/11244/323338
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Chen, Tao. “Privacy Analysis of Online and Offline Systems.” 2019. Thesis, Oklahoma State University. Accessed January 16, 2021.
http://hdl.handle.net/11244/323338.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Chen, Tao. “Privacy Analysis of Online and Offline Systems.” 2019. Web. 16 Jan 2021.
Vancouver:
Chen T. Privacy Analysis of Online and Offline Systems. [Internet] [Thesis]. Oklahoma State University; 2019. [cited 2021 Jan 16].
Available from: http://hdl.handle.net/11244/323338.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Chen T. Privacy Analysis of Online and Offline Systems. [Thesis]. Oklahoma State University; 2019. Available from: http://hdl.handle.net/11244/323338
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
4.
Saraiva, Adriana Rodrigues.
Determinando o risco de Fingerprinting em páginas Web.
Degree: 2016, Universidade Federal do Amazonas
URL: http://tede.ufam.edu.br/handle/tede/5410
► Técnicas de fingerprinting são aquelas empregadas para identificar (ou reidentificar) um usuário ou um dispositivo através de um conjunto de atributos (tamanho da tela do…
(more)
▼ Técnicas de fingerprinting são aquelas empregadas para identificar (ou reidentificar)
um usuário ou um dispositivo através de um conjunto de atributos
(tamanho da tela do dispositivo, versões de softwares instalados, entre muitos
outros) e outras características observáveis durante o processo de comunicação.
Comumente conhecidas por Website fingerprinting, tais técnicas podem ser usadas
como medida de segurança (na autenticação de usuários, por exemplo) e como
mecanismo para vendas / marketing. Por outro lado, também podem ser consideradas
uma ameaça potencial à privacidade Web dos usuários, uma vez que dados
pessoais e sigilosos podem ser capturados e empregados para fins maliciosos nos
mais variados tipos de ataque e fraudes. Neste contexto, esta dissertação propõe
uma metodologia para detectar artefatos (scripts) fingerprinting em páginas Web
e mensurar o nível de severidade à privacidade do usuário. Os resultados mostram
que embora simples, a metodologia é eficaz ao encontrar códigos fingerprinting
nos websites e categorizá-los em níveis de severidade.
Fingerprinting techniques are those used to identify (or re-identify) a user or
device with a set of attributes (device screen size, versions of installed software,
among many others) and other observable characteristics during the communication
process. Commonly known by Website fingerprinting, such techniques can
be used as a security measure (in user authentication, for example) and as a
mechanism for sales / marketing. However, they can also be considered a potential
threat to Web users’ privacy, since personal and sensitive data can be
captured and used for malicious purposes in various types of attacks and fraud.
In this context, this work proposes a methodology to detect fingerprinting artifacts
in Web pages and measure the level of severity to user privacy. The results
show that although simple, the method is effective to find fingerprinting codes in
websites and categorizing them in severity levels.
FAPEAM - Fundação de Amparo à Pesquisa do Estado do Amazonas
Advisors/Committee Members: Feitosa, Eduardo Luzeiro, 56285949204, http://lattes.cnpq.br/5939944067207881.
Subjects/Keywords: Website fingerprinting; Sistema de ratreamento; Técnicas de fingerprinting; CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Saraiva, A. R. (2016). Determinando o risco de Fingerprinting em páginas Web. (Masters Thesis). Universidade Federal do Amazonas. Retrieved from http://tede.ufam.edu.br/handle/tede/5410
Chicago Manual of Style (16th Edition):
Saraiva, Adriana Rodrigues. “Determinando o risco de Fingerprinting em páginas Web.” 2016. Masters Thesis, Universidade Federal do Amazonas. Accessed January 16, 2021.
http://tede.ufam.edu.br/handle/tede/5410.
MLA Handbook (7th Edition):
Saraiva, Adriana Rodrigues. “Determinando o risco de Fingerprinting em páginas Web.” 2016. Web. 16 Jan 2021.
Vancouver:
Saraiva AR. Determinando o risco de Fingerprinting em páginas Web. [Internet] [Masters thesis]. Universidade Federal do Amazonas; 2016. [cited 2021 Jan 16].
Available from: http://tede.ufam.edu.br/handle/tede/5410.
Council of Science Editors:
Saraiva AR. Determinando o risco de Fingerprinting em páginas Web. [Masters Thesis]. Universidade Federal do Amazonas; 2016. Available from: http://tede.ufam.edu.br/handle/tede/5410
5.
Elleres, Pablo Augusto da Paz.
Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial.
Degree: 2017, Universidade Federal do Amazonas
URL: http://tede.ufam.edu.br/handle/tede/5859
► Fingerprinting é a técnica aplicada com vistas a identificar ou reidentificar um usuário/dispositivo por intermédio de um conjunto de atributos como: o tamanho da tela…
(more)
▼ Fingerprinting é a técnica aplicada com vistas a identificar ou reidentificar um
usuário/dispositivo por intermédio de um conjunto de atributos como: o tamanho
da tela do dispositivo, a identificação do endereço IP, as versões dos softwares instalados,
assim como por meio de outras características existentes no processo de
comunicação daWeb. A técnica é conhecida pela nomenclatura deWebsite fingerprinting
e tem sido utilizada como mecanismo de marketing/vendas de produtos,
mas pode muito bem ser empregada como medida de segurança na autenticação
de usuários. A questão é que ela pode e deve ser considerada uma ameaça potencial
a privacidade dos usuários na Web, já que dados pessoais e sigilosos podem
ser capturados e empregados para fins maliciosos. Atualmente uma técnica que
utiliza renderização de imagens, denominada Canvas fingerprinting, também tem
sido utilizada para burlar a privacidade dos usuários de websites. Este trabalho
apresenta um método que emprega técnicas de recuperação da informação (via
método vetorial), para realizar a detecção de scripts Canvas Fingerpriting em
páginas Web. O método consiste em realizar o cálculo da similaridade entre uma
base com 100 consultas reconhecidamente ligadas à Canvas Fingerpriting e bases
de dados com páginas tidas como benignas e malignas. O resultado encontrado
mostrou que níveis altos de similaridades com uma base de Canvas (97%), uma
base de páginas phishing (87%) e uma base com páginas do diretório DMOZ
(87%).
Fingerprinting is a technique applied in order to identify or re-identify a User/
device via a set of attributes such as the size of the device’s screen, IP address
identification, the versions of the software installed as well as through other
existing features in the process Web communication. The technique is known in
Nomenclature website fingerprinting and it has been used as a mechanism for
marketing/product sales, however, its development aims to serve as a measure
security of user authentication. The question is As it is considered a potencial
threat to Web privacy, since personal and sensitive data can be captured and
used for malicious purposes in various types of attacks and fraud. The point
is that it may and should be considered a potential threat to the privacy of
users on the Web, since personal and sensitive data can be captured and used
for malicious purposes. Currently a technique that uses image rendering, called
Canvas fingerprinting, has also been used for the same purposes as the previous
one. This work presents a method that uses information retrieval techniques (via
vectorial method) to perform the detection of Canvas Fingerprinting scripts in
Web pages. The method consists in calculating the similarity between a base with
100 queries from a Canvas Fingerprinting database and a set of web pages labeled
as benign and malignant. The result found showed high levels of similarities with
a canvas base (97 %), a base of phishing pages (87 %) and a base with DMOZ
directory pages (87 %).
CAPES -…
Advisors/Committee Members: Feitosa, Eduardo Luzeiro, 56285949204, http://lattes.cnpq.br/5939944067207881, [email protected].
Subjects/Keywords: Website Fingerprinting; Canvas Fingerprinting; Recuperação da Informação; Método Vetorial; CIÊNCIAS EXATAS E DA TERRA: CIÊNCIA DA COMPUTAÇÃO
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Elleres, P. A. d. P. (2017). Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial. (Masters Thesis). Universidade Federal do Amazonas. Retrieved from http://tede.ufam.edu.br/handle/tede/5859
Chicago Manual of Style (16th Edition):
Elleres, Pablo Augusto da Paz. “Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial.” 2017. Masters Thesis, Universidade Federal do Amazonas. Accessed January 16, 2021.
http://tede.ufam.edu.br/handle/tede/5859.
MLA Handbook (7th Edition):
Elleres, Pablo Augusto da Paz. “Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial.” 2017. Web. 16 Jan 2021.
Vancouver:
Elleres PAdP. Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial. [Internet] [Masters thesis]. Universidade Federal do Amazonas; 2017. [cited 2021 Jan 16].
Available from: http://tede.ufam.edu.br/handle/tede/5859.
Council of Science Editors:
Elleres PAdP. Detecção de Canvas Fingerprinting em páginas Web baseada em Modelo Vetorial. [Masters Thesis]. Universidade Federal do Amazonas; 2017. Available from: http://tede.ufam.edu.br/handle/tede/5859
6.
Nguyen, Giang Truong Khoa.
Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.
Degree: PhD, Computer Science, 2017, University of Illinois – Urbana-Champaign
URL: http://hdl.handle.net/2142/98375
► The Internet has become an integral part of modern life. At the same time, as we spend increasingly more time online, our digital trails, including…
(more)
▼ The Internet has become an integral part of modern life. At the same time, as we spend increasingly more time online, our digital trails, including the identities of the websites we visit, can reveal sensitive personal information. As a result, researchers have devised schemes that seek to enable users to obfuscate the network traffic fingerprints of the websites they visit; however, being ad hoc attempts, these schemes have all been later found to be ineffective against more sophisticated attacks. Thus, researchers have recently proposed a family of provable defenses called BuFLO, or Buffered Fixed-Length Obfuscator, that provides strong privacy guarantees at the expense of high overhead.
Orthogonal to these defenses, the popular Tor anonymity network provides some protection against these attacks but is nonetheless susceptible. In this dissertation, we propose a simple design that uses BuFLO to protect web browsing traffic over Tor: tunnel the BuFLO channel through Tor. In order to evaluate the design, for both live experiments as well as large-scale simulations, we need precise models of the traffic profiles generated by a browser's visiting websites. This in turn requires us to obtain a fine-grained model of the web page loading process, two key components of which are the browser and the web page. After diving into the immensely complex web page loading process, we instrument the browser in order to extract bits of information as it loads a web page; this enables us to obtain the models for 50 top Alexa-ranked global websites. Following that, we build a traffic generator framework to generate network traffic according to the models. Next, we design and implement from scratch CS-Tamaraw, a congestion-sensitive version of Tamaraw, the most secure member of the BuFLO family.
With all the pieces in hand, we perform live experiments to confirm that CS-Tamaraw provides the predicted gains in privacy as in the original study. However, when CS-Tamaraw is tunneled through Tor as we propose, its defense degrades significantly. We then conduct experiments to determine whether CS-Tamaraw is at fault. Both CS-Tamaraw and a simple, barebone, application-layer defense work largely as expected without Tor but are similarly afflicted when tunneled through Tor. Further investigations suggest that the unexpected results are due to artifacts in network conditions and not due to flaws in the design or implementation of CS-Tamaraw. We end after discussing the large-scale simulation studies with various levels of adoption of CS-Tamaraw.
Advisors/Committee Members: Borisov, Nikita (advisor), Borisov, Nikita (Committee Chair), Caesar, Matthew (committee member), Godfrey, Philip B (committee member), Johnson, Rob (committee member).
Subjects/Keywords: Website traffic fingerprinting; Provable website traffic fingerprinting; Tor; Web page modeling
…Tor . . . . . . . . . . . . . .
2.2 Website traffic fingerprinting
2.2.1 Attacks… …17
19
21
25
25
26
30
34
34
36
36
39
CHAPTER 4 PROVABLE WEBSITE TRAFFIC FINGERPRINTING… …4]. One class of traffic analysis attacks, called website traffic
fingerprinting… …first to present a website traffic fingerprinting
attack against Tor, albeit with little… …website traffic fingerprinting attack against Tor [30], prompting Tor developers to…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nguyen, G. T. K. (2017). Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. (Doctoral Dissertation). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/98375
Chicago Manual of Style (16th Edition):
Nguyen, Giang Truong Khoa. “Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.” 2017. Doctoral Dissertation, University of Illinois – Urbana-Champaign. Accessed January 16, 2021.
http://hdl.handle.net/2142/98375.
MLA Handbook (7th Edition):
Nguyen, Giang Truong Khoa. “Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor.” 2017. Web. 16 Jan 2021.
Vancouver:
Nguyen GTK. Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. [Internet] [Doctoral dissertation]. University of Illinois – Urbana-Champaign; 2017. [cited 2021 Jan 16].
Available from: http://hdl.handle.net/2142/98375.
Council of Science Editors:
Nguyen GTK. Performance and security tradeoffs of provable website traffic fingerprinting defenses over Tor. [Doctoral Dissertation]. University of Illinois – Urbana-Champaign; 2017. Available from: http://hdl.handle.net/2142/98375
7.
Rahman, Mohammad Saidur.
Using Packet Timing Information in Website Fingerprinting.
Degree: MS, Department of Computing Security (GCCIS), 2018, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/9890
► Website Fingerprinting (WF) enables an eavesdropper to discover what sites the user is visiting despite the use of a VPN or even the Tor…
(more)
▼ Website Fingerprinting (WF) enables an eavesdropper to discover what sites the user is visiting despite the use of a VPN or even the Tor anonymity system. Recent WF attacks on Tor have reached high enough accuracy (up to 98%) to prompt Tor to consider adopting defenses based on packet padding. Defenses such as Walkie-Talkie mainly remove features related to bursts of traffic without affecting packet timing. This was reasonable given that previous research on WF attacks ignored or deemphasized the use of packet timing information. In this thesis, we examine the extent to which packet timing can be used to facilitate WF attacks. In our experiment, we gained up to 61% accuracy on our unprotected dataset, 54% on our WTF-PAD dataset, and 43% on our Walkie-Talkie dataset using only timing-based features in an SVM classifier. Using a convolutional neural network (CNN), we got 88% accuracy on our unprotected dataset, and 76% and 47% accuracy on ourWTF-PAD and Walkie-Talkie dataset respectively. We intend to investigate further to develop an effective and robust WF attack using packet timing.
Advisors/Committee Members: Matthew Wright.
Subjects/Keywords: Anonymity system; Deep learning; Privacy; Security; Tor; Website fingerprinting
…Chapter 4. Packet Timing in Website Fingerprinting
4.1
Data Collection… …5
2.2
Website Fingerprinting Attack. . . . . . . . . . . . . . . . . .
6
2.3
A… …thesis is organized as follows: Chapter 2 provides background of Tor, website fingerprinting… …by the
website fingerprinting (WF) attack. Indeed, to combat this attack, Tor has… …x5D; extensively investigated the use of deep learning in website
fingerprinting. Their…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Rahman, M. S. (2018). Using Packet Timing Information in Website Fingerprinting. (Masters Thesis). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/9890
Chicago Manual of Style (16th Edition):
Rahman, Mohammad Saidur. “Using Packet Timing Information in Website Fingerprinting.” 2018. Masters Thesis, Rochester Institute of Technology. Accessed January 16, 2021.
https://scholarworks.rit.edu/theses/9890.
MLA Handbook (7th Edition):
Rahman, Mohammad Saidur. “Using Packet Timing Information in Website Fingerprinting.” 2018. Web. 16 Jan 2021.
Vancouver:
Rahman MS. Using Packet Timing Information in Website Fingerprinting. [Internet] [Masters thesis]. Rochester Institute of Technology; 2018. [cited 2021 Jan 16].
Available from: https://scholarworks.rit.edu/theses/9890.
Council of Science Editors:
Rahman MS. Using Packet Timing Information in Website Fingerprinting. [Masters Thesis]. Rochester Institute of Technology; 2018. Available from: https://scholarworks.rit.edu/theses/9890
8.
Sirinam, Payap.
Website Fingerprinting using Deep Learning.
Degree: PhD, Computer Science (GCCIS), 2019, Rochester Institute of Technology
URL: https://scholarworks.rit.edu/theses/10010
► Website fingerprinting (WF) enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art WF attacks have been…
(more)
▼ Website fingerprinting (WF) enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art WF attacks have been shown to be effective even against Tor. Recently, lightweight WF defenses for Tor have been proposed that substantially degrade existing attacks: WTF-PAD and Walkie-Talkie. In this work, we explore the impact of recent advances in deep learning on WF attacks and defenses. We first present Deep
Fingerprinting (DF), a new WF attack based on deep learning, and we evaluate this attack against WTF-PAD and Walkie-Talkie. The DF attack attains over 98% accuracy on Tor traffic without defenses, making it the state-of-the-art WF attack at the time of publishing this work. DF is the only attack that is effective against WTF-PAD with over 90% accuracy, and against Walkie-Talkie, DF achieves a top-2 accuracy of 98%. In the more realistic open-world setting, our attack remains effective. These findings highlight the need for defenses that protect against attacks like DF that use advanced deep learning techniques.
Since DF requires large amounts of training data that is regularly updated, some may argue that is it is not practical for the weaker attacker model typically assumed in WF. Additionally, most WF attacks make strong assumptions about the testing and training data have similar distributions and being collected from the same type of network at about the same time. Thus, we next examine ways that an attacker could reduce the difficulty of performing an attack by leveraging N-shot learning, in which just a few training samples are needed to identify a given class. In particular, we propose a new WF attack called Triplet
Fingerprinting (TF) that uses triplet networks for N-shot learning. We evaluate this attack in challenging settings such as where the training and testing data are from multiple years apart and collected on different networks, and we find that the TF attack remains effective in such settings with 85% accuracy or better. We also show that the TF attack is also effective in the open world and outperforms transfer learning.
Finally, in response to the DF and TF attacks, we propose the CAM-Pad defense: a novel WF defense utilizing the Grad-CAM visual explanation technique. Grad-CAM can be used to identify regions of particular sensitivity in the data and provide insight into the features that the model has learned, providing more understanding about how the DF attack makes its prediction. The defense is based on a dynamic flow-padding defense, making it practical for deployment in Tor. The defense can reduce the attacker's accuracy using the DF attack from 98% to 67%, which is much better than the WTF-PAD defense, with a packet overhead of approximately 80%.
Advisors/Committee Members: Matthew Wright.
Subjects/Keywords: Anonymity system; Deep learning; Privacy; Security; Tor; Website fingerprinting
…2.2 Website Fingerprinting and Threat Model .
2.3 Website Fingerprinting Attacks… …2.4 Website Fingerprinting Defenses . . . . . .
2.5 Deep Learning… …2.6 Website Fingerprinting using Deep Learning
2.7 Attack Performance Metrics… …10
10
11
14
16
17
20
21
21
21
3 Website Fingerprinting Attacks
3.1 Data Collection… …CONTENTS
viii
4 Improved Website Fingerprinting Attacks
4.1 WF Attacks’ Previously-handled…
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Sirinam, P. (2019). Website Fingerprinting using Deep Learning. (Doctoral Dissertation). Rochester Institute of Technology. Retrieved from https://scholarworks.rit.edu/theses/10010
Chicago Manual of Style (16th Edition):
Sirinam, Payap. “Website Fingerprinting using Deep Learning.” 2019. Doctoral Dissertation, Rochester Institute of Technology. Accessed January 16, 2021.
https://scholarworks.rit.edu/theses/10010.
MLA Handbook (7th Edition):
Sirinam, Payap. “Website Fingerprinting using Deep Learning.” 2019. Web. 16 Jan 2021.
Vancouver:
Sirinam P. Website Fingerprinting using Deep Learning. [Internet] [Doctoral dissertation]. Rochester Institute of Technology; 2019. [cited 2021 Jan 16].
Available from: https://scholarworks.rit.edu/theses/10010.
Council of Science Editors:
Sirinam P. Website Fingerprinting using Deep Learning. [Doctoral Dissertation]. Rochester Institute of Technology; 2019. Available from: https://scholarworks.rit.edu/theses/10010
9.
LU LIMING.
Traffic Monitoring and analysis for source identification.
Degree: 2010, National University of Singapore
URL: http://scholarbank.nus.edu.sg/handle/10635/23750
Subjects/Keywords: website fingerprinting; Tor; side channel attack; edit distance; Distributed Denial of Service (DDoS) attack; probabilistic packet marking
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
LIMING, L. (2010). Traffic Monitoring and analysis for source identification. (Thesis). National University of Singapore. Retrieved from http://scholarbank.nus.edu.sg/handle/10635/23750
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
LIMING, LU. “Traffic Monitoring and analysis for source identification.” 2010. Thesis, National University of Singapore. Accessed January 16, 2021.
http://scholarbank.nus.edu.sg/handle/10635/23750.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
LIMING, LU. “Traffic Monitoring and analysis for source identification.” 2010. Web. 16 Jan 2021.
Vancouver:
LIMING L. Traffic Monitoring and analysis for source identification. [Internet] [Thesis]. National University of Singapore; 2010. [cited 2021 Jan 16].
Available from: http://scholarbank.nus.edu.sg/handle/10635/23750.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
LIMING L. Traffic Monitoring and analysis for source identification. [Thesis]. National University of Singapore; 2010. Available from: http://scholarbank.nus.edu.sg/handle/10635/23750
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
. 
Open Access Theses and Dissertations
