Deutsch
Herrmann, Dominik and Wendolsky, Rolf and Federrath, Hannes (2009) Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier. In: CCSW '09: ACM Workshop on Cloud Computing Security, 13.11.2009, Chicago, Illinois, USA.
![[img]](http://epub.uni-regensburg.de/style/images/fileicons/application_pdf.png)
| PDF (Paper) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader 326Kb |
Abstract
Privacy enhancing technologies like OpenSSL, OpenVPN or Tor establish an encrypted tunnel that enables users to hide content and addresses of requested websites from external observers This protection is endangered by local traffic analysis attacks that allow an external, passive attacker between the PET system and the user to uncover the identity of the requested sites. However, existing proposals for such attacks are not practicable yet.
We present a novel method that applies common text mining techniques to the normalised frequency distribution of observable IP packet sizes. Our classifier correctly identifies up to 97% of requests on a sample of 775 sites and over 300,000 real-world traffic dumps recorded over a two-month period. It outperforms previously known methods like Jaccard's classifier and Naïve Bayes that neglect packet frequencies altogether or rely on absolute frequency values, respectively. Our method is system-agnostic: it can be used against any PET without alteration. Closed-world results indicate that many popular single-hop and even multi-hop systems like Tor and JonDonym are vulnerable against this general fingerprinting attack. Furthermore, we discuss important real-world issues, namely false alarms and the influence of the browser cache on accuracy.
| Item Type: | Conference or Workshop Item (Paper) | ||||
|---|---|---|---|---|---|
| Additional information (public): | erschienen: CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing security, ACM, New York, NY, 2009. ISBN: 978-1-60558-784-4 | ||||
| Institutions: | Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik IV - Management der Informationssicherheit (Prof. Dr.-Ing. Hannes Federrath) | ||||
| Identification Number: |
| ||||
| Related URLs: |
| ||||
| Keywords: | forensics, low-latency anonymity, text mining, traffic analysis | ||||
| Subjects: | 000 Computer science, information & general works > 004 Computer science | ||||
| Status: | Published | ||||
| Refereed: | Yes, this version has been refereed | ||||
| Created at the University of Regensburg: | Yes | ||||
| Owner: | Lst-Info-Sec Webmaster | ||||
| Deposited On: | 08 Jan 2010 09:23 | ||||
| Last Modified: | 21 Jul 2011 00:13 | ||||
| Item ID: | 11919 |
- ASCII Citation
- BibTeX
- Dublin Core
- EndNote
- HTML Citation
- METS
- OAI-ORE Resource Map (Atom Format)
- OAI-ORE Resource Map (RDF Format)
- RDF+N-Triples
- RDF+N3
- RDF+XML
- Refer
- Reference Manager
- Simple Metadata
- XML
- xMetaDissPlus
Literature of the same author
in this repositoryat BASEat Google Scholarat Scirusat publisher (via DOI)
Bookmark
Citeulike
Connotea
Del.icio.us
Digg
Facebook