Go to DBLP homepageRLTree: Website Fingerprinting Through Resource Loading Tree
Abstract: Website fingerprinting (WF) attack is a type of traffic analysis technique that extracts the unique fingerprint from the traffic of each website demonstrating that the current privacy protection mechanism provided by HTTPS is still fragile. While prior WF attack methods that extract fingerprints only using the web traffic generated by the first TCP session can be easily compromised by the frequent website updates, we observe that it is still possible to identify a website accurately through fingerprinting the resource loading sequence generated by the multiple initial TCP sessions. We record the multiple TCP sessions by visiting a website and analyze its traffic structure. We find that despite the update of the website, the TCP establishment is always kept unchanged, and such TCP sequence can be used to fingerprint a website. Hence, we build a resource loading tree using the multiple TCP sessions and demonstrates its high precision in recognizing a website even under HTTPS protection. We collect data from 20 websites with a total of 7,326 traces, and show that the accuracy can achieve up to 95.9%.
Loading