Go to DBLP homepageXFP-recognizer: detecting cross-file browser fingerprinting
Abstract: In recent years, the evolving browser fingerprinting technology has posed significant challenges and constant demands on detection methods. Research related to malicious code shows that cross-file techniques, which disperse code into multiple files, can resist current detection methods. To address this challenge, we introduce cross-file tracking technology into browser fingerprinting, constructing cross-file browser fingerprinting (XFP). The dispersion of files and features in XFP effectively circumvents detection methods that primarily focus on single-file tracking. In this paper, we propose XFP-Recognizer, a Random Forest-based detection method for identifying XFP behaviors. XFP-Recognizer aggregates code files and dynamic APIs by constructing function call relationship graphs (FCRgraphs). It extracts dynamic and static features to train random forest models for detecting and classifying the aggregated files, and then backtracks based on FCRgraphs to mark original scripts. To validate our method, we implement a code-splitting algorithm and constructed a cross-file tracking dataset to address the lack of XFP in real-world scenarios. We combine this dataset with the dataset of Alexa Top-10K websites in different proportions to verify the effectiveness of XFP-Recognizer. The results show that XFP-Recognizer achieved an Accuracy of 92.25%, a Precision of 97.01% and an AUC of 0.9152 in recognizing browser fingerprinting, demonstrating superior performance in both single-file and cross-file tracking. XFP-Recognizer complements existing detection methods, and the constructed split dataset also serves as a foundational resource for future research.
External IDs:dblp:journals/cybersec/WangLZLLLL25
Loading