Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend t...
Main Authors: | , |
---|---|
Format: | Article |
Language: | English |
Published: |
Hindawi-Wiley
2020-01-01
|
Series: | Security and Communication Networks |
Online Access: | http://dx.doi.org/10.1155/2020/8850472 |
id |
doaj-46b0ad2365f9431e88b407a971971fbf |
---|---|
record_format |
Article |
spelling |
doaj-46b0ad2365f9431e88b407a971971fbf2020-12-14T09:46:32ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/88504728850472Hidden Service Website Response Fingerprinting Attacks Based on Response Time FeatureYitong Meng0Jinlong Fei1State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, ChinaIt has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.http://dx.doi.org/10.1155/2020/8850472 |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Yitong Meng Jinlong Fei |
spellingShingle |
Yitong Meng Jinlong Fei Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature Security and Communication Networks |
author_facet |
Yitong Meng Jinlong Fei |
author_sort |
Yitong Meng |
title |
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature |
title_short |
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature |
title_full |
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature |
title_fullStr |
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature |
title_full_unstemmed |
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature |
title_sort |
hidden service website response fingerprinting attacks based on response time feature |
publisher |
Hindawi-Wiley |
series |
Security and Communication Networks |
issn |
1939-0114 1939-0122 |
publishDate |
2020-01-01 |
description |
It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages. |
url |
http://dx.doi.org/10.1155/2020/8850472 |
work_keys_str_mv |
AT yitongmeng hiddenservicewebsiteresponsefingerprintingattacksbasedonresponsetimefeature AT jinlongfei hiddenservicewebsiteresponsefingerprintingattacksbasedonresponsetimefeature |
_version_ |
1714998388392460288 |