Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature

It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend t...

Full description

Bibliographic Details
Main Authors: Yitong Meng, Jinlong Fei
Format: Article
Language:English
Published: Hindawi-Wiley 2020-01-01
Series:Security and Communication Networks
Online Access:http://dx.doi.org/10.1155/2020/8850472
id doaj-46b0ad2365f9431e88b407a971971fbf
record_format Article
spelling doaj-46b0ad2365f9431e88b407a971971fbf2020-12-14T09:46:32ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222020-01-01202010.1155/2020/88504728850472Hidden Service Website Response Fingerprinting Attacks Based on Response Time FeatureYitong Meng0Jinlong Fei1State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, ChinaState Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, ChinaIt has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.http://dx.doi.org/10.1155/2020/8850472
collection DOAJ
language English
format Article
sources DOAJ
author Yitong Meng
Jinlong Fei
spellingShingle Yitong Meng
Jinlong Fei
Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
Security and Communication Networks
author_facet Yitong Meng
Jinlong Fei
author_sort Yitong Meng
title Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
title_short Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
title_full Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
title_fullStr Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
title_full_unstemmed Hidden Service Website Response Fingerprinting Attacks Based on Response Time Feature
title_sort hidden service website response fingerprinting attacks based on response time feature
publisher Hindawi-Wiley
series Security and Communication Networks
issn 1939-0114
1939-0122
publishDate 2020-01-01
description It has been shown that website fingerprinting attacks are capable of destroying the anonymity of the communicator at the traffic level. This enables local attackers to infer the website contents of the encrypted traffic by using packet statistics. Previous researches on hidden service attacks tend to focus on active attacks; therefore, the reliability of attack conditions and validity of test results cannot be fully verified. Hence, it is necessary to reexamine hidden service attacks from the perspective of fingerprinting attacks. In this paper, we propose a novel Website Response Fingerprinting (WRFP) Attack based on response time feature and extremely randomized tree algorithm to analyze the hidden information of the response fingerprint. The objective is to monitor hidden service website pages, service types, and mounted servers. WRFP relies on the hidden service response fingerprinting dataset. In addition to simulated website mirroring, two different mounting modes are taken into account, the same-source server and multisource server. A total of 300,000 page instances within 30,000 domain sites are collected, and we comprehensively evaluate the classification performance of the proposed WRFP. Our results show that the TPR of webpages and server classification remain greater than 93% in the small-scale closed-world performance test, and it is capable of tolerating up to 10% fluctuations in response time. WRFP also provides a higher accuracy and computational efficiency than traditional website fingerprinting classifiers in the challenging open-world performance test. This also indicates the importance of response time feature. Our results also suggest that monitoring website types improves the judgment effect of the classifier on subpages.
url http://dx.doi.org/10.1155/2020/8850472
work_keys_str_mv AT yitongmeng hiddenservicewebsiteresponsefingerprintingattacksbasedonresponsetimefeature
AT jinlongfei hiddenservicewebsiteresponsefingerprintingattacksbasedonresponsetimefeature
_version_ 1714998388392460288