Investigation of the Possibility of Identifying Websites Visited by the User Based on HTTP/2 Traffic

Confidentiality is an important security feature when exchanging data over a network. To implement it, a family of SSL/TLS protocols is used, which, however, do not fully hide either the visited site or the user's actions. In addition to privacy, privacy also plays a significant role for network users. To provide additional privacy, some software solutions have been implemented, such as Tor and I2P. As a measure of the privacy of the relevant solutions, their resistance to a specialized class of attacks can be used. One of the attacks is Website Fingerprinting, which allows the traffic sent and received by a known user to determine which sites he visited. Website Fingerprinting is a classification task, where the object is the user's visit to the website, and the class is the website itself. This article examines the Website Fingerprinting attack for HTTP/2 traffic. The paper contains a description and calculation of popular features used in traffic classification, and assesses their applicability to the Website Fingerprinting task. To implement the Website Fingerprinting attack, several classifiers are built, among which an algorithm is selected that gives the best result on the collected data set. The accuracy of the best classifier is 97.8% under certain assumptions. In addition, there is an assessment and analysis of some real-world constraints affecting the accuracy of classification.

1. Mistry S. Traffic Analysis of SSL-Encrypted Web Browsing //http://bmrc. berkeley. edu/people/shailen/Classes/SecurityFall98/paper. ps. – 1998.

2. Hintz A. Fingerprinting websites using traffic analysis //International workshop on privacy enhancing technologies. – Berlin, Heidelberg: Springer Berlin Heidelberg, 2002. – С. 171-178.

3. Sun, Q., Simon, D. R., Wang, Y. M., Russell, W., Padmanabhan, V. N., & Qiu, L. (2002, May). Statis-tical identification of encrypted web browsing traffic. In Proceedings 2002 IEEE Symposium on Se-curity and Privacy (pp. 19-30). IEEE.

4. Liberatore, M., & Levine, B. N. (2006, October). Inferring the source of encrypted HTTP connec-tions. In Proceedings of the 13th ACM conference on Computer and communications security (pp. 255-263).

5. Herrmann, D., Wendolsky, R., & Federrath, H. (2009, November). Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM workshop on Cloud computing security (pp. 31-42).

6. Panchenko, A., Niessen, L., Zinnen, A., & Engel, T. (2011, October). Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society (pp. 103-114).

7. Juarez, M., Afroz, S., Acar, G., Diaz, C., & Greenstadt, R. (2014, November). A critical evaluation of website fingerprinting attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 263-274).

8. Gu, X., Yang, M., & Luo, J. (2015, May). A novel website fingerprinting attack against multi-tab browsing behavior. In 2015 IEEE 19th international conference on computer supported cooperative work in design (CSCWD) (pp. 234-239). IEEE.

9. Panchenko, A., Lanze, F., Pennekamp, J., Engel, T., Zinnen, A., Henze, M., & Wehrle, K. (2016, Feb-ruary). Website Fingerprinting at Internet Scale. In NDSS.

10. Avdoshin, S. M., & Lazarenko, A. V. (2016). Deep web users deanonimization system. Труды Ин-ститута системного программирования РАН, 28(3), 21-34.

11. Feghhi, S., & Leith, D. J. (2016). A web traffic analysis attack using only timing information. IEEE Transactions on Information Forensics and Security, 11(8), 1747-1759.

12. Sirinam, P., Imani, M., Juarez, M., & Wright, M. (2018, October). Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In Proceedings of the 2018 ACM SIGSAC Con-ference on Computer and Communications Security (pp. 1928-1943).

13. Rimmer, V., Preuveneers, D., Juarez, M., Van Goethem, T., & Joosen, W. (2017). Automated website fingerprinting through deep learning. arXiv preprint arXiv:1708.06376.

14. Shen, M., Liu, Y., Chen, S., Zhu, L., & Zhang, Y. (2019, May). Webpage fingerprinting using only packet length information. In ICC 2019-2019 IEEE International Conference on Communications (ICC) (pp. 1-6). IEEE.

15. Ghiëtte, V., & Doerr, C. (2020, June). Scaling website fingerprinting. In 2020 IFIP Networking Con-ference (Networking) (pp. 199-207). IEEE.