TY - JOUR
T1 - ProFi
T2 - Scalable and Efficient Website Fingerprinting
AU - Kramer, Patrick
AU - Baier, Benedikt
AU - Landerer, Niklas
AU - Diederich, Philip
AU - Griessel, Alexander
AU - Hohlfeld, Oliver
AU - Blenk, Andreas
AU - Mieth, Martin
AU - Kellerer, Wolfgang
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2024/2/1
Y1 - 2024/2/1
N2 - Website Fingerprinting (WFP) attacks infer the websites or webpages a user is visiting from encrypted traffic. To date, it remains uncertain if WFP can attack many users from a central location in an online scenario. We close this gap with PROFI, a WFP attack that detects websites based on the initial TLS connection from the client to the server using at most the connection's first 30 packets. PROFI achieves a precision and recall of 86.51% and 85.35% in a closed-world, and 68.90% and 78.71% in an open-world scenario, which is competitive to state-of-the-art (SoA) WFP attacks, while taking a fraction of the time of SoA attacks to classify a webpage. Further, we implement PROFI as a micro service-based prototype and evaluate the attack in an online scenario with real traffic traces. We show that PROFI can monitor up to 100 websites at 10 G, corresponding to up to 424 webpages per second. We also show that PROFI has the potential to interfere with a victim's webpage access.
AB - Website Fingerprinting (WFP) attacks infer the websites or webpages a user is visiting from encrypted traffic. To date, it remains uncertain if WFP can attack many users from a central location in an online scenario. We close this gap with PROFI, a WFP attack that detects websites based on the initial TLS connection from the client to the server using at most the connection's first 30 packets. PROFI achieves a precision and recall of 86.51% and 85.35% in a closed-world, and 68.90% and 78.71% in an open-world scenario, which is competitive to state-of-the-art (SoA) WFP attacks, while taking a fraction of the time of SoA attacks to classify a webpage. Further, we implement PROFI as a micro service-based prototype and evaluate the attack in an online scenario with real traffic traces. We show that PROFI can monitor up to 100 websites at 10 G, corresponding to up to 424 webpages per second. We also show that PROFI has the potential to interfere with a victim's webpage access.
KW - Website fingerprinting
KW - machine learning
KW - privacy
KW - probabilistic graphical models
KW - time series modeling
UR - http://www.scopus.com/inward/record.url?scp=85172992230&partnerID=8YFLogxK
U2 - 10.1109/TNSM.2023.3318508
DO - 10.1109/TNSM.2023.3318508
M3 - Article
AN - SCOPUS:85172992230
SN - 1932-4537
VL - 21
SP - 1271
EP - 1286
JO - IEEE Transactions on Network and Service Management
JF - IEEE Transactions on Network and Service Management
IS - 1
ER -