feature selection in website fingerprinting
play

Feature Selection in Website Fingerprinting Junhua Yan Advisor: - PowerPoint PPT Presentation

Nov 01, 2023 •234 likes •831 views

Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23 Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker

  1. Feature Selection in Website Fingerprinting Junhua Yan Advisor: Prof. Jasleen Kaur July 24, 2019 1/23

  2. Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side client web Figure: Attacker scenario in website fingerprinting. 2/23

  3. Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side Application: • network manager: protect enterprise networks • Internet Service Providers: gauge user interests • malicious entities: exploit private user data • ... ... client web Figure: Attacker scenario in website fingerprinting. 2/23

  4. Website Fingerprinting Goal: determine the visited website by inspecting network traffic on client side Application: • network manager: protect enterprise networks • Internet Service Providers: gauge user interests • malicious entities: exploit private user data • ... ... TCP/IP Payload Header Figure: IP Packet client web Figure: Attacker scenario in website fingerprinting. 2/23

  5. Website Fingerprinting Methodology 1 Deep Packet Inspection Figure: Unencrypted payload over HTTP TCP/IP Payload Header Figure: IP Packet client web Figure: Attacker scenario in website fingerprinting. 3/23

  6. Website Fingerprinting Methodology 1 Deep Packet Inspection Figure: Encrypted payload over HTTPS TCP/IP Payload Header Figure: IP Packet client web Figure: Attacker scenario in website fingerprinting. 3/23

  7. Website Fingerprinting Methodology 1 Deep Packet Inspection 2 TCP/IP signature-based identification • Extract features from TCP/IP headers • Apply supervised machine learning algorithm TCP/IP Payload Header Figure: IP Packet client web Figure: Attacker scenario in website fingerprinting. 3/23

  8. Website Fingerprinting Methodology TCP/IP Header Field Function Total Length Total length of IP datagram Source The IP address of the original Address source of the IP datagram Destination The IP address of the final Address destination of the IP datagram Source Port TCP port of sending host 1 Deep Packet Inspection Destination Port TCP port of Destination host Table: Five key fields in TCP/IP header. 2 TCP/IP signature-based identification • Extract features from TCP/IP headers • Apply supervised machine learning algorithm TCP/IP Payload Header Figure: IP Packet client web Figure: Attacker scenario in website fingerprinting. 3/23

  9. Related Work & Limitations Author Scenario Features Classifier Liberatore et al. 2006 ( L ) SSH packet size count Naive Bayes Herrmann et al. 2009 ( H ) SSH, Tor packet size frequency Multinomial Bayes Panchenko et al. 2011 ( P ) SSH, Tor burst markers, HTML markers, # of markers, ratio of incoming packets, occurring packet sizes, transmitted bytes, # of packets SVM Dyer et al. 2012 ( Vng++ ) SSH per-direction bandwidth, transmission time, burst markers Naive Bayes Wang et al. 2013 ( FLSVM ) Tor Tor cell instances Distance-based SVM Feghhi et al. 2016 ( DTW ) SSH uplink timing information Dynamic Time Warping Panchenko et al. 2016 Tor # of incoming & outgoing packets, sum of incoming ( CUMUL ) & outgoing packet sizes, interpolant of cumulative packet size SVM # of packets, ratio of incoming & outgoing packets , Hayes et al. 2016 ( k-FP ) Tor packet ordering, concentration of outgoing packets, # of Random Forests packets per second, inter-arrival time, transmission time Trevisan et al. 2016 ( T ) HTTP server IP address count, hostname count * Table: Summary of prior work evaluated in our work. 4/23

  10. Related Work & Limitations Author Scenario Features Classifier Liberatore et al. 2006 ( L ) SSH packet size count Naive Bayes Herrmann et al. 2009 ( H ) SSH, Tor packet size frequency Multinomial Bayes Panchenko et al. 2011 ( P ) SSH, Tor burst markers, HTML markers, # of markers, ratio of incoming packets, occurring packet sizes, transmitted bytes, # of packets SVM Dyer et al. 2012 ( Vng++ ) SSH per-direction bandwidth, transmission time, burst markers Naive Bayes Wang et al. 2013 ( FLSVM ) Tor Tor cell instances Distance-based SVM Feghhi et al. 2016 ( DTW ) SSH uplink timing information Dynamic Time Warping Panchenko et al. 2016 Tor # of incoming & outgoing packets, sum of incoming ( CUMUL ) & outgoing packet sizes, interpolant of cumulative packet size SVM # of packets, ratio of incoming & outgoing packets , Hayes et al. 2016 ( k-FP ) Tor packet ordering, concentration of outgoing packets, # of Random Forests packets per second, inter-arrival time, transmission time Trevisan et al. 2016 ( T ) HTTP server IP address count, hostname count * Table: Summary of prior work evaluated in our work. 4/23

  11. Related Work & Limitations Author Scenario Features Classifier Liberatore et al. 2006 ( L ) SSH packet size count Naive Bayes Herrmann et al. 2009 ( H ) SSH, Tor packet size frequency Multinomial Bayes Panchenko et al. 2011 ( P ) SSH, Tor burst markers, HTML markers, # of markers, ratio of incoming packets, occurring packet sizes, transmitted bytes, # of packets SVM Dyer et al. 2012 ( Vng++ ) SSH per-direction bandwidth, transmission time, burst markers Naive Bayes Wang et al. 2013 ( FLSVM ) Tor Tor cell instances Distance-based SVM Feghhi et al. 2016 ( DTW ) SSH uplink timing information Dynamic Time Warping Panchenko et al. 2016 Tor # of incoming & outgoing packets, sum of incoming ( CUMUL ) & outgoing packet sizes, interpolant of cumulative packet size SVM # of packets, ratio of incoming & outgoing packets , Hayes et al. 2016 ( k-FP ) Tor packet ordering, concentration of outgoing packets, # of Random Forests packets per second, inter-arrival time, transmission time Trevisan et al. 2016 ( T ) HTTP server IP address count, hostname count * Table: Summary of prior work evaluated in our work. 4/23

  12. Related Work & Limitations Author Scenario Features Classifier Liberatore et al. 2006 ( L ) SSH packet size count Naive Bayes Herrmann et al. 2009 ( H ) SSH , Tor packet size frequency Multinomial Bayes Panchenko et al. 2011 ( P ) SSH , Tor burst markers, HTML markers, # of markers, ratio of incoming packets, occurring packet sizes, transmitted bytes, # of packets SVM Dyer et al. 2012 ( Vng++ ) SSH per-direction bandwidth, transmission time , burst markers Naive Bayes Wang et al. 2013 ( FLSVM ) Tor Tor cell instances Distance-based SVM Feghhi et al. 2016 ( DTW ) SSH uplink timing information Dynamic Time Warping Panchenko et al. 2016 Tor # of incoming & outgoing packets , sum of incoming ( CUMUL ) & outgoing packet sizes, interpolant of cumulative packet size SVM # of packets , ratio of incoming & outgoing packets , Hayes et al. 2016 ( k-FP ) Tor packet ordering, concentration of outgoing packets, # of Random Forests packets per second, inter-arrival time, transmission time Trevisan et al. 2016 ( T ) HTTP server IP address count, hostname count * Table: Summary of prior work evaluated in our work. • Limited set of features studied 4/23

  13. Related Work & Limitations Author Scenario Features Classifier Liberatore et al. 2006 ( L ) SSH packet size count Naive Bayes Herrmann et al. 2009 ( H ) SSH , Tor packet size frequency Multinomial Bayes Panchenko et al. 2011 ( P ) SSH , Tor burst markers, HTML markers, # of markers, ratio of incoming packets, occurring packet sizes, transmitted bytes, # of packets SVM Dyer et al. 2012 ( Vng++ ) SSH per-direction bandwidth, transmission time , burst markers Naive Bayes Wang et al. 2013 ( FLSVM ) Tor Tor cell instances Distance-based SVM Feghhi et al. 2016 ( DTW ) SSH uplink timing information Dynamic Time Warping Panchenko et al. 2016 Tor # of incoming & outgoing packets , sum of incoming ( CUMUL ) & outgoing packet sizes, interpolant of cumulative packet size SVM # of packets , ratio of incoming & outgoing packets , Hayes et al. 2016 ( k-FP ) Tor packet ordering, concentration of outgoing packets, # of Random Forests packets per second, inter-arrival time, transmission time Trevisan et al. 2016 ( T ) HTTP server IP address count, hostname count * Table: Summary of prior work evaluated in our work. • Limited set of features studied What’s the extent of website fingerprint-ability? 4/23

  14. What is the extent of website fingerprint-ability? • Are there other features can be used to achieve comparable accuracy with state-of-the-art? • What if we hide some of informative features, e.g., packet size? • Can features that are informative in one scenario (e.g., Tor) be used to accurately identify websites in another scenario (e.g., SSH)? 5/23

  15. What is the extent of website fingerprint-ability? • Are there other features can be used to achieve comparable accuracy with state-of-the-art? ◦ Extract a comprehensive list of TCP/IP header features • What if we hide some of informative features, e.g., packet size? • Can features that are informative in one scenario (e.g., Tor) be used to accurately identify websites in another scenario (e.g., SSH)? 5/23

  16. What is the extent of website fingerprint-ability? • Are there other features can be used to achieve comparable accuracy with state-of-the-art? ◦ Extract a comprehensive list of TCP/IP header features • What if we hide some of informative features, e.g., packet size? ◦ Consider eight different communication scenarios • Can features that are informative in one scenario (e.g., Tor) be used to accurately identify websites in another scenario (e.g., SSH)? 5/23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection

Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection

Feature Selection: ROC and Subset Selection Theodoridis 5.5-5.7 Using ROC for Feature Selection Hypothesis Tests Examined (e.g. t-test): Useful for discarding features But does not tell us about overlap between classes for a feature! At Left

526 views • 21 slides
k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes

k -fingerprinting: a Robust Scalable Website Fingerprinting Technique George Danezis Jamie Hayes University College London August 12, 2016 1/24 How does website fingerprinting work? - Training Tor network Relay 2 Adversary Relay 1

988 views • 24 slides
Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and

Tor website fingerprinting Website fingerprinting attacks against Tor Browser Bundle: a comparison between HTTP/1.1 and HTTP/2 T.T.N. Marks BSc. K.C.N. Halvemaan BSc. University of Amsterdam System and Network Engineering Research Project #1

664 views • 32 slides
Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy

Bayes, not Nave Security Bounds on Website Fingerprinting Defenses Giovanni Cherubin Privacy Enhancing Technologies Symposium Minneapolis, Minnesota, USA 19 July, 2017 @gchers Website Fingerprinting (WF) Encrypted Tunnel Victim

400 views • 20 slides
Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2

Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2

Feature Selection Feature Extraction Feature Selection Feature Extraction Outline Reducing Dimensionality Feature Selection 1 Steven J Zeil Feature Extraction 2 Principal Components Analysis (PCA) Old Dominion Univ. Factor Analysis (FA)

602 views • 6 slides
Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU

Website Fingerprinting Attacks and Defenses in the Tor Onion Space Marc Juarez imec-COSIC KU Leuven COSIC Seminar - 23rd October 2017, Leuven Introduction Contents of this presentation: - PETS17: Website Fingerprinting Defenses at

658 views • 44 slides
Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection

Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection

Feature Selection Feature Extraction Reducing Dimensionality Steven J Zeil Old Dominion Univ. Fall 2010 1 Feature Selection Feature Extraction Outline Feature Selection 1 Feature Extraction 2 Principal Components Analysis (PCA) Factor

479 views • 36 slides
Feature Selection ZHI LI Fenys Lab October 3, 2019 What is Feature? X (Independent)

Feature Selection ZHI LI Fenys Lab October 3, 2019 What is Feature? X (Independent)

Feature Selection ZHI LI Fenys Lab October 3, 2019 What is Feature? X (Independent) Variable Predictor Covariate Face; leg; tail; Hair texture/style Impeachment Trade war Whatever you can think of.. What methods are out there?

826 views • 37 slides
Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial

Website Fingerprinting Attacking Popular Privacy Enhancing Technologies with the Multinomial Nave-Bayes Classifier Dominik Herrmann , Hannes Federrath Rolf Wendolsky University of Regensburg, Germany JonDos GmbH Motivation To Whom It May

901 views • 34 slides
Mutual Information an Adequate Tool for Feature Selection ? Benot Frnay November 15, 2013

Mutual Information an Adequate Tool for Feature Selection ? Benot Frnay November 15, 2013

Mutual Information an Adequate Tool for Feature Selection ? Benot Frnay November 15, 2013 Introduction What is Feature Selection ? Overview of the Presentation Example of Feature Selection: Diabetes Progression Goal : predict the diabetes

1.05k views • 64 slides
Evolutionary Computation for Feature Selection and Feature Construction Bing Xue School of

Evolutionary Computation for Feature Selection and Feature Construction Bing Xue School of

Evolutionary Computation for Feature Selection and Feature Construction Bing Xue School of Engineering and Computer Science Victoria University of Wellington Bing.Xue@ecs.vuw.ac.nz IEEE CIS Webinar Mon, Sep 25, 2017 2:00 PM - 3:00 PM NZDT

1.7k views • 67 slides
Feature Selection CS 760@UW-Madison Goals for the lecture you should understand the following

Feature Selection CS 760@UW-Madison Goals for the lecture you should understand the following

Feature Selection CS 760@UW-Madison Goals for the lecture you should understand the following concepts filtering-based feature selection information gain filtering Markov blanket filtering frequency pruning

686 views • 25 slides
Feature Selection Richard Pospesel and Bert Wierenga Introduction Preprocessing Peaking

Feature Selection Richard Pospesel and Bert Wierenga Introduction Preprocessing Peaking

Feature Selection Richard Pospesel and Bert Wierenga Introduction Preprocessing Peaking Phenomenon Feature Selection Based on Statistical Hypothesis T esting Dimensionality Reduction Using Neural Networks Outlier Removal

642 views • 17 slides
Feature Selection CE-725: Statistical Pattern Recognition Sharif University of Technology

Feature Selection CE-725: Statistical Pattern Recognition Sharif University of Technology

Feature Selection CE-725: Statistical Pattern Recognition Sharif University of Technology Soleymani Fall 2018 Some slides are based on Isabelle Guyons slides : Introduction to feature selection, 2007. Outline } Dimensionality

1.08k views • 34 slides
RIDGE and LASSO regularization for regression Feature selection - Some algorithms perform

RIDGE and LASSO regularization for regression Feature selection - Some algorithms perform

RIDGE and LASSO regularization for regression Feature selection - Some algorithms perform naturally feature selection - for example Decision Trees, Boosting - Other algorithms have difficulty with correlated features - for example Naive Bayes,

801 views • 14 slides
Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 ,

Website Fingerprinting at Internet Scale Andriy Panchenko 1 , Fabian Lanze 1 , Andreas Zinnen 2 , Martin Henze 3 , Jan Pennekamp 1 , Klaus Wehrle 3 , Thomas Engel 1 1 Interdisciplinary Centre for Security, Reliability and Trust (SnT), Luxembourg 2

567 views • 23 slides
Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos

Enabling Privacy-Aware Zone Exchanges Among Authoritative and Recursive DNS Servers Nikos Kostopoulos, Dimitris Kalogeras and Vasilis Maglaris NET work M anagement & O ptimal De sign ( NETMODE ) Laboratory School of Electrical & Computer

309 views • 17 slides
Deduplication CSCI 333 Spring 2019 Logistics Lab 2a/b Final Project Final Exam

Deduplication CSCI 333 Spring 2019 Logistics Lab 2a/b Final Project Final Exam

Deduplication CSCI 333 Spring 2019 Logistics Lab 2a/b Final Project Final Exam Grades 2 Last Class BetrFS [FAST 15] Linux file system using B e -trees Metadata B e -tree: path -> struct stat Data in B e

540 views • 29 slides
Fingerprinting ECUs for Vehicle Intrusion Detection Kyong-Tak Cho, Kang G. Shin, University of

Fingerprinting ECUs for Vehicle Intrusion Detection Kyong-Tak Cho, Kang G. Shin, University of

Fingerprinting ECUs for Vehicle Intrusion Detection Kyong-Tak Cho, Kang G. Shin, University of Michigan Fingerprinting ECUs for Vehicle Intrusion Detection Kyong-Tak Cho, Kang G. Shin, University of Michigan How To Tell if Your Car is h4xd

291 views • 15 slides
Visualization for Biometric Evaluation Romain Giot <romain.giot@u-bordeaux.fr> Romain

Visualization for Biometric Evaluation Romain Giot <romain.giot@u-bordeaux.fr> Romain

Visualization for Biometric Evaluation Romain Giot <romain.giot@u-bordeaux.fr> Romain Giot <romain.giot@u-bordeaux.fr> Introduction Who am I ? Work place University of Bordeaux IUT Bordeaux Computer Science

910 views • 63 slides
Fingerprinting Requirements for Increased Controls Licensees Chris Einberg, Senior Project

Fingerprinting Requirements for Increased Controls Licensees Chris Einberg, Senior Project

United States Nuclear Regulatory Commission Fingerprinting Requirements for Increased Controls Licensees Chris Einberg, Senior Project Manager Office of Federal and State Materials and Environmental Management Programs Tim Harris, Team Leader

729 views • 45 slides
Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun

Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun

Computer Security Laboratory Automatic Fingerprinting Of Vulnerable BLE IoT Devices With Static UUIDs From Mobile Apps Chaoshun Zuo, Haohuang Wen , Zhiqiang Lin, and Yinqian Zhang Department of Computer Science and Engineering The Ohio State

1.19k views • 73 slides
Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev,

Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev,

Picasso: Light-weight device class fingerprinting for web clients Elie Bursztein , Artem Malyshev, Tadek Pietraszek, Kurt Thomas Title Interesting story here Subpoint g.co/research/protect Keeping online interactions meaningful

641 views • 32 slides
BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on

BIAS BIAS Biometric Identity Assurance Services 6 March 2009 Catherine Tilton W3C Workshop on SIV Biometric services Whats missing? Biometric Applications Biometric Resources ? ANSI/NIST-ITL 1-2000/6 ? BioAPI/BIP ? Other ?

257 views • 13 slides

More recommend