Fingerprinting Web Browser for Tracing Anonymous Web Attackers

As web attackers hide themselves by using multi-step springboard (e.g., VPN, encrypted proxy) or anonymous network (i.e. Tor network), it raises a big obstacle for traceability and forensics. Furthermore, traditional forensics methods based on traffic and log analysis are just useful for analyzing attack events but useless for fingerprinting an attacker. Because of this, the browser fingerprinting technique which makes use of slight differences among different browsers was come up with. However, although this technique is effective for tracing attackers, countermeasures have been proposed, such as blocking extensions, spoofing extensions and Blink (a dynamic reconfiguration tool). These countermeasures will lead to changes of fingerprints. To solve the instability of browser fingerprints, we present an enhanced solution aiming at tracing attackers continuously even if the fingerprint changes within a particular period of time. By introducing secondary attributes, employing browser storage mechanisms and designing correlation algorithms, we implement the prototype system to examine the accuracy of our approach. Experimental results show that our proposed solution has the ability to associate different fingerprints from a single platform and the accuracy of tracing anonymous web attackers increases by 24.5% than traditional fingerprinting techniques.

[1]  Bradford G. Nickerson,et al.  Communicating and Displaying Real-Time Data with WebSocket , 2012, IEEE Internet Computing.

[2]  Yahui Yang,et al.  A Network Misuse Detection Mechanism Based on Traffic Log , 2009, 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing.

[3]  Walter Rudametkin,et al.  Mitigating Browser Fingerprint Tracking: Multi-level Reconfiguration and Diversification , 2015, 2015 IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems.

[4]  Shantanu Rane,et al.  Privacy preserving string comparisons based on Levenshtein distance , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[5]  Hovav Shacham,et al.  Pixel Perfect : Fingerprinting Canvas in HTML 5 , 2012 .

[6]  Fiaz Majeed,et al.  Extending HTML5 local storage to save more data; efficiently and in more structured way , 2013, Eighth International Conference on Digital Information Management (ICDIM 2013).

[7]  Ming Yang,et al.  A novel active website fingerprinting attack against Tor anonymous system , 2014, Proceedings of the 2014 IEEE 18th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

[8]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[9]  Tsutomu Matsumoto,et al.  Fingerprinting Traffic Log , 2008, 2008 International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[10]  Mohamed Ali Kâafar,et al.  Digging into Anonymous Traffic: A Deep Analysis of the Tor Anonymizing Network , 2010, 2010 Fourth International Conference on Network and System Security.

[11]  Julien Lironcourt Internet Security Seminar Analyzing Information Flow in JavaScript-based Browser Extensions , 2010 .

[12]  Alaa Eleyan,et al.  Character recognition using correlation & hamming distance , 2015, 2015 23nd Signal Processing and Communications Applications Conference (SIU).

[13]  Ravi S. Sandhu,et al.  Secure Cookies on the Web , 2000, IEEE Internet Comput..

[14]  Chu-Hsing Lin,et al.  Access Log Generator for Analyzing Malicious Website Browsing Behaviors , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[15]  Gurmeet Singh Manku,et al.  Detecting near-duplicates for web crawling , 2007, WWW '07.

[16]  Moses Charikar,et al.  Similarity estimation techniques from rounding algorithms , 2002, STOC '02.

[17]  Michael Adeyeye,et al.  Determining the signalling overhead of two common WebRTC methods: JSON via XMLHttpRequest and SIP over WebSocket , 2013, 2013 Africon.