Papers
Topics
Authors
Recent
Search
2000 character limit reached

Seqnature: Extracting Network Fingerprints from Packet Sequences

Published 28 Dec 2023 in cs.CR and cs.NI | (2312.17370v1)

Abstract: This paper proposes a general network fingerprinting framework, Seqnature, that uses packet sequences as its basic data unit and that makes it simple to implement any fingerprinting technique that can be formulated as a problem of identifying packet exchanges that consistently occur when the fingerprinted event is triggered. We demonstrate the versatility of Seqnature by using it to implement five different fingerprinting techniques, as special cases of the framework, which broadly fall into two categories: (i) fingerprinting techniques that consider features of each individual packet in a packet sequence, e.g., size and direction; and (ii) fingerprinting techniques that only consider stream-wide features, specifically what Internet endpoints are contacted. We illustrate how Seqnature facilitates comparisons of the relative performance of different fingerprinting techniques by applying the five fingerprinting techniques to datasets from the literature. The results confirm findings in prior work, for example that endpoint information alone is insufficient to differentiate between individual events on Internet of Things devices, but also show that smart TV app fingerprints based exclusively on endpoint information are not as distinct as previously reported.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (58)
  1. Peek-a-boo: I see your smart home activities, even encrypted! In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’20, page 207–218, New York, NY, USA, 2020. Association for Computing Machinery.
  2. Spying through your voice assistants: Realistic voice command fingerprinting. In 32nd USENIX Security Symposium (USENIX Security 23), pages 2419–2436, 2023.
  3. SoK: Security Evaluation of Home-Based IoT Deployments. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1362–1380, 2019.
  4. Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. In Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD ’17, page 1723–1732, New York, NY, USA, 2017. Association for Computing Machinery.
  5. Accurate TLS Fingerprinting using Destination Context and Knowledge Bases, 2020.
  6. A Smart Home is No Castle: Privacy Vulnerabilities of Encrypted IoT Traffic. Data and Algorithmic Transparency Workshop (DAT), 2016.
  7. Early recognition of encrypted applications. In Steve Uhlig, Konstantina Papagiannaki, and Olivier Bonaventure, editors, Passive and Active Network Measurement, pages 165–175, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg.
  8. Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning. Proceedings on Privacy Enhancing Technologies, 4:292–310, 2019.
  9. API design for machine learning software: experiences from the scikit-learn project. In ECML PKDD Workshop: Languages for Data Mining and Machine Learning, pages 108–122, 2013.
  10. Voice command fingerprinting with locality sensitive hashes. In Proceedings of the 2020 Joint Workshop on CPS&IoT Security and Privacy, CPSIOTSEC’20, page 87–92, New York, NY, USA, 2020. Association for Computing Machinery.
  11. Analyzing android encrypted network traffic to identify user actions. IEEE Transactions on Information Forensics and Security, 11(1):114–125, 2016.
  12. Is anybody home? inferring activity from smart home network traffic. In 2016 IEEE Security and Privacy Workshops (SPW), pages 245–251, 2016.
  13. {{\{{HorusEye}}\}}: A realtime {{\{{IoT}}\}} malicious traffic detection framework using programmable switches. In 32nd USENIX Security Symposium (USENIX Security 23), pages 571–588, 2023.
  14. A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise. In Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, KDD’96, page 226–231. AAAI Press, 1996.
  15. Acquisitional rule-based engine for discovering internet-of-things devices. In 27th USENIX Security Symposium (USENIX Security 18), pages 327–341, Baltimore, MD, August 2018. USENIX Association.
  16. Andrew Hintz. Fingerprinting websites using traffic analysis. In Roger Dingledine and Paul Syverson, editors, Privacy Enhancing Technologies, pages 171–178, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg.
  17. Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting. Proceedings on Privacy Enhancing Technologies, 2021(4):420–440, 2021.
  18. New directions in automated traffic analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 3366–3383, 2021.
  19. Behaviot: Measuring smart home iot behavior using network-inferred behavior models. In Proceedings of the Internet Measurement Conference, 2023.
  20. IoT Inspector: Crowdsourcing Labeled Network Traffic from Smart Home Devices at Scale. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol., 4(2), June 2020.
  21. HTTPS Traffic Analysis and Client Identification Using Passive SSL/TLS Fingerprinting. EURASIP J. Inf. Secur., 2016(1), December 2016.
  22. What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning. In Proceedings of the 20th Workshop on Privacy in the Electronic Society, WPES ’21, page 237–243, New York, NY, USA, 2021. Association for Computing Machinery.
  23. IFTTT Inc. IFTTT. https://ifttt.com.
  24. I Can Hear Your Alexa: Voice Command Fingerprinting on Smart Home Speakers. In 2019 IEEE Conference on Communications and Network Security (CNS), pages 232–240, 2019.
  25. Packet-Level Open-World App Fingerprinting on Wireless Traffic. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, 2022.
  26. Network Traffic Classifier With Convolutional and Recurrent Neural Networks for Internet of Things. IEEE Access, 5:18042–18050, 2017.
  27. Unexpected means of protocol inference. In Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, IMC ’06, page 313–326, New York, NY, USA, 2006. Association for Computing Machinery.
  28. Context-aware website fingerprinting over encrypted proxies. In IEEE INFOCOM 2021 - IEEE Conference on Computer Communications, pages 1–10, 2021.
  29. Edward M. McCreight. A Space-Economical Suffix Tree Construction Algorithm. J. ACM, 23(2):262–272, April 1976.
  30. hdbscan: Hierarchical density based clustering. The Journal of Open Source Software, 2(11):205, 2017.
  31. Appprint: Automatic fingerprinting of mobile applications in network traffic. In Jelena Mirkovic and Yong Liu, editors, Passive and Active Measurement, pages 57–69, Cham, 2015. Springer International Publishing.
  32. Toward the accurate identification of network applications. In Constantinos Dovrolis, editor, Passive and Active Network Measurement, pages 41–54, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg.
  33. Homesnitch: Behavior transparency and control for smart home iot devices. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’19, page 128–138, New York, NY, USA, 2019. Association for Computing Machinery.
  34. HomeSnitch: Behavior Transparency and Control for Smart Home IoT Devices. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’19, page 128–138, New York, NY, USA, 2019. Association for Computing Machinery.
  35. GANDaLF: GAN for Data-Limited Fingerprinting. Proceedings on Privacy Enhancing Technologies, 2021(2):305–322, 2021.
  36. p1-fp: Extraction, classification, and prediction of website fingerprints with deep learning. Proceedings on Privacy Enhancing Technologies, 2019(3), 2019.
  37. Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, 12:2825–2830, 2011.
  38. Marcello Perathoner. suffix-tree. https://github.com/cceh/suffix-tree.
  39. An {{\{{Input-Agnostic}}\}} hierarchical deep learning framework for traffic fingerprinting. In 32nd USENIX Security Symposium (USENIX Security 23), pages 589–606, 2023.
  40. Studying TLS Usage in Android Apps. In Proceedings of the 13th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’17, page 350–362, New York, NY, USA, 2017. Association for Computing Machinery.
  41. Identifying HTTPS-Protected Netflix Videos in Real-Time. In Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, CODASPY ’17, page 361–368, New York, NY, USA, 2017. Association for Computing Machinery.
  42. Information Exposure From Consumer IoT Devices: A Multidimensional, Network-Informed Measurement Approach. In Proceedings of the Internet Measurement Conference, IMC ’19, page 267–279, New York, NY, USA, 2019. Association for Computing Machinery.
  43. Large-Scale Mobile App Identification Using Deep Learning. IEEE Access, 8:348–362, 2020.
  44. Deep Learning for Encrypted Traffic Classification: An Overview. IEEE Communications Magazine, 57(5):76–81, 2019.
  45. Eavesdropping on fine-grained user activities within smartphone apps over encrypted network traffic. In 10th USENIX Workshop on Offensive Technologies (WOOT 16), Austin, TX, August 2016. USENIX Association.
  46. Beauty and the Burst: Remote Identification of Encrypted Video Streams. In 26th USENIX Security Symposium (USENIX Security 17), pages 1357–1374, Vancouver, BC, August 2017. USENIX Association.
  47. Encrypted DNS ⇒⇒\Rightarrow⇒ Privacy? A Traffic Analysis Perspective. In Network & Distributed System Security Symposium (NDSS). Internet Society, 2020.
  48. Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-Shot Learning. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS ’19, page 1131–1148, New York, NY, USA, 2019. Association for Computing Machinery.
  49. Website Fingerprinting in the Age of QUIC. Proceedings on Privacy Enhancing Technologies, 2021(2):48–69, 2021.
  50. Statistical identification of encrypted web browsing traffic. In Proceedings 2002 IEEE Symposium on Security and Privacy, pages 19–30, 2002.
  51. Appscanner: Automatic fingerprinting of smartphone apps from encrypted network traffic. In 2016 IEEE European Symposium on Security and Privacy (EuroS P), pages 439–454, 2016.
  52. Robust smartphone app identification via encrypted network traffic analysis. IEEE Transactions on Information Forensics and Security, 13(1):63–78, 2018.
  53. Packet-Level Signatures for Smart Home Devices. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, February 2020.
  54. Esko Ukkonen. On-Line Construction of Suffix Trees. Algorithmica, 14(3):249–260, September 1995.
  55. Flowprint: Semi-supervised mobile-app fingerprinting on encrypted network traffic. In Proceedings of the Network and Distributed System Security (NDSS) Symposium, 2020.
  56. FingerprinTV: Fingerprinting Smart TV Apps. Proceedings on Privacy Enhancing Technologies, 2022(3), 2022.
  57. Fingerprinting encrypted voice traffic on smart speakers with deep learning. In Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’20, page 254–265, New York, NY, USA, 2020. Association for Computing Machinery.
  58. Rosetta: Enabling robust tls encrypted traffic classification in diverse network environments with tcp-aware traffic augmentation. In Proceedings of the ACM Turing Award Celebration Conference-China 2023, pages 131–132, 2023.

Summary

No one has generated a summary of this paper yet.

Sign Up to Summarize

Paper to Video (Beta)

No one has generated a video about this paper yet.

Sign Up to Generate All Videos Subscribe on YouTube

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Generate Now

Continue Learning

We haven't generated follow-up questions for this paper yet.

Generate Now

Collections

Sign up for free to add this paper to one or more collections.

Sign Up