Cross-site input inference attacks on mobile web users

Rui Zhao, Chuan Yue, Qi Han

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

In this paper, we investigate severe cross-site input inference attacks that may compromise the security of every mobile Web user, and quantify the extent to which they can be effective. We formulate our attacks as a typical multi-class classification problem, and build an inference framework that trains a classifier in the training phase and predicts a user’s new inputs in the attacking phase. To make our attacks effective and realistic, we design unique techniques, and address major data quality and data segmentation challenges. We intensively evaluate the effectiveness of our attacks using keystrokes collected from 20 participants. Overall, our attacks are effective, for example, they are about 10.8 times more effective than the random guessing attacks regarding inferring letters. Our results demonstrate that researchers, smartphone vendors, and app developers should pay serious attention to the severe cross-site input inference attacks that can be pervasively performed, and should start to design and deploy effective defense techniques.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings
EditorsAli Ghorbani, Xiaodong Lin, Kui Ren, Sencun Zhu, Aiqing Zhang
PublisherSpringer Verlag
Pages629-643
Number of pages15
ISBN (Print)9783319788128
DOIs
StatePublished - 2018
Externally publishedYes
Event13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada
Duration: Oct 22 2017Oct 25 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume238
ISSN (Print)1867-8211

Conference

Conference13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
CountryCanada
City[state] ON
Period10/22/1710/25/17

Keywords

  • Cross-site input inference
  • Mobile
  • Motion sensor
  • Web

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Cross-site input inference attacks on mobile web users'. Together they form a unique fingerprint.

Cite this