TY - GEN
T1 - Traffic-based automatic detection of browser fingerprinting
AU - Zhao, Rui
AU - Chow, Edward
AU - Li, Chunchun
N1 - Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019.
PY - 2019
Y1 - 2019
N2 - Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.
AB - Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.
KW - Browser
KW - Detection
KW - Fingerprinting
KW - Privacy
UR - http://www.scopus.com/inward/record.url?scp=85077510132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85077510132&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-37228-6_18
DO - 10.1007/978-3-030-37228-6_18
M3 - Conference contribution
AN - SCOPUS:85077510132
SN - 9783030372279
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 365
EP - 385
BT - Security and Privacy in Communication Networks - 15th EAI International Conference, SecureComm 2019, Proceedings
A2 - Chen, Songqing
A2 - Choo, Kim-Kwang Raymond
A2 - Fu, Xinwen
A2 - Lou, Wenjing
A2 - Mohaisen, Aziz
PB - Springer
T2 - 15th International Conference on Security and Privacy in Communication Networks, SecureComm 2019
Y2 - 23 October 2019 through 25 October 2019
ER -