Traffic-based automatic detection of browser fingerprinting

Rui Zhao, Edward Chow, Chunchun Li

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - 15th EAI International Conference, SecureComm 2019, Proceedings
EditorsSongqing Chen, Kim-Kwang Raymond Choo, Xinwen Fu, Wenjing Lou, Aziz Mohaisen
PublisherSpringer
Pages365-385
Number of pages21
ISBN (Print)9783030372279
DOIs
StatePublished - 2019
Event15th International Conference on Security and Privacy in Communication Networks, SecureComm 2019 - Orlando , United States
Duration: Oct 23 2019Oct 25 2019

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume304 LNICST
ISSN (Print)1867-8211

Conference

Conference15th International Conference on Security and Privacy in Communication Networks, SecureComm 2019
CountryUnited States
CityOrlando
Period10/23/1910/25/19

Keywords

  • Browser
  • Detection
  • Fingerprinting
  • Privacy

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Traffic-based automatic detection of browser fingerprinting'. Together they form a unique fingerprint.

Cite this