Website fingerprinting as a cybercrime investigation model: Role and challenges

Abstract

The mass-production of online websites is one of the most confrontations of detecting cybercriminal activities. Monitoring the construction or visitation of such websites is somewhat unsophisticated process if it relies on filtering the URL addresses alone, like Proxy. However, user online interactions can be concealed if passed through security protocols or anonymity networks, like Tor. Nowadays, Tor has been widely used to conceal website addresses, web page contents, user actions, and user anonymity. On the other hand, website traffic analysis and fingerprinting techniques endeavor to break such privacy by revealing user actions and anonymity. Basically, this is considered as a negative behavior. However, in this paper, we study how fingerprinting techniques can positively be adapted by Internet Service Providers to be used against Cybercrime activities. In other words, fingerprinting techniques can play a vital role for investigating and mitigating cybercrimes. We present several fingerprinting techniques and countermeasures from a cybercrime point of view. Then, we (1) illustrate how fingerprinting techniques can be applied as cybercrime investigation models, and (2) discuss the expected challenges of such application.