Resource Knowledge-Driven Heterogeneous Graph Learning for Website Fingerprinting

IF 7.4 1区计算机科学 Q1 TELECOMMUNICATIONS

IEEE Transactions on Cognitive Communications and Networking Pub Date : 2024-01-08 DOI:10.1109/TCCN.2024.3350531

Bo Gao;Weiwei Liu;Guangjie Liu;Fengyuan Nie

{"title":"Resource Knowledge-Driven Heterogeneous Graph Learning for Website Fingerprinting","authors":"Bo Gao;Weiwei Liu;Guangjie Liu;Fengyuan Nie","doi":"10.1109/TCCN.2024.3350531","DOIUrl":null,"url":null,"abstract":"Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.","PeriodicalId":13069,"journal":{"name":"IEEE Transactions on Cognitive Communications and Networking","volume":"10 3","pages":"968-981"},"PeriodicalIF":7.4000,"publicationDate":"2024-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cognitive Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10382702/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.

查看原文本刊更多论文

用于网站指纹识别的资源知识驱动的异构图学习

网站指纹（WF）攻击在网络流量分析中发挥着至关重要的作用，可确保网络安全和管理。尽管为保护用户隐私而增加了 TLS 加密，但 HTTP 流量仍主导着网络钓鱼和盗版网站。快速流量服务网络、循环域名系统和内容交付网络使基于 IP 地址或域名的 WF 攻击变得不那么有效。基于特征的人工机器学习和最新的端到端深度学习方法已显示出良好的前景。然而，网站内容更新会导致概念漂移，从而限制了其准确性。本研究利用了资源类型和网站布局通常是一致的，而特定资源是动态变化的这一事实。从 HTTP 请求数据包中提取的资源知识被用来构建网站浏览流量的图表示。然后，提出了一种异构图神经网络，专门设计用于使用这种表示法进行网站指纹识别。这种资源知识驱动的图学习框架可以保留有价值的模式信息，同时减轻概念漂移的影响。利用一个包含超过 120,000 个恶意网站流和超过 940,000 个良性网站流的真实世界数据集，对所提出的 WF 攻击进行了评估。它在确定良性-恶意网站方面的准确率超过 98%，在识别网站类型方面的准确率达到 97.6%。这些结果表明，与最先进的 WF 攻击相比，它有了显著的改进。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Cognitive Communications and Networking Computer Science-Artificial Intelligence

CiteScore

15.50

自引率

7.00%

发文量

108

期刊介绍： The IEEE Transactions on Cognitive Communications and Networking (TCCN) aims to publish high-quality manuscripts that push the boundaries of cognitive communications and networking research. Cognitive, in this context, refers to the application of perception, learning, reasoning, memory, and adaptive approaches in communication system design. The transactions welcome submissions that explore various aspects of cognitive communications and networks, focusing on innovative and holistic approaches to complex system design. Key topics covered include architecture, protocols, cross-layer design, and cognition cycle design for cognitive networks. Additionally, research on machine learning, artificial intelligence, end-to-end and distributed intelligence, software-defined networking, cognitive radios, spectrum sharing, and security and privacy issues in cognitive networks are of interest. The publication also encourages papers addressing novel services and applications enabled by these cognitive concepts.