{"title":"用于网站指纹识别的资源知识驱动的异构图学习","authors":"Bo Gao;Weiwei Liu;Guangjie Liu;Fengyuan Nie","doi":"10.1109/TCCN.2024.3350531","DOIUrl":null,"url":null,"abstract":"Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.","PeriodicalId":13069,"journal":{"name":"IEEE Transactions on Cognitive Communications and Networking","volume":"10 3","pages":"968-981"},"PeriodicalIF":7.4000,"publicationDate":"2024-01-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Resource Knowledge-Driven Heterogeneous Graph Learning for Website Fingerprinting\",\"authors\":\"Bo Gao;Weiwei Liu;Guangjie Liu;Fengyuan Nie\",\"doi\":\"10.1109/TCCN.2024.3350531\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.\",\"PeriodicalId\":13069,\"journal\":{\"name\":\"IEEE Transactions on Cognitive Communications and Networking\",\"volume\":\"10 3\",\"pages\":\"968-981\"},\"PeriodicalIF\":7.4000,\"publicationDate\":\"2024-01-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Cognitive Communications and Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10382702/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cognitive Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10382702/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
Resource Knowledge-Driven Heterogeneous Graph Learning for Website Fingerprinting
Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.
期刊介绍:
The IEEE Transactions on Cognitive Communications and Networking (TCCN) aims to publish high-quality manuscripts that push the boundaries of cognitive communications and networking research. Cognitive, in this context, refers to the application of perception, learning, reasoning, memory, and adaptive approaches in communication system design. The transactions welcome submissions that explore various aspects of cognitive communications and networks, focusing on innovative and holistic approaches to complex system design. Key topics covered include architecture, protocols, cross-layer design, and cognition cycle design for cognitive networks. Additionally, research on machine learning, artificial intelligence, end-to-end and distributed intelligence, software-defined networking, cognitive radios, spectrum sharing, and security and privacy issues in cognitive networks are of interest. The publication also encourages papers addressing novel services and applications enabled by these cognitive concepts.