Abstract
Internet circumvention applications – such as Psiphon – are widely used to bypass control mechanisms, and each of such anti-censorship application uses a unique mechanism to bypass internet censorship. Although anti-censorship applications provide a unique means to ensure internet freedom, some applications severely degrade network performance and possibly open the door for network security breaches. Anti-censorship applications such as Psiphon can be used as cover for hacking attempts and can assist in many criminal activities. In this paper, we analyze the Psiphon service and perform a passive traffic analysis to detect Psiphon traffic. Moreover, we profile the top 100 websites based on their Alexa rankings according to five different categories under Psiphon and perform an effective website fingerprinting attack. Our analysis uses the well-known k-nearest neighbors for website fingerprinting and support vector machine classifier to detect Psiphon traffic.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Psiphon, Privacy Policy. https://psiphon.ca/en/privacy.html. Accessed 24 Apr 2017
Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial Naïve Bayes classifier. In: Proceedings of the 2009 ACM workshop on Cloud Computing Security, pp. 31–42 (2009)
Wang, T.: Website fingerprinting: attacks and defenses, Ph.D. Dissertation, University of Waterloo (2016)
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 332–346 (2012)
Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 605–616 (2012)
Hayes, J., Danezis, G.: Website fingerprinting at scale (2016). arXiv:1509.00789v2
Rimmer, V.: Deep Learning Website Fingerprinting Features, MS thesis, KU Leuven (2017)
Panchenko, A., Niessen, L.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the Annual ACM Workshop on Privacy in the Electronic Society, pp. 103–114 (2011)
Al-Qura’n, R., Hadi, A., Atoum, J., Al-Zewairi, M.: Ultrasurf traffic classification: detection and prevention. Int. J. Commun. Netw. Syst. Sci. 8(8), 304–311 (2015)
Alexa Top 500 Global Sites. http://www.alexa.com/topsites. Accessed 8 Jun 2017
The #1 Browser Automation, Data Extraction, and Web Testing Tool, iMacros Software. http://imacros.net/overview. Accessed 24 Mar 2017
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the ACM conference on Computer and Communications Security, pp. 255–263 (2006)
Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the USENIX Security Symposium, pp. 143–157 (2014)
Train models to classify data using supervised machine learning - MATLAB. https://www.mathworks.com/help/stats/classificationlearner-app.html?s_tid=gn_loc_drop. Accessed 14 Apr 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Ejeta, T.G., Kim, H.J. (2017). Website Fingerprinting Attack on Psiphon and Its Forensic Analysis. In: Kraetzer, C., Shi, YQ., Dittmann, J., Kim, H. (eds) Digital Forensics and Watermarking. IWDW 2017. Lecture Notes in Computer Science(), vol 10431. Springer, Cham. https://doi.org/10.1007/978-3-319-64185-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-64185-0_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64184-3
Online ISBN: 978-3-319-64185-0
eBook Packages: Computer ScienceComputer Science (R0)