KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Classification of Service Types using Website Fingerprinting in Anonymous Encrypted Communication Networks

익명 암호통신 네트워크에서의 웹사이트 핑거프린팅을 활용한 서비스 유형 분류

  • 구동영 (한성대학교 전자정보공학과)
  • Received : 2022.01.14
  • Accepted : 2022.02.09
  • Published : 2022.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

An anonymous encrypted communication networks that make it difficult to identify the trace of a user's access by passing through several virtual computers and/or networks, such as Tor, provides user and data privacy in the process of Internet communications. However, when it comes to abuse for inappropriate purposes, such as sharing of illegal contents, arms trade, etc. through such anonymous encrypted communication networks, it is difficult to detect and take appropriate countermeasures. In this paper, by extending the website fingerprinting technique that can identify access to a specific site even in anonymous encrypted communication, a method for specifying and classifying service types of websites for not only well-known sites but also unknown sites is proposed. This approach can be used to identify hidden sites that can be used for malicious purposes.

토르 (Tor, The Onion Router)와 같이 다수의 가상 컴퓨터 및 네트워크를 경유함으로써 이용자의 인터넷 접속에 대한 추적을 어렵게 하는 익명 암호통신 네트워크는 데이터 송수신 과정에서의 사용자 및 데이터 프라이버시 보호를 그 운영목적으로 하고 있다. 하지만 이러한 익명 암호통신 네트워크를 통한 불법 콘텐츠 공유 및 무기거래 등 부적절한 용도로의 악용 및 오용에 있어, 기존의 탐지 기법을 적용하거나 적절한 대응책을 마련하기에는 어려움이 따른다. 본 논문에서는 익명 암호통신에서도 특정 사이트에 대한 접근 정보를 높은 정확도로 유추할 수 있는 웹사이트 핑거프린팅 (website fingerprinting) 기법을 확장하여, 특정 사이트 뿐 아니라 알려지지 않은 사이트에 대해서도 서비스 유형을 특정하고 분류하는 방법을 강구함으로써 악의적 목적에 활용될 수 있는 은닉 사이트 또는 잠재적 불법 사이트에 대한 식별 방안을 제시한다.

Keywords

Acknowledgement

본 연구는 한성대학교 교내학술연구비 지원과제임.

References

  1. N. Shah, "The challenges of inspecting encrypted network traffic," Fortinet [Internet], https://www.fortinet.com/blog/industry-trends/keeping-up-with-performance-demands-of-encrypted-web-traffic.2020.08.04.
  2. N. Wodecki, "Zscaler's 2021 encrypted attacks report reveals 314 percent spike in HTTPS threats," Zscaler [Internet], https://www.zscaler.com/press/zscalers-2021-encrypted-attacks-report-reveals-314-percent-spike-https-threats.2021.08.28.
  3. SonicWall, "2021 Cyber Threat Report: Mid-Year Update," SonicWall [Intenet], https://webobjects2.cdw.com/is/content/CDW/cdw/on-domain-cdw/brands/sonicwall/mid-year-2021-cyber-threat-report.pdf
  4. Z. Chen, K. He, J. Li, and Y. Geng, "Seq2Img: Sequence-to-Image based approach towards IP traffic classification using convolutional neural networks," IEEE International Conference on Big Data (BIGDATA), pp.1271-1276, 2017.
  5. W. Wang, M. Zhu, J. Wang, X. Zeng, and Z. Yang, "End-to-End encrypted traffic classification with one-dimensional convolution neural networks," IEEE Internationa Conference on Intelligence and Security Informatics (ISI), pp.43-48, 2017.
  6. M. Lotfollahi, M. J. Siavoshani, R. S. H. Zade, and M. Saberian, "Deep packet: A novel approach for encrypted traffic classification using deep learning," Soft Computing, Vol.24, No.3, pp.1999-2012, 2020. https://doi.org/10.1007/s00500-019-04030-2
  7. L. Vu, C. T. Bui, and Q. U. Nguyen, "A deep learning based method for handling imblanced problem in network traffic classification," International Symposium on Information and Communication Technology (SoICT), pp.333-339, 2017.
  8. S. Rezaei and X. Liu, "How to achieve high classification accuracy with just a few labels: A semi-supervised approach using sampled packets," arXiv e-prints, arXiv-1812, 2019.
  9. G. Aceto, D. Ciuonzo, A. Montieri, and A. Pescape, "Mobile encrypted traffic classification using deep learning," Network Traffic Measurement and Analysis Conference (TMA), pp.1-8, 2018.
  10. T. Wang and I. Goldberg, "Improved website fingerprinting on tor," ACM Workshop on Privacy in the Electronic Society (WPES), pp.201-212, 2013.
  11. P. Sirinam, M. Imani, M. Juarez, and M. Wright, "Deep fingerprinting: Undermining website fingerprinting defenses with deep learning," ACM SIGSAC Conference on Computer and Communications Security (CCS), pp.1928-1943, 2018.