• KIPS Transactions on Software and Data Engineering
• /
• v.9 no.6
• /
• pp.187-194
• /
• 2020

This paper proposes a website fingerprinting method using ensemble learning over a Tor network that guarantees client anonymity and personal information. We construct a training problem for website fingerprinting from the traffic packets collected in the Tor network, and compare the performance of the website fingerprinting system using tree-based ensemble models. A training feature vector is prepared from the general information, burst, cell sequence length, and cell order that are extracted from the traffic sequence, and the features of each website are represented with a fixed length. For experimental evaluation, we define four learning problems (Wang14, BW, CW_T, CW_H) according to the use of website fingerprinting, and compare the performance with the support vector machine model using CUMUL feature vectors. In the experimental evaluation, the proposed statistical-based training feature representation is superior to the CUMUL feature representation except for the BW case.

• KIPS Transactions on Computer and Communication Systems
• /
• v.11 no.4
• /
• pp.127-132
• /
• 2022

An anonymous encrypted communication networks that make it difficult to identify the trace of a user's access by passing through several virtual computers and/or networks, such as Tor, provides user and data privacy in the process of Internet communications. However, when it comes to abuse for inappropriate purposes, such as sharing of illegal contents, arms trade, etc. through such anonymous encrypted communication networks, it is difficult to detect and take appropriate countermeasures. In this paper, by extending the website fingerprinting technique that can identify access to a specific site even in anonymous encrypted communication, a method for specifying and classifying service types of websites for not only well-known sites but also unknown sites is proposed. This approach can be used to identify hidden sites that can be used for malicious purposes.

• Convergence Security Journal
• /
• v.15 no.7
• /
• pp.9-19
• /
• 2015

The Android operating system is exposed to a phishing attack of stealing private information that a user enters into a web page. We have discovered two security vulnerabilities of the phishing attack. First, an always-on-top scheme allows malware to place a transparent user interface (UI) on the current top screen and intercept a user input. Second, the Android provides some APIs that allow malware to obtain the information of a currently visited web page. This paper introduces a phishing that attacks a web page by exploiting the two vulnerabilities. The attack detects a visit to a security-relevant web page and steals private information from the web page. Our experiments on popular web sites reveal that the attack is significantly accurate and dangerous.