Voltar
Artigo Revisado por pares
BIBTEX RIS

Website-Aware Protocol Confusion Network for Emergent HTTP/3 Website Fingerprinting

2023; Institute of Electrical and Electronics Engineers; Volume: 18; Linguagem: Inglês

10.1109/tifs.2023.3266173

ISSN

1556-6021

Autores

Mengqi Zhan, Yang Li, Yongchun Zhu, Guangxi Yu, Yan Zhang, Bo Li, Weiping Wang,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

Website fingerprinting is exploited to analyze encrypted traffic traces and infer the visited website. Existing website fingerprinting methods can achieve satisfying performance for the HTTP traffic visiting websites over TCP. Recently, a new protocol QUIC has been proposed, and HTTP-over-QUIC has been formalized as the next generation HTTP, named HTTP/3. Thus, it is necessary to classify HTTP/3 traces. However, since HTTP/3 is newly proposed and is being deployed, it is difficult to collect a large number of HTTP/3 traces. Intuitively, we can use sufficient TCP traces to improve the performance of the QUIC trace classifier. Unfortunately, the protocol discrepancy exists between TCP and QUIC traces, which undermines the generalization ability of the classifier. In this paper, for practical website fingerprinting of HTTP/3, we propose a Website-Aware Protocol Confusion Network (WAPCN), which exploits only a few QUIC traces to train a website classifier with the help of lots of available TCP traces. It consists of four main parts: a feature extractor, a website classifier, a protocol discriminator, and a website-aware adaptor. The feature extractor aims to extract trace representations from both TCP and QUIC traces. It cooperates with the website classifier to learn the discriminative representation for the website classification. The role of the protocol discriminator is to confuse protocols and guide the feature extractor to learn protocol-invariant representations. The website-aware adaptor can enhance protocol-invariant representations to be aware of the website classification boundary. Extensive experiments are conducted on various tasks to demonstrate the effectiveness of WAPCN.

Referência(s)