Top

International Journal of Machine Learning and Cybernetics

Published in:

01-08-2015 | Original Article

Quantification of side-channel information leaks based on data complexity measures for web browsing

Authors: Zhi-Min He, Patrick P. K. Chan, Daniel S. Yeung, Witold Pedrycz, Wing W. Y. Ng

Published in: International Journal of Machine Learning and Cybernetics | Issue 4/2015

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Website fingerprinting attack can identify the visited websites by analyzing the side-channel information of the network traffic even though it is transferred through an encrypted tunnel. The security of web browsing can be evaluated by quantifying the side-channel information leaks. However, most of the current leak quantification measures focus on web applications and may be impractical in web browsing due to their time complexity. Although the revised models were proposed to simplify computations, their assumptions may not be suitable for web browsing. In this paper, the problem of website fingerprinting is analyzed from the viewpoint of pattern classification. The data complexity measures, which quantify the difficulty of separating classes in a classification problem, are applied to describe the leak quantification. The performance of these data complexity measures in representing information leaks is discussed and compared with the existing approaches. This comparative analysis is realized conceptually and through experiments by using two website fingerprinting countermeasures: traffic morphing and BuFLO. Moreover, the parameter selection model based on the leak quantification is proposed to estimate suitable parameters for the website fingerprinting countermeasure. The experimental results confirm that the countermeasures with parameters selected according to the data complexity measures are more secure than other leak quantification measures.

previous article Face sketch recognition using sketching with words

next article Optimal selection of components value for analog active filter design using simplex particle swarm optimization

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

ATZelectronics worldwide

ATZlectronics worldwide is up-to-speed on new trends and developments in automotive electronics on a scientific level with a high depth of information.

Order your 30-days-trial for free and without any commitment.

inform now

ATZelektronik

Die Fachzeitschrift ATZelektronik bietet für Entwickler und Entscheider in der Automobil- und Zulieferindustrie qualitativ hochwertige und fundierte Informationen aus dem gesamten Spektrum der Pkw- und Nutzfahrzeug-Elektronik.

Lassen Sie sich jetzt unverbindlich 2 kostenlose Ausgabe zusenden.

inform now

Backes M, Kopf B, Rybalchenko A (2009) Automatic discovery and quantification of information leaks. In: Proceedings of the 30th IEEE symposium on security and privacy, SP ’09. IEEE Computer Society, Washington, DC, pp 141–153

Backes M, Doychev G, Köpf B (2013) Preventing side-channel leaks in web traffic: a formal approach. In: Proceedngs of 20th network and distributed systems security symposium (NDSS), Internet Society

Bernado-Mansilla E, Ho TK (2005) Domain of competence of XCS classifier system in complexity measurement space. IEEE Trans Evolut Comput 9(1):82–104CrossRef

Biggio B, Fumera G, Roli F (2010) Multiple classifier systems for robust classifier design in adversarial environments. Int J Mach Learn Cybern 1(1–4):27–41CrossRef

Blasco J, Hernandez-Castro JC, Tapiador JE, Ribagorda A (2012) Bypassing information leakage protection with trusted applications. Comput Secur 31(4):557–568CrossRef

Boehm O, Hardoon DR, Manevitz LM (2011) Classifying cognitive states of brain activity via one-class neural networks with feature selection by genetic algorithms. Int J Mach Learn Cybern 2(3):125–134CrossRef

Cai X, Zhang XC, Joshi B, Johnson R (2012) Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM conference on computer and communications security, CCS ’12. ACM, New York, pp 605–616

Chapman P, Evans D (2011) Automated black-box detection of side-channel vulnerabilities in web applications. In: Proceedings of the 18th ACM conference on computer and communications security, CCS ’11. ACM, New York, pp 263–274

Chen S, Wang R, Wang X, Zhang K (2010) Side-channel leaks in web applications: s reality today, a challenge tomorrow. In: Proceedings of the 2010 IEEE symposium on security and privacy, SP ’10. IEEE Computer Society, Washington, DC, pp 191–206

10.

Coull SE, Collins MP, Wright CV, Monrose F, Reiter MK, et al. (2007) On web browsing privacy in anonymized netflows. In: Proceedings of the 16th USENIX security symposium, pp 339–352

11.

Dierks T (2008) The transport layer security (TLS) protocol version 1.2

12.

Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. In: Proceedings of the 13th conference on USENIX security symposium, USENIX Association

13.

Dyer KP, Coull SE, Ristenpart T, Shrimpton T (2012) Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the 2012 IEEE symposium on security and privacy, SP ’12. IEEE Computer Society, Washington, DC, pp 332–346

14.

Ho TK, Basu M (2000) Measuring the complexity of classification problems. In: 15th international conference on pattern recognition, vol 2, pp 43–47

15.

Ho TK, Basu M (2002) Complexity measures of supervised classification problems. IEEE Trans Pattern Anal Mach Intell 24(3):289–300CrossRef

16.

Liberatore M, Levine BN (2006) Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06. ACM, New York, pp 255–263

17.

Lu L, Chang EC, Chan MC (2010) Website fingerprinting and identification using ordered feature sequences. In: Proceedings of the 15th European conference on research in computer security, ESORICS’10, pp 199–214

18.

Luengo J, Herrera F (2010) Domains of competence of fuzzy rule based classification systems with data complexity measures: a case of study using a fuzzy hybrid genetic based machine learning method. Fuzzy Sets Syst 161(1):3–19MathSciNetCrossRef

19.

Luengo J, Herrera F (2012) Shared domains of competence of approximate learning models using measures of separability of classes. Inf Sci 185(1):43–65MathSciNetCrossRef

20.

Luo X, Zhou P, Chan EWW, Lee W, Chang RKC, Perdisci R (2011) HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In: Network and distributed systems symposium (NDSS)

21.

Macià N, Bernadó-Mansilla E, Orriols-Puig A, Ho TK (2013) Learner excellence biased by data set selection: a case for data characterisation and artificial data sets. Pattern Recognit 46(3):1054–1066CrossRef

22.

Mather L, Oswald E (2012) Quantifying side-channel information leakage from web applications. IACR cryptology ePrint archive, p 269

23.

Nelson B, Barreno M, Chi FJ, Joseph AD, Rubinstein BI, Saini U, Sutton CA, Tygar JD, Xia K (2008) Exploiting machine learning to subvert your spam filter. LEET 8:1–9

24.

Panchenko A, Niessen L, Zinnen A, Engel T (2011) Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th annual ACM workshop on privacy in the Electronic Society, WPES ’11, pp 103–114

25.

Pironti A, Strub PY, Bhargavan K (2012) Identifying website users by tls traffic analysis: new attacks and effective countermeasures. Technical report RR-8067, INRIA

26.

Sáez JA, Luengo J, Herrera F (2013) Predicting noise filtering efficacy with data complexity measures for nearest neighbor classification. Pattern Recognit 46(1):355–364CrossRef

27.

Singh S (2003) Multiresolution estimates of classification complexity. IEEE Trans Pattern Anal Mach Intell 25:1534–1539CrossRef

28.

Song DX, Wagner D, Tian X (2001) Timing analysis of keystrokes and timing attacks on ssh. In: Proceedings of the 10th conference on USENIX security symposium, vol 10, SSYM’01, USENIX Association

29.

Standaert FX, Malkin T, Yung M (2009) A unified framework for the analysis of side-channel key recovery attacks. In: EUROCRYPT, lecture notes in computer science, vol 5479. Springer pp 443–461

30.

Sun D, Guo Y, Yin L, Hu C (2012) Comparison of measuring information leakage for fully probabilistic systems. Int J Innov Comput Inf Control 8(1A):255–267

31.

Sun Q, Simon DR, Wang YM, Russell W, Padmanabhan VN, Qiu L (2002) Statistical identification of encrypted web browsing traffic. In: Proceedings of the 2002 IEEE symposium on security and privacy, SP ’02. IEEE Computer Society, Washington, DC, pp 19–30

32.

Todo Y, Mitsui T (2014) A learning multiple-valued logic network using genetic algorithm. Int J Innov Comput Inf Control 10(2):565–574

33.

Tong DL, Mintram R (2010) Genetic algorithm-neural network (GANN): a study of neural network activation functions and depth of genetic algorithm search applied to feature selection. Int J Mach Learn Cybern 1(1–4):75–87CrossRef

34.

Wang T, Goldberg I (2013) Improved website fingerprinting on tor. In: Proceedings of the 12th ACM workshop on privacy in the Electronic Society, WPES ’13. ACM, pp 201–212

35.

Wright CV, Coull SE, Monrose F (2009) Traffic morphing: An efficient defense against statistical traffic analysis. In: Proceedings of the 16th network and distributed security symposium. IEEE, pp 237–250

36.

Yao L, Zi X, Pan L, Li J (2009) A study of on/off timing channel based on packet delay distribution. Comput Secur 28(8):785–794CrossRef

37.

Zhang K, Li Z, Wang R, Wang X, Chen S (2010) Sidebuster: Automated detection and quantification of side-channel leaks in web application development. In: Proceedings of the 17th ACM conference on computer and communications security, CCS ’10. ACM, pp 595–606

Title: Quantification of side-channel information leaks based on data complexity measures for web browsing
Authors: Zhi-Min He
Patrick P. K. Chan
Daniel S. Yeung
Witold Pedrycz
Wing W. Y. Ng
Publication date: 01-08-2015
Publisher: Springer Berlin Heidelberg
Published in: International Journal of Machine Learning and Cybernetics / Issue 4/2015
Print ISSN: 1868-8071
Electronic ISSN: 1868-808X
DOI: https://doi.org/10.1007/s13042-015-0348-3

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

ATZelectronics worldwide

ATZelektronik

Other articles of this Issue 4/2015

Analysis and optimization of an 8 bar mechanism

Observer-based control for switched networked control systems with missing data

Optimization of structure elements for morphological hit-or-miss transform for building extraction from VHR airborne imagery in natural hazard areas

New results of stability analysis for a class of neutral-type neural network with mixed time delays

An optimal control method for fuzzy supplier switching problem

A novel supervised learning algorithm for salt-and-pepper noise detection