Leaked-Web: Accurate and Efficient Machine Learning-Based Website Fingerprinting Attack through Hardware Performance Counters

by   Han Wang, et al.

Users' website browsing history contains sensitive information, like health conditions, political interests, financial situations, etc. Some recent studies have demonstrated the possibility of inferring website fingerprints based on important usage information such as traffic, cache usage, memory usage, CPU activity, power consumption, and hardware performance counters information. However, existing website fingerprinting attacks demand a high sampling rate which causes high performance overheads and large network traffic, and/or they require launching an additional malicious website by the user, which is not guaranteed. As a result, such drawbacks make the existing attacks more noticeable to users and corresponding fingerprinting detection mechanisms. In response, in this work, we propose Leaked-Web, a novel accurate and efficient machine learning-based website fingerprinting attack through processor's Hardware Performance Counters (HPCs). Leaked-Web efficiently collects hardware performance counters in users' computer systems at a significantly low granularity monitoring rate and sends the samples to the remote attack's server for further classification. Leaked-Web examines the web browsers' microarchitectural features using various advanced machine learning algorithms ranging from classical, boosting, deep learning, and time-series models. Our experimental results indicate that Leaked-Web based on a LogitBoost ML classifier using only the top 4 HPC features achieves 91 accuracy outperforming the state-of-the-art attacks by nearly 5 our proposed attack obtains a negligible performance overhead (only <1 around 12 attacks.


page 1

page 5


Robust Website Fingerprinting Through the Cache Occupancy Channel

Website fingerprinting attacks, which use statistical analysis on networ...

Let Your Camera See for You: A Novel Two-Factor Authentication Method against Real-Time Phishing Attacks

Today, two-factor authentication (2FA) is a widely implemented mechanism...

PhishMatch: A Layered Approach for Effective Detection of Phishing URLs

Phishing attacks continue to be a significant threat on the Internet. Pr...

Exploring the Dark Side of AI: Advanced Phishing Attack Design and Deployment Using ChatGPT

This paper explores the possibility of using ChatGPT to develop advanced...

Efficient and Low Overhead Website Fingerprinting Attacks and Defenses based on TCP/IP Traffic

Website fingerprinting attack is an extensively studied technique used i...

Snoopy: A Webpage Fingerprinting Framework with Finite Query Model for Mass-Surveillance

Internet users are vulnerable to privacy attacks despite the use of encr...

DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses

Website fingerprinting (WF) attacks, usually conducted with the help of ...

Please sign up or login with your details

Forgot password? Click here to reset