Fingerprinting websites using remote traffic analysis

Xun Gong, Negar Kiyavash, Nikita Borisov

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Recent work has shown that traffic analysis of data carried on encrypted tunnels can be used to recover important se-mantic information. As one example, attackers can find out which website, or which page on a website, a user is access-ing simply by monitoring the traffic patterns. We show that traffic analysis is a much greater threat to privacy than pre-viously thought, as such attacks can be carried out remotely. In particular, we show that, to perform traffic analysis, ad-versaries do not need to directly observe the traffic patterns. Instead, they can send probes from a far-off vantage point that exploit a queuing side channel in routers. We demonstrate the threat of such remote traffic anal-ysis by developing a remote website fingerprinting attack that works against home broadband users. Because the ob-servations obtained by probes are more noisy than direct observations, we had to take a new approach to detection that uses the full time series data contained in the observa-tion, rather than summary statistics used in previous work. We perform k-nearest neighbor classification using dynamic time warping (DTW) distance metric. We find that in our experiments, we are able to fingerprint a website with 80% accuracy in both testbed and target system. This shows that remote traffic analysis represents a real threat to privacy on the Internet.

Original languageEnglish (US)
Title of host publicationCCS'10 - Proceedings of the 17th ACM Conference on Computer and Communications Security
Number of pages3
StatePublished - 2010
Event17th ACM Conference on Computer and Communications Security, CCS'10 - Chicago, IL, United States
Duration: Oct 4 2010Oct 8 2010

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other17th ACM Conference on Computer and Communications Security, CCS'10
Country/TerritoryUnited States
CityChicago, IL


  • Security

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'Fingerprinting websites using remote traffic analysis'. Together they form a unique fingerprint.

Cite this