Skip to main content
SpringerLink
Log in

Traffic-Based Automatic Detection of Browser Fingerprinting

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2019)

  • 1367 Accesses

Abstract

Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., Diaz, C.: The web never forgets: Persistent tracking mechanisms in the wild. In: Proceedings of the ACM SIGSAC Conference on Computer & Communications Security, pp. 674–689 (2014)

    Google Scholar 

  2. Acar, G., et al.: Fpdetective: dusting the web for fingerprinters. In: Proceedings of the ACM SIGSAC Conference on Computer & Communications Security, pp. 1129–1140 (2013)

    Google Scholar 

  3. Akkus, I.E., Chen, R., Hardt, M., Francis, P., Gehrke, J.: Non-tracking web analytics. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 687–698 (2012)

    Google Scholar 

  4. Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 605–616 (2012)

    Google Scholar 

  5. Cao, Y., Li, S., Wijmans, E.: (Cross-)Browser fingerprinting via OS and Hardware level features. In: Proceedings of the Annual Network and Distributed System Security Symposium (2017)

    Google Scholar 

  6. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: Proceedings of the International Conference on World Wide Web, pp. 281–290 (2010)

    Google Scholar 

  7. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1388–1401 (2016)

    Google Scholar 

  8. Fifield, D., Egelman, S.: Fingerprinting web users through font metrics. In: International Conference on Financial Cryptography and Data Security, pp. 107–124 (2015)

    Google Scholar 

  9. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 878–894 (2016)

    Google Scholar 

  10. Lerner, A., Simpson, A.K., Kohno, T., Roesner, F.: Internet jones and the raiders of the lost trackers: an archaeological study of web tracking from 1996 to 2016. In: Proceedings of the USENIX Security Symposium (2016)

    Google Scholar 

  11. Timothy, L.: Exposing the invisible web: an analysis of third-party http requests on 1 million websites. Int. J. Commun. 9(2015), 3544–3561 (2015)

    Google Scholar 

  12. Mayer, J.R., Mitchell, J.C.: Third-party web tracking: policy and technology. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 413–427 (2012)

    Google Scholar 

  13. Nikiforakis, N., Joosen, W., Livshits, B.: Privaricator: deceiving fingerprinters with little white lies. In: Proceedings of the International Conference on World Wide Web, pp. 820–830 (2015)

    Google Scholar 

  14. Nikiforakis, N., Kapravelos, A., Joosen, W., Kruegel, C., Piessens, F., Vigna, G.: Cookieless monster: exploring the ecosystem of web-based device fingerprinting. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 541–555 (2013)

    Google Scholar 

  15. Rader, E.: Awareness of behavioral tracking and information privacy concern in facebook and google. In: Proceedings of the Symposium on Usable Privacy and Security (2014)

    Google Scholar 

  16. Roesner, F., Kohno, T., Wetherall, D.: Detecting and defending against third-party tracking on the web. In: Proceedings of the USENIX Conference on Networked Systems Design and Implementation (2012)

    Google Scholar 

  17. Torres, C.F., Jonker, H., Mauw, S.: Fp-block: usable web privacy by controlling browser fingerprinting. In: Proceedings of the European Symposium on Research in Computer Security, pp. 3–19 (2015)

    Chapter  Google Scholar 

  18. Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: Fp-scanner: the privacy implications of browser fingerprint inconsistencies. In: Proceedings of the USENIX Security Symposium, pp. 135–150 (2018)

    Google Scholar 

  19. Vastel, A., Laperdrix, P., Rudametkin, W., Rouvoy, R.: Fp-stalker: tracking browser fingerprint evolutions. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 1–14 (2018)

    Google Scholar 

  20. Browser market share data from March 2018 to March 2019. http://gs.statcounter.com/browser-market-share

  21. Google Privacy & Terms. https://policies.google.com/privacy?hl=en#infocollect

  22. OpenStack. https://www.openstack.org/

  23. Princeton Web Census. https://webtransparency.cs.princeton.edu/webcensus/

Download references

Author information

Authors and Affiliations

  1. University of Nebraska Omaha, Omaha, USA

    Rui Zhao

  2. University of Colorado Colorado Springs, Colorado Springs, USA

    Edward Chow & Chunchun Li

Authors
  1. Rui Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Edward Chow
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chunchun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rui Zhao .

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Songqing Chen

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  3. Boston University, Lowell, MA, USA

    Xinwen Fu

  4. Virginia Tech, Blacksburg, VA, USA

    Wenjing Lou

  5. University of Central Florida, Orlando, FL, USA

    Aziz Mohaisen

Rights and permissions

Reprints and permissions

Copyright information

© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhao, R., Chow, E., Li, C. (2019). Traffic-Based Automatic Detection of Browser Fingerprinting. In: Chen, S., Choo, KK., Fu, X., Lou, W., Mohaisen, A. (eds) Security and Privacy in Communication Networks. SecureComm 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 304. Springer, Cham. https://doi.org/10.1007/978-3-030-37228-6_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-37228-6_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-37227-9

  • Online ISBN: 978-3-030-37228-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation