Website Fingerprinting Attack on Psiphon and Its Forensic Analysis

  • Tekachew Gobena Ejeta
  • Hyoung Joong KimEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10431)


Internet circumvention applications – such as Psiphon – are widely used to bypass control mechanisms, and each of such anti-censorship application uses a unique mechanism to bypass internet censorship. Although anti-censorship applications provide a unique means to ensure internet freedom, some applications severely degrade network performance and possibly open the door for network security breaches. Anti-censorship applications such as Psiphon can be used as cover for hacking attempts and can assist in many criminal activities. In this paper, we analyze the Psiphon service and perform a passive traffic analysis to detect Psiphon traffic. Moreover, we profile the top 100 websites based on their Alexa rankings according to five different categories under Psiphon and perform an effective website fingerprinting attack. Our analysis uses the well-known k-nearest neighbors for website fingerprinting and support vector machine classifier to detect Psiphon traffic.


Psiphon Fingerprinting attack Digital forensics Internet censorship 


  1. 1.
    Psiphon, Privacy Policy. Accessed 24 Apr 2017
  2. 2.
    Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial Naïve Bayes classifier. In: Proceedings of the 2009 ACM workshop on Cloud Computing Security, pp. 31–42 (2009)Google Scholar
  3. 3.
    Wang, T.: Website fingerprinting: attacks and defenses, Ph.D. Dissertation, University of Waterloo (2016)Google Scholar
  4. 4.
    Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 332–346 (2012)Google Scholar
  5. 5.
    Cai, X., Zhang, X., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 605–616 (2012)Google Scholar
  6. 6.
    Hayes, J., Danezis, G.: Website fingerprinting at scale (2016). arXiv:1509.00789v2
  7. 7.
    Rimmer, V.: Deep Learning Website Fingerprinting Features, MS thesis, KU Leuven (2017)Google Scholar
  8. 8.
    Panchenko, A., Niessen, L.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the Annual ACM Workshop on Privacy in the Electronic Society, pp. 103–114 (2011)Google Scholar
  9. 9.
    Al-Qura’n, R., Hadi, A., Atoum, J., Al-Zewairi, M.: Ultrasurf traffic classification: detection and prevention. Int. J. Commun. Netw. Syst. Sci. 8(8), 304–311 (2015)Google Scholar
  10. 10.
    Alexa Top 500 Global Sites. Accessed 8 Jun 2017
  11. 11.
    The #1 Browser Automation, Data Extraction, and Web Testing Tool, iMacros Software. Accessed 24 Mar 2017
  12. 12.
    Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the ACM conference on Computer and Communications Security, pp. 255–263 (2006)Google Scholar
  13. 13.
    Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the USENIX Security Symposium, pp. 143–157 (2014)Google Scholar
  14. 14.
    Train models to classify data using supervised machine learning - MATLAB. Accessed 14 Apr 2017

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Department of Cyber DefenseKorea UniversitySeoulSouth Korea
  2. 2.Graduate School of Information SecurityKorea UniversitySeoulSouth Korea

Personalised recommendations