Exploring Website Fingerprinting with Machine Learning: A Talk by Our Students, Josh Honig and Nathan Ferrell
Josh Honig and Nathan Ferrell presented a talk "Website Fingerprinting: Predicting User Behavior Based on Encrypted Metadata Using Machine Learning" at Blue Team Con on September 8, 2024.
At Blue Team Con on September 8, 2024, Josh Honig and Nathan Ferrell gave a talk titled "Website Fingerprinting: Predicting User Behavior Based on Encrypted Metadata Using Machine Learning." In this presentation, the researchers, part of an ongoing project at Loyola University Chicago led by Dr. Chan-Tin, explored how machine learning can identify user web browsing behavior based solely on encrypted network traffic metadata.
By developing a Python tool to visit websites and collect network traffic data, the team extracted the size and direction of encrypted HTTPS packets. Using this data, they trained a Random Forest classifier, successfully predicting the websites visited based purely on metadata—without decrypting the actual data. This raises significant concerns about privacy, as entities like Internet Service Providers and corporate network managers could easily leverage such techniques to track browsing behavior.
The research highlights the risks posed by website fingerprinting and the ease with which this threat model can be established, emphasizing the need for stronger privacy measures in encrypted network communications.
Read more about this work at: https://blueteamcon.com/directory/predicting-user-behavior-based-on-encrypted-metadata-using-machine-learning/