Analysis of encrypted traffic using various machine learning techniques could threaten user privacy in web browsing. The website fingerprinting (or inter-domain WSF) has been shown to identify websites a user has visited. To our best knowledge, a finer-grained problem of web page fingerprinting (or intra-domain WPF) has not been systematically studied by our research community. The WPF attackers, such as government agencies who enforce Internet censorship, are keen to identify the particular web pages (e.g., a political dissident’s social media page) the target user has visited, rather than mere web domain information. In this work, we investigate the intra-domain WPF against social media websites. Our study involves the realistic on-path passive attack scenario. We reveal that delivering large-size data such as images and videos via Content Delivery Networks (CDNs), which is a common practice among social media websites, makes intra-domain WPF highly feasible. The occurring network traffic while the browser is rendering a social media page exhibits temporal patterns—which may be due to the critical rendering path and packet segmentation—and they are sufficiently recognizable by machine learning algorithms. We characterize such patterns as CDN bursts, and use features extracted from them to empower classification algorithms to achieve a high classification accuracy (96%) and a low false positive rate (0.02%). To alleviate the threat of intra-domain WPF, we also propose and evaluate countermeasures such as deviating the packet interval time and inserting dummy requests.

The Web Conference is announcing latest news and developments biweekly or on a monthly basis. We respect The General Data Protection Regulation 2016/679.