publication . Preprint . 2016

Semantic Identification Attacks on Web Browsing

Guha, Neel;
Open Access English
  • Published: 28 Oct 2016
Abstract
We introduce a Semantic Identification Attack, in which an adversary uses semantic signals about the pages visited in one browsing session to identify other browsing sessions launched by the same user. This attack allows an adver- sary to determine if two browsing sessions originate from the same user regardless of any measures taken by the user to disguise their browser or network. We use the MSNBC Anonymous Browsing data set, which contains a large set of user visits (labeled by category) to implement such an attack and show that even very coarse semantic information is enough to identify users. We discuss potential counter- measures users can take to defend a...
Subjects
free text keywords: Computer Science - Cryptography and Security
Related Organizations
Download from
20 references, page 1 of 2

[1] https://panopticlick.eff.org/.

[2] https://amiunique.org/.

[3] https://archive.ics.uci.edu/ml/datasets/MSNBC. com+Anonymous+Web+Data.

[4] http: //scikit-learn.org/stable/modules/generated/ sklearn.neural_network.MLPClassifier.html# sklearn.neural_network.MLPClassifier.

[5] R. Agrawal and R. Srikant. Privacy-preserving data mining. ACM Sigmod Record, 29(2):439{450, 2000.

[6] C. Dwork. Di erential Privacy: A Survey of Results, pages 1{19. Springer Berlin Heidelberg, Berlin, Heidelberg, 2008. [OpenAIRE]

[7] P. Eckersley. How Unique Is Your Web Browser?, pages 1{18. Springer Berlin Heidelberg, Berlin, Heidelberg, 2010.

[8] S. Goel, J. M. Hofman, and M. I. Sirer. Who does what on the web: A large-scale study of browsing behavior. 2012.

[9] M. Gotz, A. Machanavajjhala, G. Wang, X. Xiao, and J. Gehrke. Publishing search logs- a comparative study of privacy guarantees. IEEE Transactions on Knowledge and Data Engineering, 24(3):520{532, March 2012.

[10] S. Hansell. Aol removes search data on vast group of web users. August 2008.

[11] R. Jones, R. Kumar, B. Pang, and A. Tomkins. "i know what you did last summer": Query logs and user privacy. In Proceedings of the Sixteenth ACM Conference on Conference on Information and Knowledge Management, CIKM '07, pages 909{914, New York, NY, USA, 2007. ACM.

[12] R. Kumar, J. Novak, B. Pang, and A. Tomkins. On anonymizing query logs via token-based hashing. In Proceedings of the 16th International Conference on World Wide Web, WWW '07, pages 629{638, New York, NY, USA, 2007. ACM.

[13] J. R. Mayer and J. C. Mitchell. Third-party web tracking: Policy and technology. In 2012 IEEE Symposium on Security and Privacy, pages 413{427. IEEE, 2012.

[14] K. Mowery, D. Bogenreif, S. Yilek, and H. Shacham. Fingerprinting information in javascript implementations. Proceedings of W2SP, 2:180{193, 2011.

[15] K. Mowery and H. Shacham. Pixel perfect: Fingerprinting canvas in HTML5. In M. Fredrikson, editor, Proceedings of W2SP 2012. IEEE Computer Society, May 2012.

20 references, page 1 of 2
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue