Proceedings of International Conference on Applied Innovation in IT
2025/07/26, Volume 13, Issue 3, pp.183-190

Privacy-Driven Webpage Fingerprinting Using Encrypted Traffic Packet Lengths


Sahlah Abd Ali and Ielaf Osamah Abdulmajeed


Abstract: Despite using encryption protocols such as HTTPS, web page fingerprinting poses significant privacy risks, even when traffic analysis is used to identify specific web pages visited by users. Adversaries can exploit packet-level characteristics like packet length to gather information about user behaviour and preferences without decrypting traffic. This paper uses encrypted traffic packet lengths to distinguish webpages based on privacy-driven fingerprinting – FineWP class webpages based on packet length sequences in a bidirectional client-server interaction. Our results demonstrate that FineWP outperforms traditional and deep learning-based methods regarding runtime and accuracy. Based on our experimental results, FineWP demonstrates robust and privacy-protected fingerprinting capabilities for fine-grained webpage identification, effectively managing large-scale datasets consisting of numerous webpages and substantial background traffic. We propose an innovative webpage fingerprinting method that exclusively utilizes encrypted packet length information, achieving an impressive accuracy of 94.3% while rigorously preserving user privacy. Additionally, our lightweight and efficient technique exhibits strong resistance against sophisticated traffic analysis attacks, significantly outperforming existing deep learning-based fingerprinting approaches by approximately 11.2% in terms of accuracy, computational efficiency, and resilience under realistic network conditions. These findings highlight the potential of FineWP for secure, scalable, and practical webpage fingerprinting applications.

Keywords: Web Page, Fingerprinting, Encrypted Traffic, Privacy Risks, FineWP.

DOI: Under Indexing

Download: PDF

References:

  1. M. Shen, Y. Liu, S. Chen, L. Zhu, and Y. Zhang, "Webpage Fingerprinting using Only Packet Length Information," in Proc. IEEE International Conference on Communications (ICC), Shanghai, China, May 2019, pp. 1-6, doi: 10.1109/ICC.2019.8761167.
  2. G. Ansari, P. Rani, and V. Kumar, "A novel technique of mixed gas identification based on the group method of data handling (GMDH) on time-dependent MOX gas sensor data," in Proc. International Conference on Recent Trends in Computing (ICRTC), 2022, pp. 641-654.
  3. D. Lazar, H. Chen, X. Wang, and N. Zeldovich, "Why does cryptographic software fail?: a case study and open problems," in Proc. 5th Asia-Pacific Workshop on Systems, Beijing, China, Jun. 2014, pp. 1-7, doi: 10.1145/2637166.2637237.
  4. A. Yip, X. Wang, N. Zeldovich, and M. F. Kaashoek, "Improving application security with data flow assertions," in Proc. ACM SIGOPS 22nd Symposium on Operating Systems Principles, Big Sky, MT, USA, Oct. 2009, pp. 291-304, doi: 10.1145/1629575.1629604.
  5. T. B. Lee, "NSA-Proof Encryption Exists. Why Doesn’t Anyone Use It?," Washington Post, p. 14, 2013.
  6. D. Mayers, "Unconditional security in quantum cryptography," Journal of the ACM, vol. 48, no. 3, pp. 351-406, May 2001, doi: 10.1145/382780.382781.
  7. A. Singh et al., "Blockchain-Based Lightweight Authentication Protocol for Next-Generation Trustworthy Internet of Vehicles Communication," IEEE Transactions on Consumer Electronics, vol. 70, no. 2, pp. 4898-4907, May 2024, doi: 10.1109/TCE.2024.3351221.
  8. N. P. Smart and F. Vercauteren, "Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes," in Public Key Cryptography – PKC 2010, P. Q. Nguyen and D. Pointcheval, Eds., Lecture Notes in Computer Science, vol. 6056, Berlin, Germany: Springer, 2010, pp. 420-443, doi: 10.1007/978-3-642-13013-7_25.
  9. C. Gentry, A. Sahai, and B. Waters, "Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based," in Advances in Cryptology – CRYPTO 2013, R. Canetti and J. A. Garay, Eds., Lecture Notes in Computer Science, vol. 8042, Berlin, Germany: Springer, 2013, pp. 75-92, doi: 10.1007/978-3-642-40041-4_5.
  10. M. Naehrig, K. Lauter, and V. Vaikuntanathan, "Can homomorphic encryption be practical?," in Proc. ACM Workshop on Cloud Computing Security, Chicago, IL, USA, Oct. 2011, pp. 113-124, doi: 10.1145/2046660.2046682.
  11. L. Sweeney, "Weaving Technology and Policy Together to Maintain Confidentiality," Journal of Law, Medicine & Ethics, vol. 25, no. 2-3, pp. 98-110, 1997, doi: 10.1111/j.1748-720X.1997.tb01885.x.
  12. A. Panchenko et al., "Website Fingerprinting at Internet Scale," in Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2016, doi: 10.14722/ndss.2016.23477.
  13. P. Rani, K. Ur Rehman, S. P. Yadav, and L. Hussein, "Deep Learning and AI in Behavioral Analysis for Revolutionizing Mental Healthcare," in Demystifying the Role of Natural Language Processing (NLP) in Mental Health, A. Mishra et al., Eds., IGI Global, 2025, pp. 263-282, doi: 10.4018/979-8-3693-4203-9.ch014.
  14. A. Panchenko, L. Niessen, A. Zinnen, and T. Engel, "Website fingerprinting in onion routing based anonymization networks," in Proc. ACM Workshop on Privacy in the Electronic Society, Chicago, IL, USA, Oct. 2011, pp. 103-114, doi: 10.1145/2046556.2046570.
  15. M. S. Rahman, N. Matthews, and M. Wright, "Poster: Video Fingerprinting in Tor," in Proc. ACM SIGSAC Conference on Computer and Communications Security, London, UK, Nov. 2019, pp. 2629-2631, doi: 10.1145/3319535.3363273.
  16. J. Lu et al., "GAP-WF: Graph Attention Pooling Network for Fine-grained SSL/TLS Website Fingerprinting," in Proc. International Joint Conference on Neural Networks (IJCNN), Shenzhen, China, Jul. 2021, pp. 1-8, doi: 10.1109/IJCNN52387.2021.9533543.
  17. M. Shen et al., "Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive Survey," IEEE Communications Surveys & Tutorials, vol. 25, no. 1, pp. 791-824, 2023, doi: 10.1109/COMST.2022.3208196.
  18. P. Rani and R. Sharma, "IMFOCA-IOV: Intelligent Moth Flame Optimization based Clustering Algorithm for Internet of Vehicle," in Proc. 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), 2023, pp. 1-6.
  19. P. Rani, P. N. Singh, S. Verma, N. Ali, P. K. Shukla, and M. Alhassan, "An implementation of modified blowfish technique with honey bee behavior optimization for load balancing in cloud system environment," Wireless Communications and Mobile Computing, vol. 2022, pp. 1-14, 2022.
  20. V. Rimmer, D. Preuveneers, M. Juarez, T. V. Goethem, and W. Joosen, "Automated Website Fingerprinting through Deep Learning," in Proc. Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA, 2018, doi: 10.14722/ndss.2018.23105.
  21. L. Swarup, "Encrypted Traffic Analysis for Malware Detection Using Deep Learning," in Proc. IEEE International Conference on ICT in Business Industry & Government (ICTBIG), Indore, India, Dec. 2023, pp. 1-7, doi: 10.1109/ICTBIG59752.2023.10456001.
  22. X. Tan et al., "Inter-Flow Spatio-Temporal Correlation Analysis Based Website Fingerprinting Using Graph Neural Network," IEEE Transactions on Information Forensics and Security, vol. 19, pp. 7619-7632, 2024, doi: 10.1109/TIFS.2024.3441935.
  23. I.-S. Jung et al., "Enhanced Encrypted Traffic Analysis Leveraging Graph Neural Networks and Optimized Feature Dimensionality Reduction," Symmetry, vol. 16, no. 6, p. 733, Jun. 2024, doi: 10.3390/sym16060733.
  24. H. Kong et al., "A Novel Method with Transformers for Fine-grained Encrypted Traffic Classification," in Proc. IEEE International Conference on High Performance Computing & Communications, Data Science & Systems, Smart City & Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys), Melbourne, Australia, Dec. 2023, pp. 74-81, doi: 10.1109/HPCC-DSS-SmartCity-DependSys60770.2023.00020.
  25. N. K. Agrawal et al., "TFL-IHOA: Three-Layer Federated Learning-Based Intelligent Hybrid Optimization Algorithm for Internet of Vehicle," IEEE Transactions on Consumer Electronics, vol. 70, no. 3, pp. 5818-5828, Aug. 2024, doi: 10.1109/TCE.2023.3344129.
  26. M. Shen, Y. Liu, L. Zhu, X. Du, and J. Hu, "Fine-Grained Webpage Fingerprinting Using Only Packet Length Information of Encrypted Traffic," IEEE Transactions on Information Forensics and Security, vol. 16, pp. 2046-2059, 2021, doi: 10.1109/TIFS.2020.3046876.
  27. P. Rani, U. C. Garjola, and H. Abbas, "A Predictive IoT and Cloud Framework for Smart Healthcare Monitoring Using Integrated Deep Learning Model," NJF Intelligent Engineering Journal, vol. 1, no. 1, pp. 53-65, 2024.
  28. D. Wagner and B. Schneier, "Analysis of the SSL 3.0 protocol," in Proc. 2nd USENIX Workshop on Electronic Commerce, 1996, pp. 29-40, [Online]. Available: https://www.usenix.org/publications/library/proceedings/ec96/full_papers/wagner/wagner.pdf
  29. H. Cheng and R. Avnur, "Traffic analysis of SSL encrypted web browsing," Project Paper, University of California, Berkeley, 1998, [Online]. Available: https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=1a987c4fe65fa347a863dece665955ee7e01791b
  30. A. Hintz, "Fingerprinting Websites Using Traffic Analysis," in Privacy Enhancing Technologies, R. Dingledine and P. Syverson, Eds., Lecture Notes in Computer Science, vol. 2482, Berlin, Germany: Springer, 2003, pp. 171-178, doi: 10.1007/3-540-36467-6_13.
  31. Q. Sun, D. R. Simon, Y.-M. Wang, W. Russell, V. N. Padmanabhan, and L. Qiu, "Statistical identification of encrypted web browsing traffic," in Proc. IEEE Symposium on Security and Privacy, 2002, pp. 19-30, [Online]. Available: https://ieeexplore.ieee.org/abstract/document/1004359/


    HOME

       - Conference
       - Journal
       - Paper Submission to Journal
       - Paper Submission to Conference
       - For Authors
       - For Reviewers
       - Important Dates
       - Conference Committee
       - Editorial Board
       - Reviewers
       - Last Proceedings


    PROCEEDINGS

       - Volume 13, Issue 3 (ICAIIT 2025)
       - Volume 13, Issue 2 (ICAIIT 2025)
       - Volume 13, Issue 1 (ICAIIT 2025)
       - Volume 12, Issue 2 (ICAIIT 2024)
       - Volume 12, Issue 1 (ICAIIT 2024)
       - Volume 11, Issue 2 (ICAIIT 2023)
       - Volume 11, Issue 1 (ICAIIT 2023)
       - Volume 10, Issue 1 (ICAIIT 2022)
       - Volume 9, Issue 1 (ICAIIT 2021)
       - Volume 8, Issue 1 (ICAIIT 2020)
       - Volume 7, Issue 1 (ICAIIT 2019)
       - Volume 7, Issue 2 (ICAIIT 2019)
       - Volume 6, Issue 1 (ICAIIT 2018)
       - Volume 5, Issue 1 (ICAIIT 2017)
       - Volume 4, Issue 1 (ICAIIT 2016)
       - Volume 3, Issue 1 (ICAIIT 2015)
       - Volume 2, Issue 1 (ICAIIT 2014)
       - Volume 1, Issue 1 (ICAIIT 2013)


    PAST CONFERENCES

       ICAIIT 2025
         - Photos
         - Reports

       ICAIIT 2024
         - Photos
         - Reports

       ICAIIT 2023
         - Photos
         - Reports

       ICAIIT 2021
         - Photos
         - Reports

       ICAIIT 2020
         - Photos
         - Reports

       ICAIIT 2019
         - Photos
         - Reports

       ICAIIT 2018
         - Photos
         - Reports

    ETHICS IN PUBLICATIONS

    ACCOMODATION

    CONTACT US

 

        

         Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0


                                                   This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License


           ISSN 2199-8876
           Publisher: Edition Hochschule Anhalt
           Location: Anhalt University of Applied Sciences
           Email: leiterin.hsb@hs-anhalt.de
           Phone: +49 (0) 3496 67 5611
           Address: Building 01 - Red Building, Top floor, Room 425, Bernburger Str. 55, D-06366 Köthen, Germany

        site traffic counter

Creative Commons License
Except where otherwise noted, all works and proceedings on this site is licensed under Creative Commons Attribution-ShareAlike 4.0 International License.