It's Not Just the Site, It's the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts

The website fingerprinting (or inter-domain WSF), enhanced by various machine learning techniques, has shown its power to identify websites a user has visited. To our best knowledge, a finer-grained problem of web page fingerprinting (or intra-domain WPF) has not been systematically studied by our research community. The WPF attackers, such as government agencies who enforce Internet censorship, are keen to identify the particular web pages (e.g., a political dissident's social media page) the target user has visited. In this work, we investigate the intra-domain WPF against social media websites. Our study involves the realistic on-path passive attack scenario. We reveal that delivering large-size data such as images and videos via Content Delivery Networks (CDNs), which is a common practice among social media websites, makes intradomain WPF highly feasible. The occurring network traffic while the browser is rendering a social media page exhibits temporal and volumetric patterns that are sufficiently recognizable by machine learning algorithms. We characterize such patterns as CDN bursts, and use features extracted from them to empower classification algorithms to achieve a high classification accuracy (96%) and a low false positive rate (0.02%). To alleviate the threat of intra-domain WPF, we also propose and evaluate countermeasures such as deviating the packet interval time and inserting dummy requests.