Browser user tracking based on cross-domain resource access
SONG Yubo1,2, WU Tianqi1,2, HU Aiqun2,3, GAO Shang4
1. Jiangsu Key Laboratory of Computer Networking Technology, School of Cyber Science and Engineering, Southeast University, Nanjing 211189, China; 2. Purple Mountain Laboratories, Nanjing 211189, China; 3. National Mobile Communications Research Laboratory, School of Information Science and Engineering, Southeast University, Nanjing 211189, China; 4. Computing Department, Hong Kong Polytheistic University, Hong Kong 999077, China
Abstract:In recent years, click fraud has caused huge economic losses to advertisers. Many advertisers have then used "user profiles" to identify users to eliminate click fraud. However, attackers can easily construct unique virtual operating environments to confuse the identification algorithms. This paper introduces a localization scheme to detect click fraud sources based on cross-domain resource access. This scheme extracts features from a ping response delay series to fingerprint users. Tests show that the delay features collected by this method are stable with a fingerprint localization accuracy of up to 98%.
宋宇波, 吴天琦, 胡爱群, 高尚. 基于跨域资源访问的浏览器用户追踪[J]. 清华大学学报(自然科学版), 2021, 61(11): 1254-1259.
SONG Yubo, WU Tianqi, HU Aiqun, GAO Shang. Browser user tracking based on cross-domain resource access. Journal of Tsinghua University(Science and Technology), 2021, 61(11): 1254-1259.
[1] ZHANG X, LIU X J, GUO H. A click fraud detection scheme based on cost sensitive BPNN and ABC in mobile advertising[C]//2018 IEEE 4th International Conference on Computer and Communications (ICCC). Chengdu, China:IEEE, 2018. [2] GUO Y, SHI J Z, CAO Z G, et al. Machine learning based cloudbot detection using multi-layer traffic statistics[C]//2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). Zhangjiajie, China:IEEE, 2019. [3] LAPERDRIX P, AVOINE G, BAUDRY B, et al. Morellian analysis for browsers:Making web authentication stronger with canvas fingerprinting[C]//Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Gothenburg:Springer, 2019:43-66. [4] ACAR G, EUBANK C, ENGLEHARDT S, et al. The web never forgets:Persistent tracking mechanisms in the wild[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. Arizona, Scottsdale, USA:Association for Computing Machinery, 2014:674-689. [5] QUEIROZ J S, FEITOSA E L. A web browser fingerprinting method based on the Web audio API[J]. The Computer Journal, 2019, 62(8):1106-1120. [6] ENGLEHARDT S, NARAYANAN A. Online tracking:A 1-million-site measurement and analysis[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna, Austria:Association for Computing Machinery, 2016:1388-1401. [7] ABOUOLLO A, ALMUHAMMADI S. Detecting malicious user accounts using canvas fingerprint[C]//2017 8th International Conference on Information and Communication Systems. Irbid, Jordan:IEEE, 2017. [8] ALSWITI W, ALQATAWNA J, AL-SHBOUL B, et al. Users profiling using clickstream data analysis and classification[C]//2016 Cybersecurity and Cyberforensics Conference (CCC). Amman, Jordan:IEEE, 2016:96-99. [9] LI X Y, CUI X, SHI L M, et al. Constructing browser fingerprint tracking chain based on LSTM model[C]//2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). Guangzhou, China:IEEE, 2018:213-218. [10] CAO Y Z, LI S, WIJMANS E. (Cross-)browser fingerprinting via OS and hardware level features[C]//Network and Distributed System Security Symposium. San Diego, USA, 2017. [11] CHEN J J, JIANG J, DUAN H X, et al. We still don't have secure cross-domain requests:An empirical study of CORS[C]//27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD:USENIX Association, 2018:1079-1093. [12] MIRSKY Y, KALBO N, ELOVICI Y, et al. Vesper:Using echo analysis to detect man-in-the-middle attacks in LANs[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(6):1638-1653. [13] ABDOU A M, MATRAWY A, VAN OORSCHOT P C. Location verification on the internet:Towards enforcing location-aware access policies over internet clients[C]//2014 IEEE Conference on Communications and Network Security. San Francisco, USA:IEEE, 2014:175-183.