Browser user tracking based on cross-domain resource access

SONG Yubo; WU Tianqi; HU Aiqun; GAO Shang

doi:10.16511/j.cnki.qhdxxb.2021.25.003

PDF(2713 KB)

Journal of Tsinghua University(Science and Technology) ›› 2021, Vol. 61 ›› Issue (11) : 1254-1259. DOI: 10.16511/j.cnki.qhdxxb.2021.25.003

VULNERABILITY ANALUSIS AND RISK ASSESSMENT

Browser user tracking based on cross-domain resource access

{{article.zuoZhe_EN}}

Author information +

History +

Abstract

In recent years, click fraud has caused huge economic losses to advertisers. Many advertisers have then used "user profiles" to identify users to eliminate click fraud. However, attackers can easily construct unique virtual operating environments to confuse the identification algorithms. This paper introduces a localization scheme to detect click fraud sources based on cross-domain resource access. This scheme extracts features from a ping response delay series to fingerprint users. Tests show that the delay features collected by this method are stable with a fingerprint localization accuracy of up to 98%.

Key words

click fraud / multilocalization pings / user identification / attacker localization

Cite this article

EndNote

Ris (Procite)

Bibtex

Download Citations

SONG Yubo, WU Tianqi, HU Aiqun, GAO Shang. Browser user tracking based on cross-domain resource access[J]. Journal of Tsinghua University(Science and Technology). 2021, 61(11): 1254-1259 https://doi.org/10.16511/j.cnki.qhdxxb.2021.25.003

References

[1] ZHANG X, LIU X J, GUO H. A click fraud detection scheme based on cost sensitive BPNN and ABC in mobile advertising[C]//2018 IEEE 4th International Conference on Computer and Communications (ICCC). Chengdu, China:IEEE, 2018.
[2] GUO Y, SHI J Z, CAO Z G, et al. Machine learning based cloudbot detection using multi-layer traffic statistics[C]//2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). Zhangjiajie, China:IEEE, 2019.
[3] LAPERDRIX P, AVOINE G, BAUDRY B, et al. Morellian analysis for browsers:Making web authentication stronger with canvas fingerprinting[C]//Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Gothenburg:Springer, 2019:43-66.
[4] ACAR G, EUBANK C, ENGLEHARDT S, et al. The web never forgets:Persistent tracking mechanisms in the wild[C]//Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. Arizona, Scottsdale, USA:Association for Computing Machinery, 2014:674-689.
[5] QUEIROZ J S, FEITOSA E L. A web browser fingerprinting method based on the Web audio API[J]. The Computer Journal, 2019, 62(8):1106-1120.
[6] ENGLEHARDT S, NARAYANAN A. Online tracking:A 1-million-site measurement and analysis[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. Vienna, Austria:Association for Computing Machinery, 2016:1388-1401.
[7] ABOUOLLO A, ALMUHAMMADI S. Detecting malicious user accounts using canvas fingerprint[C]//2017 8th International Conference on Information and Communication Systems. Irbid, Jordan:IEEE, 2017.
[8] ALSWITI W, ALQATAWNA J, AL-SHBOUL B, et al. Users profiling using clickstream data analysis and classification[C]//2016 Cybersecurity and Cyberforensics Conference (CCC). Amman, Jordan:IEEE, 2016:96-99.
[9] LI X Y, CUI X, SHI L M, et al. Constructing browser fingerprint tracking chain based on LSTM model[C]//2018 IEEE Third International Conference on Data Science in Cyberspace (DSC). Guangzhou, China:IEEE, 2018:213-218.
[10] CAO Y Z, LI S, WIJMANS E. (Cross-)browser fingerprinting via OS and hardware level features[C]//Network and Distributed System Security Symposium. San Diego, USA, 2017.
[11] CHEN J J, JIANG J, DUAN H X, et al. We still don't have secure cross-domain requests:An empirical study of CORS[C]//27th USENIX Security Symposium (USENIX Security 18). Baltimore, MD:USENIX Association, 2018:1079-1093.
[12] MIRSKY Y, KALBO N, ELOVICI Y, et al. Vesper:Using echo analysis to detect man-in-the-middle attacks in LANs[J]. IEEE Transactions on Information Forensics and Security, 2019, 14(6):1638-1653.
[13] ABDOU A M, MATRAWY A, VAN OORSCHOT P C. Location verification on the internet:Towards enforcing location-aware access policies over internet clients[C]//2014 IEEE Conference on Communications and Network Security. San Francisco, USA:IEEE, 2014:175-183.