Robust website fingerprinting through resource loading sequence

A website fingerprinting (WF) attack is a type of traffic analysis technique that extracts the unique fingerprint of the traffic visiting a website, demonstrating that the current privacy protection mechanism provided by https is still fragile. Whereas prior WF attack methods that extract fingerprints using the Web traffic generated by the first TCP flow can easily be compromised by frequent website updates, we observe that it is still possible to identify a website accurately by fingerprinting the resource loading sequence generated by multiple TCP flows. We record the multiple TCP flows during a website visit and analyse their traffic structure. We find that despite the updates to the website, the TCP establishment is usually kept unchanged, and the TCP sequence can be used to fingerprint a website. Hence, we use multiple TCP flows for website fingerprinting attacks and demonstrate their high accuracy in recognizing a website even under https protection. We collect data from 20 websites within a time span of six months and show that the accuracy and robustness are significantly higher than those of state-of-the-art WF solutions.