TY - GEN
T1 - Domain Name Encryption Does Not Ensure Privacy
T2 - 22nd International Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA 2025
AU - Mazzuz, Neriya
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.
PY - 2025/1/1
Y1 - 2025/1/1
N2 - In recent years, awareness of information security and the importance of protecting user privacy has grown significantly among Internet users. As a result, substantial effort is being invested to developing and deploying new protocols aimed at enhancing privacy and preventing the leakage of sensitive personal data. One of the most sensitive pieces of information at risk is the domain name, whose exposure can reveal a user's browsing history and habits. To address this privacy concern, various technologies have been introduced, including DNS over TLS, DNS over HTTPS, DNS over QUIC, Encrypted Client Hello, and Protected QUIC Initial Packets. However, despite these advancements, studies have demonstrated that these mechanisms do not provide a fully comprehensive solution, as attackers can still infer users' browsing activity under certain conditions. This is due to the fact that web pages are highly dynamic, with their content frequently changing. In this research, we propose an adaptive website fingerprinting attack based on a Siamese network model. We evaluate the effectiveness of the attack on both TLS and QUIC protocols and show that it can accurately infer domain names associated IP addresses using only a few traffic samples. Moreover, we demonstrate that the model maintains strong performance over time, enabling near real-time classification even several months after model training. The success of the attack and model's robustness over time highlight the ongoing privacy risks faced by users, as our attack provides adversaries with a novel tool to uncover users' browsing history and identify visited domain names.
AB - In recent years, awareness of information security and the importance of protecting user privacy has grown significantly among Internet users. As a result, substantial effort is being invested to developing and deploying new protocols aimed at enhancing privacy and preventing the leakage of sensitive personal data. One of the most sensitive pieces of information at risk is the domain name, whose exposure can reveal a user's browsing history and habits. To address this privacy concern, various technologies have been introduced, including DNS over TLS, DNS over HTTPS, DNS over QUIC, Encrypted Client Hello, and Protected QUIC Initial Packets. However, despite these advancements, studies have demonstrated that these mechanisms do not provide a fully comprehensive solution, as attackers can still infer users' browsing activity under certain conditions. This is due to the fact that web pages are highly dynamic, with their content frequently changing. In this research, we propose an adaptive website fingerprinting attack based on a Siamese network model. We evaluate the effectiveness of the attack on both TLS and QUIC protocols and show that it can accurately infer domain names associated IP addresses using only a few traffic samples. Moreover, we demonstrate that the model maintains strong performance over time, enabling near real-time classification even several months after model training. The success of the attack and model's robustness over time highlight the ongoing privacy risks faced by users, as our attack provides adversaries with a novel tool to uncover users' browsing history and identify visited domain names.
KW - Encryption
KW - Machine learning
KW - Website fingerprinting
UR - https://www.scopus.com/pages/publications/105019297395
U2 - 10.1007/978-3-031-97620-9_2
DO - 10.1007/978-3-031-97620-9_2
M3 - Conference contribution
AN - SCOPUS:105019297395
SN - 9783031976193
T3 - Lecture Notes in Computer Science
SP - 26
EP - 45
BT - Detection of Intrusions and Malware, and Vulnerability Assessment - 22nd International Conference, DIMVA 2025, Proceedings
A2 - Egele, Manuel
A2 - Gruss, Daniel
A2 - Moonsamy, Veelasha
A2 - Carminati, Michele
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 9 July 2025 through 11 July 2025
ER -