International Conference on Advance Technology and Management
Node Classification in Website Fingerprinting using Graph
Neural Networks
Suaz Hanif Malgundkar Rahul Babar Kage
Dept. of Computer Engineering Dept. of Computer Engineering
Pillai College of Engineering Pillai College of Engineering
Navi Mumbai, India Navi Mumbai, India
msuaz20ce@student.mes.ac.in rkage20comp@student.mes.ac.in
Adheesh Sreedharan
Dept. of Computer Engineering
Pillai College of Engineering
Navi Mumbai, India
achakrambil20comp@student.mes.ac.in
ABSTRACT
Website fingerprinting aims to identify the specific webpages
in encrypted traffic by observing patterns of traffic traces. The
existing system mainly focuses on website homepage
fingerprinting and it is more difficult to identify different
webpages within the same website because the traffic traces are
very similar. In our project, we propose Graph Attention
Pooling Network for fine-grained WF(GAP-WF). We will
construct the trace graph according to the flow sequence in
webpage loading and use a GNN based model to better learn
the features of nodes(intra-flow) and structures(inter-flow).
There may be different flows having different effects on
classification. For this, we will utilize Graph Attention
Network to pay attention to the more useful nodes. The
algorithms that will be used are Support Vector Machine(SVM)
and Random Forest with the contribution using K-Nearest
Neighbor(KNN). Also, we use four datasets comprising of
WEB100, APPLE60, CDC30, PAGE100 to evaluate the
performance of GAP-WF.
Keywords
Keywords— Fingerprinting, Pooling Network, Support
Vector Machine, Random Forest, KNN
INTRODUCTION
This report offers a thorough examination of node classification
in website fingerprinting, focusing on the challenges posed by
the widespread adoption of SSL/TLS encryption. Such
encryption complicates the identification of visited websites,
prompting the use of techniques like SSL/TLS website
fingerprinting, which relies on encrypted traffic analysis.
Various methodologies, including machine learning
frameworks like TensorFlow and Keras, alongside graph
theory libraries such as NetworkX, are employed in these
systems. However, ethical concerns, privacy issues, and
algorithmic biases present notable challenges. The project aims
to implement the Graph Attention Pooling Network (GAP-WF)
for SSL/TLS website fingerprinting, evaluating its efficacy in
accurately classifying encrypted traffic and assessing its
potential superiority over existing techniques. Additionally, the
scalability and practicality of deploying GAP-WF in real-world
Priyanshu Chilkoti
Dept. of Computer Engineering
Pillai College of Engineering
Navi Mumbai, India
pchil20comp@student.mes.ac.in
Prof. K.S Suresh Babu
Dept. of Computer Engineering
Pillai College of Engineering
Navi Mumbai, India
sureshbabu@mes.ac.in
scenarios will be investigated. GAP-WF's applicability extends
to scenarios involving encrypted or anonymized traffic, making
it potentially valuable for surveillance, security monitoring,
and research purposes. However, challenges such as
computational demands and accuracy limitations must be
addressed. The broader implications of website fingerprinting
using GAP-WF underscore the importance of considering both
its benefits and risks in any deployment.
1. LITERATURE SURVEY
1.1 Literature Review
In the feature extraction stage, the system extracts relevant
features from the encrypted traffic using a pre-trained deep
learning model. In the classification stage, the system uses a
feed-forward neural network to classify the extracted features
and identify the visited website.
1.2 Deep Learning Approach
Xue, “Fingerprinting HTTPS Websites: “A Deep Learning
Approach"(2021).
This paper provides an idea about deep learning-based
approach for HTTPS website fingerprinting. The system uses
a convolutional neural network (CNN) to extract features
from the encrypted traffic and classify the traffic into different
websites
1.3 Transfer Learning Approach
Garg, "Improving Website Fingerprinting Attacks through
Transfer Learning"(2021).
This survey paper involves training a model on a source
domain with a large amount of labeled data and transferring
the learned knowledge to a target domain with limited labeled
data. The authors propose a novel transfer learning algorithm
called TL-WF, which fine-tunes a pre-trained convolutional
neural network (CNN) on a small set of labeled data from the
target domain.
 International Conference on Advance Technology and Management
1.4 Data Augmentation
Data augmentation is the addition of new data artificially
derived from existing training data. Techniques include
resizing, flipping, rotating, cropping, padding, etc. It helps to
address issues like overfitting and data scarcity, and it makes
the model robust with better performance.
1.5 Few Shot technique
Yongjun Wang, " “Few-Shot Website Fingerprinting Attack
with Data Augmentation, 2021.
This paper fingerprinting attack method that uses data
augmentation techniques to improve the performance of the
attack. The method leverages a few labeled samples of a target
website and a large amount of unlabeled traffic data to
construct a fingerprint of the target website. The authors
showed that their method outperforms existing few-shot
website fingerprinting attack methods in terms of accuracy.
1.6 Homology Analysis
Maohua Guo, “Website Fingerprinting Attacks Based on
Homology Analysis”,2021.
The survey paper of two phases: training and testing. In the
training phase, the attacker collects a set of website traces and
extracts their corresponding features. The features are then
clustered using homology analysis to generate a set of
representative templates. In the testing phase, the attacker
captures the traffic of the target user and extracts the features
of each packet. The attacker then compares the extracted
features with the representative templates to identify the
visited web pages. It does not rely on the assumption that the
attacker has prior knowledge of the website's content. It has a
high accuracy rate, which means that it is effective in
identifying the websites visited by a user.
2. WEBSITE FINGERPRINTING
SYSTEM
2.1 Website Fingerprinting Techniques
The objective of the project is to create a software
implementation of the Graph Attention Pooling Network
(GAPWF) for SSL/TLS website fingerprinting and evaluate the
effectiveness of GAP-WF in accurately classifying SSL/TLS
encrypted traffic and identifying the websites being visited.
Moreover, investigate the potential for improved performance
compared to existing SSL/TLS fingerprinting techniques.
2.1.1 Improved Feature Extraction
The proposed system can employ more advanced feature
extraction techniques such as convolutional neural networks
(CNNs) and recurrent neural networks (RNNs) to extract more
discriminative and informative features from network traffic
data.
2.1.2 Ensemble Learning
The proposed system can use ensemble learning techniques to
combine multiple classifiers to improve the accuracy and
robustness of the classification model.
2.1.3 Online Learning
The proposed system can implement an online learning
framework that continuously updates the model parameters
with new data, improving the system's efficiency and
adaptability to dynamic network traffic patterns.
2.1.4 Multi-Task Learning
The proposed system can utilize multi-task learning to jointly
learn website fingerprinting and other related tasks, such as
traffic classification or intrusion detection, to leverage the
shared information and improve the overall performance of the
system.
2.2 Existing System Architecture
2.2.1 Dataset size and diversity
The performance of the model is highly dependent on the
dataset and diversity of the dataset used to train it. A larger and
more diverse dataset is likely to lead to better performance.
2.2.2 Graph structure
The structure of the graph used to represent the network traffic
can have a significant impact on the performance of the model.
Different graph structures can capture different aspects of the
network traffic, so it's important to choose an appropriate
structure.
2.2.3 Attention mechanism
The attention mechanism used in the GAPN can affect the
performance of the model. Different attention mechanisms can
focus on different parts of the input data and capture different
patterns.
2.2.4 Network architecture
The architecture of the network can also impact the
performance of the model. Different architectures can capture
different levels of abstraction and complexity in the data.
2.2.5 Adversarial attacks
Website fingerprinting using GAPN is vulnerable to
adversarial attacks, where an attacker tries to disguise their
network traffic to avoid detection. Robustness against such
attacks is an important factor to consider when evaluating the
effectiveness of the model. Avoid combining SI and CGS units,
such as current in amperes and magnetic field in oersteds. This
often leads to confusion because equations do not balance
dimensionally. If you must use mixed units, clearly state the
units for each quantity that you use in an equation.
 International Conference on Advance Technology and Management
2.3 Proposed System Architecture
Depending on the domain and data characteristics, different
types of combinations might produce dissimilar outputs. The
following list describes several hybridization techniques that
come into consideration to merge CF and CBF recommenders
2.3.1 Data Collection
Collection of a dataset of SSL/TLS encrypted website traffic
traces from various websites.
2.3.2 Preprocessing
Preprocess the dataset by filtering out irrelevant traffic and
splitting the remaining traffic into packets.
2.3.3 Graph Construction
Construct a graph representation of the SSL/TLS encrypted
website traffic using the packets as nodes and their
relationships as edges.
2.3.4 Feature Extraction
Extract features from the SSL/TLS encrypted website traffic
graph using techniques such as subgraph enumeration and edge
distance distribution.
2.3.5 Graph Attention Pooling Network
Train a Graph Attention Pooling Network (GAP-Net) using the
SSL/TLS encrypted website traffic graph and the extracted
features to perform fine-grained SSL/TLS website
fingerprinting.
2.3.6 Evaluation
Evaluate the performance of the trained GAP-Net using metrics
such as accuracy, precision, recall, and F1-score.
2.3.7 Deployment
Deploy the trained GAP-Net for SSL/TLS website
fingerprinting on a system.
2.4 Implementation Techniques
We collected a dataset of SSL/TLS traffic by monitoring the
network traffic of various websites using a passive network
sniffer. Then preprocessed the dataset by filtering out non-
HTTPS traffic and splitting it into training and testing sets.
Next, we extracted features from the SSL/TLS packets using
byte frequency distribution (BFD) which is a histogram of the
frequency of each byte value in the packet payload, Byte
sequence distribution (BSD) which is a histogram of the
frequency of each byte sequence of length k in the packet
payload and Statistical moments that is a set of statistical
moments of the packet payload, such as mean, variance etc.
2.4.1 Graph Construction
The authors constructed a graph representation of the SSL/TLS
traffic by considering each packet as a node in the graph and
adding edges between nodes based on their inter-arrival time
and packet direction. The resulting graph is a directed acyclic
graph (DAG) that captures the temporal ordering of the
SSL/TLS packets.
2.4.2 Graph Attention Pooling
To learn a representation of the graph, the authors used a graph
attention pooling (GAP) network. The GAP network consists
of multiple graph attention layers that learn to assign
importance scores to the nodes and edges of the graph based on
their features and relations. The outputs of the final attention
layer are then pooled to produce a fixed-size representation of
the graph.
2.4.3 Classification
The authors trained a classifier on the graph representations
produced by the GAP network to predict the website being
visited based on the SSL/TLS traffic. They experimented with
several classifiers, including logistic regression, random forest,
and support vector machines (SVMs), and evaluated their
performance using various metrics such as accuracy, precision,
recall, and F1 score.
2.4.4 Evaluation
The authors evaluated the performance of their approach on
several benchmark datasets and compared it with existing
SSL/TLS fingerprinting techniques. They also conducted
ablation studies to analyze the contribution of each component
of their approach and identified areas for future research.
2.4.5 Results and Analysis
The results of the experiments were analyzed to determine the
effectiveness of the GAP-WF network in accurately classifying
SSL/TLS traffic and identifying the websites being visited. The
analysis also identified any potential limitations or areas for
improvement in the network architecture.
2.4.6 Scalability Analysis
The scalability of the network was analyzed by measuring the
computational efficiency and resource usage of the network on
larger datasets of SSL/TLS traffic. This involved identifying
any potential bottlenecks or limitations that may affect the
practical use of the network in real-world applications.
2.5 Use Case
2.5.1 Online Fraud Detection
Websites can detect fraudulent user behavior using browser
fingerprinting technology. When a website detects fraudulent
user activity, it adds extra authentication steps to the login
process to prevent unauthorized access and theft of legitimate
users’ accounts. For instance, browser fingerprinting is used to
authenticate users when they login to an online banking system.
Wachovia, a financial services company, created unique
fingerprinting for their customers’ devices to verify their
identity with a unique identifier and block malicious users.
2.5.2 Tailored content recommendations
It’s possible to delete cookie history and block them on your
web browsers. Web browsers such as Google, Firefox, Safari,
and Microsoft Edge enable users to disable cookies in their web
browsers. Unlike cookies, it is hard to block browser
fingerprints. That’s why browser fingerprinting is a more
effective technique for advertising to track users’ behaviors and
activities across the web.
Websites use fingerprinting to track and analyze visitors’
activities and behaviors to create personalized experiences
based on visitors’ behaviors and activities. For example, when
you request a website to display its content, the website can
reveal your geo-location by tracking your IP fingerprinting.
 International Conference on Advance Technology and Management
This enables eCommerce sites to recommend locally relevant
content and nearby stores to their online visitors. Websites can
access user’s current location, the type of device the user uses,
such as a desktop, tablet, or mobile phone, Traffic source, users
can reach your website through different ways such as direct,
social media, referral, and paid traffic using browser fingerprint
technology.
2.6 Result and Discussion
2.6.1 Standard datasets used
We collected the following major data sets used across several
sections:
2.6.1.1 Non-Tor data set
We used Firefox 38.0 to visit web pages. Most privacy
technologies (such as VPNs and proxies) do not attempt to
defend the packet sequence, so results on this data set would be
similar to results on most privacy technologies. We collected
100 instances of Alexa’s top 100 pages as the set of monitored
pages, and 9000 instances of Alexa’s top 10000 pages (1
instance of each page, and discarding failed pages) as the set of
non-monitored pages. We collected this data in July 2023.
2.6.1.2 Tor data set
We collected our data on Tor Browser 4.5a4 with Tor 0.2.7.0-
alpha. As above, we collected the same number of monitored
and non-monitored pages. Tor is especially interesting to us
because it has applied defenses against website fingerprinting
and continues to improve its defenses. We collected the data in
June 2023. In our previous work we collected a data set of
sensitive pages banned by several ISPs in various countries. We
do not do so in this thesis because we have found that these
sites are taken down frequently, which makes it harder to
reproduce our results. Thus, we will only use Alexa’s top sites.
We also collected several other data sets for use in specific
sections, and we will describe these data sets in detail in the
relevant sections..
2.6.2 Evaluation parameters
To tackle the open-world scenario, we designed Wa-kNN
[WCN+14] (2014). Wa-kNN uses the k-Nearest Neighbours
(k-NN) classifier, a simple supervised machine learning
algorithm. k-NN starts with a set of training points Strain = {P1,
P2, . . .}, each point being a packet sequence. Let the class of
Pi be c(Pi). Given a testing point Ptest ∈ Stest, the classifier
computes the distance d(Ptest, Ptrain) for each Ptrain ∈ Strain.
The algorithm then classifies Ptest based on the classes of the
k closest training points to Ptest. k-NN uses a distance metric d
to describe how similar two packet sequences are. We want the
distance to be accurate on simple encrypted data without extra
padding, but also accurate if the client applies defenses that
remove features from our available feature set (for example,
Tor removes unique packet lengths). We therefore start with a
large feature set F = {f1, f2, . . .}.
Each feature is a function f which takes in a packet sequence P
and computes f(P), a nonnegative number. Conceptually, we
select each feature such that packet sequences from the same
page are more likely to have similar features than packet
sequences from different pages.
FULL FEATURE SET OF WA-KNN
Number of
Description
features
4 P|, |P+|, |P−|, T|P|
A list M, such that Mi = 1 if ∃ i ∈
P` and Mi = 0 otherwise. M is
similar to PU , the unique packet
3001 length feature. Given that the MTU
is 1500, we have |Mi| = 3001 for all
lengths between −1500 and 1500.
500
Difference in position between the
first 500 outgoing packets
Position of the first 500 outgoing
500
packets
100 The length of first 100 bursts.
10 The direction of first 10 packets.
2.6.3 Performance evaluation
In order to evaluate the proposed system, we used it on various
popular websites like Google, Youtube, etc. The first step is
data collection. This step involves collecting the fingerprints or
the data of the particular website visited by several users. We
use a script capture.sh to capture the traffic on the particular
website in order to use it to identify third party websites trying
to gain access. The captured traffic is then saved into a file and
the proposed system creates another file depicting the addresses
of unknown traffic or third party websites trying to access the
website, thus compromising the user’s safety.
The accuracy of the proposed technique was better in
comparison to the existing system. We split the data into
training and test data. The classifier KNN is used to train the
model. The predict.py script is used to load the classifier and
identifies which web page the unknown traffic originated from.
It is worth noting that using the classifier, the proposed system
obtained an accuracy of 95% which was higher than the
existing system.
2.7 Conclusion and Future scope
2.7.1 Conclusion
Website fingerprinting exposes the difference between security
and privacy. We never attempt to break the encryption of the
client’s communication channel, but the client’s page access is
compromised nonetheless. Since different clients’
communication are largely similar (especially on Tor Browser)
when accessing the same page, we have gained significant
knowledge of their browsing activities. Website fingerprinting
is conceptually analogous to a dictionary attack against an
encryption scheme with a small set of possible plaintexts.
Without randomly padding the plaintexts (analogous to website
fingerprinting defenses), even an otherwise correctly
implemented encryption scheme can be broken by
precomputing ciphertexts (analogous to the attacker’s training
set).
Wa-kNN achieves the best for both worlds, it has a very low
training and testing time, but it is also nearly as accurate as Wa-
OSAD in the closed world. It trumps all other attacks in the
open world, as it has tunable parameters that trade off the TPR
 International Conference on Advance Technology and Management
for the FPR and vice-versa effectively, allowing us to tackle the
base rate fallacy. We have seen that our new WLLCC algorithm
for Wa-kNN has lifted the competitiveness of the simple and
fast k-NN classifier to that of SVMs for website fingerprinting.
The algorithm may be useful for k-NN classification in general,
and it can also be used in clustering.
2.7.2 Future scope
We include significant new work in this thesis beyond the
scope of our published papers on the above attacks. We
implement 12 website fingerprinting attacks with standardized
input and output to allow comparative experiments at a greater
scale than previously seen work. We show new results on
training and testing time. Our systematization of attacks by
comparing their use of distances and features allows the
possible development of hybrid attacks that combine
approaches from different attacks.
We developed our attacks and performed our experiments with
a strong focus on Tor, because it is one of the easiest and most
popular tools for clients to achieve the level of privacy required
to render website fingerprinting relevant: an encrypted channel
across proxies. Tor is actively developing defenses against
website fingerprinting attacks, because if website
fingerprinting were perfectly successful, it would reduce the
privacy of Tor to simply that of an encrypted channel.
Any entry node on Tor may perform website fingerprinting to
discover its clients’ behaviour. Nevertheless, website
fingerprinting attacks have limitations. Some of these
limitations are inherent to the problem statement, and
overcoming them may be truly difficult. We categorize these
limitations, which may make for interesting future work:
2.7.2.1 Identifying very rare pages.
The low base rate of a very rare page may cause the number of
false positives to overwhelm the number of true positives, and
the base rate fallacy is much harder to overcome. Our
experiments suggest that we can achieve high precision down
to a base rate of around 0.01% (1 in 10,000), but rare pages
would require more advanced techniques, and there is no limit
to how rare a web page might be.
2.7.2.2 Identifying activity.
It may be possible to identify whether a client is web browsing,
chatting, listening to music, watching a video, and so on. All of
these activities can be done through a regular browser, and can
therefore be done on Tor. Currently, we do not tackle any
activity except web browsing. Identifying them would give the
attacker more information to work with.
2.7.2.3 Identifying web sites
There is some previous work on identifying web sites
[CZJJ12]. However, past results are generally limited to
identifying only one or two specific web sites. It is not clear if
techniques used for identifying these specific web sites can be
extended to identifying hundreds of web sites at
once.identifying only one or two specific web sites. It is not
clear if techniques used for identifying these specific web sites
can be extended to identifying hundreds of web sites at once.
2.7.2.4 Understanding the underlying web page.
Web pages are essentially request-response pairs, and some
responses trigger further requests. Currently, we collect web
pages only as packet sequences, ignoring the intermediate
request-response structure. If we were able to simulate packet
sequences accurately from the request-response structure, with
the network conditions as input, we could significantly improve
website fingerprinting. Data collection would be much faster,
as we would not have to wait for Tor’s latency to load web
pages. We would also be able to build better classifiers that
ignore random noise such as advertisements.
The astute reader may have noted that we collect data sets in
this chapter in a simplistic manner. We start the browser, visit
a web page, record the packet sequence, and exit the browser.
Realistic clients can visit several web pages, sequentially or at
once, and can generate noise by engaging in other activities
(e.g. listening to streaming music in the background).
3. ACKNOWLEDGMENTS
We would like to express our special thanks to Prof. K.S Suresh
Babu, our major project guide who guided us through the
project and who helped us in applying the knowledge that we
have acquired during the semester and learning new concepts.
We would like to express our special thanks to Prof. Sharvari
Govilkar the H.O.D of our Computer Engineering department
who gave us the opportunity to do this major project because
of which we learned new concepts and their application.
We are also thankful to our mini project coordinator along with
other faculties for their encouragement and support.
Finally we would like to express our specials thanks of
gratitude to Principal Dr. Sandeep Joshi who gave us the
opportunity and facilities to conduct this major project.
4. REFERENCES
[1] Freier, “GAP-WF: Graph Attention Pooling network for
fine-grained SSL/TLS website fingerprinting,” IEEE
Conference Publication, IEEE Xplore, pp20- 24, July
2021.
[2] Xue, “Fingerprinting HTTPS Websites: “A Deep
Learning Approach"(2021).
[3] Garg, "Improving Website Fingerprinting Attacks
through Transfer Learning"(2021).
[4] Maohua Guo, “Website Fingerprinting Attacks Based on
Homology Analysis”,2021
[5] M. Shen, Y. Liu, L. Zhu, X. Du and J. Hu, "Fine-Grained
Webpage Fingerprinting Using Only Packet Length
Information of Encrypted Traffic," in IEEE Transactions
on Information Forensics and Security, vol. 16, pp. 2046-
2059, 2021.
[6] S. Bhat, D. Lu, A. Kwon, and S. Devadas, “VAR-CNN:
A Data-Efficient Website Fingerprinting attack based on
Deep learning,” Proceedings on Privacy Enhancing
Technologies, pp. 292–310, July 2019.
[7] X. He, J. Wang, Y. He and Y. Shi, "A Deep Learning
Approach for Website Fingerprinting Attack," 2018
IEEE 4th International Conference on Computer and
Communications (ICCC), pp. 1419-1423, July 2018M.
Young, The Technical Writer’s Handbook. Mill Valley,
CA: University Science, 1989