Filters








881 Hits in 4.6 sec

An iterative technique to identify browser fingerprinting scripts [article]

Antonin Durey, Pierre Laperdrix, Walter Rudametkin, Romain Rouvoy
2021 arXiv   pre-print
This paper proposes a new browser fingerprinting detection technique. Based on an incremental process, it relies on both automatic and manual decisions to be both reliable and fast.  ...  Browser fingerprinting is a stateless identification technique based on browser properties.  ...  to identify browser fingerprinting scripts, we propose to adopt an incremental classification process.  ... 
arXiv:2103.00590v1 fatcat:ko5vecgwuvamtecqvw2p3pcvz4

Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors [article]

Umar Iqbal
2020 arXiv   pre-print
Browser fingerprinting is an invasive and opaque stateless tracking technique.  ...  We show that FP-Inspector performs well, allowing us to detect 26% more fingerprinting scripts than the state-of-the-art.  ...  ACKNOWLEDGEMENTS The authors would like to thank Charlie Wolfe (NSF REU Scholar) for his help with the breakage analysis.  ... 
arXiv:2008.04480v1 fatcat:7za4lootuzdplmza4bo5jxjhl4

Gummy Browsers: Targeted Browser Spoofing against State-of-the-Art Fingerprinting Techniques [article]

Zengrui Liu, Prakash Shrestha, Nitesh Saxena
2021 arXiv   pre-print
a wide variety of fingerprinting features to mimic many different browsers (including mobile browsers and the Tor browser).  ...  We design and implement the Gummy Browsers attack using three orchestration methods based on script injection, browser settings and debugging tools, and script modification, that can successfully spoof  ...  fingerprinting techniques to track the user, referred to as Gummy Browsers.  ... 
arXiv:2110.10129v1 fatcat:dwhqf64orjffxpdywdb7wuhusq

Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning

Valentino Rizzo, Stefano Traverso, Marco Mellia
2021 Proceedings on Privacy Enhancing Technologies  
With this we spot more than 840 fingerprinting services, of which 695 are unknown to popular tracker blockers.  ...  We compare approaches based on both static and dynamic code analysis to automatically detect fingerprinters and show they provide different angles complementing each other.  ...  The second focuses on techniques to identify web fingerprinting. The third proposes countermeasures to mitigate it.  ... 
doi:10.2478/popets-2021-0004 fatcat:mk5egzkvlbcfbit45aqkklscum

FPDetective

Gunes Acar, Marc Juarez, Nick Nikiforakis, Claudia Diaz, Seda Gürses, Frank Piessens, Bart Preneel
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Finally, based on our findings, we discuss the current understanding of fingerprinting and how it is related to Personally Identifiable Information, showing that there needs to be a change in the way users  ...  However, recent studies show that the browser can also be used to invisibly fingerprint the user: a practice that may have serious privacy and security implications.  ...  id=197597,197598. of the dataset collected by FPDetective: it is used to identify likely fingerprinting candidates in an automated fashion.  ... 
doi:10.1145/2508859.2516674 dblp:conf/ccs/AcarJNDGPP13 fatcat:ymc6muryyrfhff46gyfxldkuhq

Actions speak louder than words: Semi-supervised learning for browser fingerprinting detection [article]

Sarah Bird, Vikas Mishra, Steven Englehardt, Rob Willoughby, David Zeber, Walter Rudametkin, Martin Lopatka
2020 arXiv   pre-print
Through an analysis of these candidate scripts we discovered fingerprinting scripts that were missed by heuristics and for which there are no heuristics.  ...  In particular, we identified over one hundred device-class fingerprinting scripts present on hundreds of domains.  ...  Fingerprinting is typically used to generate an identifier that is distinctive enough to identify a browser across visits to different websites.  ... 
arXiv:2003.04463v1 fatcat:qcwxcfsqlbbdrkbtr23bdpcqfy

XSS-FP: Browser Fingerprinting using HTML Parser Quirks [article]

Erwan Abgrall, Martin Monperrus, Mario Heiderich, Alain Ribault
2012 arXiv   pre-print
This paper presents and evaluates a novel fingerprinting technique to determine the exact nature (browser type and version, eg Firefox 15) of a web-browser, exploiting HTML parser quirks exercised through  ...  There are many scenarios in which inferring the type of a client browser is desirable, for instance to fight against session stealing. This is known as browser fingerprinting.  ...  The main advantage of this technique is that it only needs coarse traffic summaries to identify the browser family.  ... 
arXiv:1211.4812v1 fatcat:vp5a4yqxtzf75nscjohobhvrfu

Device Fingerprinting: Analysis of Chosen Fingerprinting Methods

Anna Kobusińska, Jerzy Brzeziński, Kamil Pawulczuk
2017 Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security  
Device fingerprinting is a modern technique of using available information to distinguish devices.  ...  Fingerprinting can be used as a replacement for storing user identifiers in cookies or local storage.  ...  Therefore, it could be treated as an identifier in the same way as cookie identifiers.  ... 
doi:10.5220/0006375701670177 dblp:conf/iotbd/KobusinskaBP17 fatcat:hmgcpp5l2jc2lk2wtq4r6yax54

FP-Radar: Longitudinal Measurement and Early Detection of Browser Fingerprinting [article]

Pouneh Nikkhah Bahrami, Umar Iqbal, Zubair Shafiq
2021 arXiv   pre-print
Browser fingerprinting is a stateless tracking technique that attempts to combine information exposed by multiple different web APIs to create a unique identifier for tracking users across the web.  ...  fingerprinting techniques.  ...  To 2 We unpack eval’ed scripts with an instrumented browser [43].  ... 
arXiv:2112.01662v2 fatcat:gaaium5lpzboblh3eh2smnlxqq

How to Train Your Browser

Dimitris Mitropoulos, Konstantinos Stroggylos, Diomidis Spinellis, Angelos D. Keromytis
2016 ACM Transactions on Privacy and Security  
Contextual fingerprints are identifiers that represent specific elements of a script and its execution context.  ...  This layer is designed to detect every script that reaches the browser, from every possible route, and compare it to a list of valid scripts for the site or page being accessed; scripts not on the list  ...  During this phase, every benign script is mapped to an identifier that we call a "script fingerprint" (Algorithm 1, line 2, variable f).  ... 
doi:10.1145/2939374 fatcat:cf7pd4hlbrezrmrwdxnlnm2oaa

A Survey on Web Tracking: Mechanisms, Implications, and Defenses

Tomasz Bujlow, Valentin Carela-Espanol, Beom-Ryeol Lee, Pere Barlet-Ros
2017 Proceedings of the IEEE  
instance fingerprinting using canvas [27] 2014 Web SQL DB and HTML5 IndexedDB [28] Headers attached to outgoing HTTP requests [29] 2016 ?  ...  Finally, we present the future trends in user tracking and show that they can potentially pose significant threats to the users' privacy. 4 HTTP sessions 1994 HTTP cookies [13] 2000 Embedding identifiers  ...  Using this technique, an attacker could test 10 000 to 30 000 links for presence in the browser history [54] , [55] .  ... 
doi:10.1109/jproc.2016.2637878 fatcat:vpykj2neezgebjhh5imvulenpq

Long-Term Observation on Browser Fingerprinting: Users' Trackability and Perspective

Gaston Pugliese, Christian Riess, Freya Gassmann, Zinaida Benenson
2020 Proceedings on Privacy Enhancing Technologies  
AbstractBrowser fingerprinting as a tracking technique to recognize users based on their browsers' unique features or behavior has been known for more than a decade.  ...  Further, we conducted two user surveys to determine the representativeness of our user sample based on users' demographics and technical background, and to learn how users perceive browser fingerprinting  ...  at least once, a fingerprint or an identifier does not have to be unique-by-entity.  ... 
doi:10.2478/popets-2020-0041 fatcat:cvs44jl4sfbevb6hwyvdkq2xru

On JavaScript Malware and related threats

Martin Johns
2007 Journal in Computer Virology  
Such attacks can either invade the user's privacy, explore and exploit the LAN, or use the victimized browser as an attack proxy.  ...  The term JavaScript Malware describes attacks that abuse the web browser's capabilities to execute malicious script-code within the victim's local execution context.  ...  Fingerprinting of intranet hosts After determining available hosts and their open ports, a malicious script can try to use fingerprinting techniques to get more information about the offered services.  ... 
doi:10.1007/s11416-007-0076-7 fatcat:24teelap3rfh7fz52altjaymca

Web-based Attacks to Discover and Control Local IoT Devices

Gunes Acar, Danny Yuxing Huang, Frank Li, Arvind Narayanan, Nick Feamster
2018 Proceedings of the 2018 Workshop on IoT Security and Privacy - IoT S&P '18  
We propose potential countermeasures to our attacks that users, browsers, DNS providers, and IoT vendors can implement.  ...  ., unique device identifiers and precise geolocation), track and profile the owners to serve ads, or control the devices by playing arbitrary videos and rebooting.  ...  As the browser throttles requests on a per-thread basis, this technique allows the script to send more requests in parallel [22] .  ... 
doi:10.1145/3229565.3229568 dblp:conf/sigcomm/AcarHLNF18 fatcat:jars4muqv5chzpaolbsaxtgcky

Rozzle: De-cloaking Internet Malware

Clemens Kolbitsch, Benjamin Livshits, Benjamin Zorn, Christian Seifert
2012 2012 IEEE Symposium on Security and Privacy  
We observe that, using fingerprinting techniques that capture and exploit unique properties of browser configurations, almost all existing malware can be made virtually impossible for malware scanners  ...  Web-based malware tends to be environment-specific, targeting a particular browser, often attacking specific versions of installed plugins.  ...  Fingerprinting: Browser fingerprinting is a technique in which a variety of environment variables are evaluated to assess the capabilities of the browser.  ... 
doi:10.1109/sp.2012.48 dblp:conf/sp/KolbitschLZS12 fatcat:w7ciecc6jjfhzhsfjyilyw2jq4
« Previous Showing results 1 — 15 out of 881 results