网络与信息安全学报 ›› 2022, Vol. 8 ›› Issue (4): 144-156.doi: 10.11959/j.issn.2096-109x.2022049

• 学术论文 • 上一篇    下一篇

基于动态浏览器指纹的链接检测技术研究

高凡, 王健, 刘吉强   

  1. 北京交通大学智能交通数据安全与隐私保护技术北京市重点实验室,北京 100044
  • 修回日期:2022-03-04 出版日期:2022-08-15 发布日期:2022-08-01
  • 作者简介:高凡(1996− ),女,山东烟台人,北京交通大学硕士生,主要研究方向为网络安全及浏览器检测
    王健(1975− ),男,山东烟台人,博士,北京交通大学副教授、博士生导师,主要研究方向为密码应用及区块链、网络安全
    刘吉强(1973− ),男,山东烟台人,博士,北京交通大学教授、博士生导师,主要研究方向为可信计算、隐私保护、云计算安全
  • 基金资助:
    国家重点研发计划(2020YFB2103800)

Research on link detection technology based on dynamic browser fingerprint

Fan GAO, Jian WANG, Jiqiang LIU   

  1. Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing 100044, Chin
  • Revised:2022-03-04 Online:2022-08-15 Published:2022-08-01
  • Supported by:
    The National Key R&D Program of China(2020YFB2103800)

摘要:

随着用户隐私泄露和网络欺诈问题的出现,传统检测机制已经不能阻挡愈演愈烈的攻击行为,需要新的技术手段辅助进行 Web 安全检测。作为沟通用户与网络数据的桥梁,浏览器广泛应用于用户与各种应用程序之间的交互,其中浏览器指纹包含用户浏览器及设备等多种特征信息,其独特性可以极大地提高用户识别的准确率。但是浏览器指纹随时间不断发生变动,基于静态指纹的研究方案难以满足动态指纹检测的要求。针对这一问题,为了提高动态浏览器指纹的识别和链接检测能力,从多维角度获取参数并进行筛选,得到细粒度和高区分度的特征进行指纹检测,防止过多不必要参数带来的运算代价,并将双向门控循环单元(BiGRU,bidirectional gating recurrent unit)引入指纹检测工作中,提出了基于堆叠BiGRU的动态浏览器指纹链接检测模型,解决了指纹检测过程中忽略前后向信息交互导致的检测精度不高的问题,在准确率和链接时长等指标上有了一定的提升。进而针对不同特征参数的重要性不同,赋予相同权重会造成检测误差的问题,结合注意力机制聚焦稳定性更强的指纹特征,提出了基于Att-BiGRU的动态浏览器指纹链接检测模型,较堆叠BiGRU 有了检测能力上的优化,进一步提高了浏览器指纹的检测准确率,并在与基准模型的综合指标对比结果中表现出了良好的链接能力。

关键词: 浏览器指纹, 动态链接, 攻击检测, 注意力机制, Web安全

Abstract:

With the emergence of user privacy leakage and online fraud, traditional detection mechanisms can no longer stop the intensified attacks and new methods are needed to assist in web security detection.As a bridge between users and network data, browsers are widely used in the interaction between users and various applications.The browser fingerprint contains various characteristic information of the user’s browser and device, and its uniqueness can greatly improve the accuracy of user identification.However, browser fingerprints may change over time, and solutions based on static fingerprints cannot meet the requirements of dynamic fingerprints detection.Motivated by this challenge, it’s necessary to improve the recognition and link detection capabilities of dynamic browser fingerprints.Besides, parameters from multi-dimensional perspective need to be obtained and screened to get fine-grained and high-discrimination features for model detecting, preventing the calculation cost caused by too many unnecessary parameters.Bidirectional Gating Recurrent Unit (BiGRU) was introduced into the fingerprint detection, and a stacked BiGRU detection model based on dynamic browser fingerprints was proposed.It solved the problem of low detection accuracy caused by ignoring the interaction of forward and backward information in the process of fingerprints detection, and it also had a certain improvement in indicators such as accuracy and linking time.Furthermore, in view of the different importance of different feature parameters, the same weight given to parameters will result in detection error.Combined with the attention mechanism to focus more stable fingerprint features, an Att-BiGRU fingerprint detection model based on dynamic browser fingerprints was proposed.It optimized the detection ability compared to BiGRU, further improved the detection accuracy of browser fingerprinting, and showed good linking ability on the comprehensive index under the benchmark model.

Key words: browser fingerprint, dynamic linking, attack detection, attention mechanism, Web security

中图分类号: 

No Suggested Reading articles found!