Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Unveiling the Potential: Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption (2405.09902v1)

Published 16 May 2024 in cs.CV, cs.AI, and cs.CR

Abstract: Encryption on the internet with the shift to HTTPS has been an important step to improve the privacy of internet users. However, there is an increasing body of work about extracting information from encrypted internet traffic without having to decrypt it. Such attacks bypass security guarantees assumed to be given by HTTPS and thus need to be understood. Prior works showed that the variable bitrates of video streams are sufficient to identify which video someone is watching. These works generally have to make trade-offs in aspects such as accuracy, scalability, robustness, etc. These trade-offs complicate the practical use of these attacks. To that end, we propose a deep metric learning framework based on the triplet loss method. Through this framework, we achieve robust, generalisable, scalable and transferable encrypted video stream detection. First, the triplet loss is better able to deal with video streams not seen during training. Second, our approach can accurately classify videos not seen during training. Third, we show that our method scales well to a dataset of over 1000 videos. Finally, we show that a model trained on video streams over Chrome can also classify streams over Firefox. Our results suggest that this side-channel attack is more broadly applicable than originally thought. We provide our code alongside a diverse and up-to-date dataset for future research.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (23)
  1. A. Dainotti, A. Pescape, and K. C. Claffy, “Issues and future directions in traffic classification,” IEEE Network, vol. 26, no. 1, pp. 35–40, 2012.
  2. O. Salman, I. H. Elhajj, A. Kayssi, and A. Chehab, “A review on machine learning–based approaches for internet traffic classification,” Annals of Telecommunications, vol. 75, no. 11, pp. 673–710, 2020.
  3. P. Velan, M. Čermák, P. Čeleda, and M. Drašar, “A survey of methods for encrypted traffic classification and analysis,” Netw., vol. 25, no. 5, p. 355–374, sep 2015.
  4. R. Dubin, A. Dvir, O. Pele, and O. Hadar, “I know what you saw last minute—encrypted http adaptive video streaming title classification,” IEEE Transactions on Information Forensics and Security, vol. 12, no. 12, pp. 3039–3049, 2017.
  5. R. Schuster, V. Shmatikov, and E. Tromer, “Beauty and the burst: Remote identification of encrypted video streams,” in 26th USENIX Security Symposium (USENIX Security 17).   Vancouver, BC: USENIX Association, 2017, pp. 1357–1374.
  6. A. Reed and B. Klimkowski, “Leaky streams: Identifying variable bitrate dash videos streamed over encrypted 802.11n connections,” in 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016, pp. 1107–1112.
  7. A. Reed and M. Kranch, “Identifying https-protected netflix videos in real-time,” in Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, ser. CODASPY ’17.   New York, NY, USA: Association for Computing Machinery, 2017, p. 361–368.
  8. J. Gu, J. Wang, Z. Yu, and K. Shen, “Walls have ears: Traffic-based side-channel attack in video streaming,” in IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, 2018, pp. 1538–1546.
  9. K. L. Dias, M. A. Pongelupe, W. M. Caminhas, and L. de Errico, “An innovative approach for real-time network traffic classification,” Computer Networks, vol. 158, pp. 143–157, 2019.
  10. H. Wu, Z. Yu, G. Cheng, and S. Guo, “Identification of encrypted video streaming based on differential fingerprints,” in IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2020, pp. 74–79.
  11. S. Bae, M. Son, D. Kim, C. Park, J. Lee, S. Son, and Y. Kim, “Watching the watchers: Practical video identification attack in LTE networks,” in 31st USENIX Security Symposium (USENIX Security 22).   Boston, MA: USENIX Association, Aug. 2022, pp. 1307–1324.
  12. H. Wu, X. Li, G. Wang, G. Cheng, and X. Hu, “Resolution identification of encrypted video streaming based on http/2 features,” ACM Trans. Multimedia Comput. Commun. Appl., vol. 19, no. 2, feb 2023.
  13. D. Hendrycks and K. Gimpel, “A baseline for detecting misclassified and out-of-distribution examples in neural networks,” in International Conference on Learning Representations, 2017.
  14. K. Lee, H. Lee, K. Lee, and J. Shin, “Training confidence-calibrated classifiers for detecting out-of-distribution samples,” in International Conference on Learning Representations, 2018.
  15. D. Hendrycks, M. Mazeika, and T. Dietterich, “Deep anomaly detection with outlier exposure,” in International Conference on Learning Representations, 2019.
  16. F. Schroff, D. Kalenichenko, and J. Philbin, “Facenet: A unified embedding for face recognition and clustering,” in 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2015, pp. 815–823.
  17. A. Hermans, L. Beyer, and B. Leibe, “In defense of the triplet loss for person re-identification,” ArXiv, vol. abs/1703.07737, 2017.
  18. P. Sirinam, N. Mathews, M. S. Rahman, and M. Wright, “Triplet fingerprinting: More practical and portable website fingerprinting with n-shot learning,” in Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’19.   New York, NY, USA: Association for Computing Machinery, 2019, p. 1131–1148.
  19. C. Wang, J. Dani, X. Li, X. Jia, and B. Wang, “Adaptive fingerprinting: Website fingerprinting over few encrypted traffic,” in Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, ser. CODASPY ’21.   New York, NY, USA: Association for Computing Machinery, 2021, p. 149–160.
  20. Y. Li, Y. Huang, R. Xu, S. Seneviratne, K. Thilakarathna, A. Cheng, D. Webb, and G. Jourjon, “Deep content: Unveiling video streaming content from encrypted wifi traffic,” in 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA), 2018, pp. 1–8.
  21. S. Ioffe and C. Szegedy, “Batch normalization: Accelerating deep network training by reducing internal covariate shift,” in Proceedings of the 32nd International Conference on International Conference on Machine Learning - Volume 37, ser. ICML’15.   JMLR.org, 2015, p. 448–456.
  22. D. P. Kingma and J. Ba, “Adam: A method for stochastic optimization,” in ICLR (Poster), 2015.
  23. I. Loshchilov and F. Hutter, “Decoupled weight decay regularization,” in International Conference on Learning Representations, 2019.

Summary

  • The paper introduces a triplet loss-based deep metric learning method that robustly identifies encrypted video streams and effectively handles out-of-distribution data.
  • It achieves high accuracy with mAP up to 98% and demonstrates excellent transferability across different browsers without retraining.
  • The approach leverages outlier detection to incorporate new video classes, highlighting potential vulnerabilities in current encryption protocols.

Harnessing Deep Metric Learning to Circumvent Video Streaming Encryption

Introduction

We all appreciate the encryption protocols keeping our internet usage private. However, researchers have revealed a fascinating yet concerning insight: deep learning can be utilized to bypass video streaming encryption. This paper focuses on a new methodology – employing Deep Metric Learning (DML) specifically using a triplet loss approach, to effectively identify encrypted video streams.

The Problem with HTTP and HTTPS

Originally, HTTP wasn't designed with security in mind, making network traffic easily interceptable. This risk led to the development of HTTPS, which adds encryption and verification, greatly enhancing user privacy.

However, this evolution has also complicated the detection and analysis tasks of Internet Service Providers (ISPs) and cybersecurity agents who monitor network traffic for malicious activity. Despite the encryption, metadata leaks still occur, and specific video streams can be identified.

The Shortcomings of Existing Methods

Previous attempts to crack video streaming encryption fell into two categories:

  1. Traditional Machine Learning (ML): Methods like k-nearest neighbor (kNN) are affordable to extend but less accurate.
  2. Deep Neural Networks (DNNs): Highly accurate but expensive and non-scalable.

Additionally, none of these methods effectively address out-of-distribution (OOD) data – new, unseen data points that crop up during model deployment.

The Proposed Approach: Triplet Loss and Outlier Leveraging

The new approach develops a model utilizing a triplet loss combined with a novel method termed "Outlier Leveraging (OL)." The triplet loss aims to embed video streams such that those belonging to the same video are closer together in the learned representation space.

Here’s a summary of their approach:

  1. Robustness: The method is significantly more robust in dealing with OOD video streams.
  2. Generalisability: The model can incorporate new classes (i.e., new videos) without the need for retraining.
  3. Scalability: It scales efficiently with an increasing number of videos to identify.
  4. Transferability: It can transfer across different settings, meaning a model trained on Chrome streams can effectively classify Firefox streams as well.

Methodology Breakdown

Triplet Loss: This metric learning loss approach aligns streams from the same video closer together, leveraging anchor-positive-negative stream triplets. Essentially, it narrows down embedding distance for similar video streams while pushing apart disparate streams.

Outlier Leveraging (OL): This extension ensures the model can handle OOD data, integrating a separate loss function to train the model on recognizing outlier streams.

Data Collection and Experiments

To validate their model, researchers collected data via streaming sessions using browsers like Chrome and Firefox. They analyzed this data to determine the robustness, generalizability, scalability, and transferability of their approach.

Experimental Observations

  • Robustness: The triplet loss model achieved higher robustness, showing mAP of up to 98%.
  • Generalisability: Without retraining, the model maintained high accuracy, even when new videos were introduced.
  • Scalability: The model scaled efficiently and maintained performance when the number of classes increased.
  • Transferability: The method cross-applied effectively from Chrome to Firefox, exhibiting notable classification accuracy.

Implications and Future Directions

The practical takeaway is clear: monitoring encrypted video streams on a large scale becomes feasible with algorithms like the one proposed. As the model can efficiently handle new and unseen streams, it points to a concerning ability to bypass existing encryption methods’ protections.

For future research, there’s scope in further enhancing the transferability of models and developing more robust defensive measures against such attacks. Regularly updating MPEG-DASH encoding settings or restructuring the HTTPS protocol could mitigate some of these vulnerabilities.

In conclusion, while this methodology showcases the power of deep learning in analyzing encrypted data streams, it also underscores the pressing need for more advanced privacy protections in web technologies.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets