【摘要】 网页指纹攻击可获取HTTPS网络流量中的信息，进而泄露用户隐私。研究网页识别有助于发现当前加密协议存在的安全漏洞，这对于改进用户隐私保护策略具有重要意义，同时也有助于提升网络服务提供商的网络管理水平。目前的网页识别研究并未充分考虑应用层特征，且忽视了实际的网页浏览场景(如浏览器缓存机制)。鉴于HTTPS协议栈和网页加载方式的特性，研究提出了一种利用应用数据单元的二阶段网页识别方法Penetrator。应用数据单元特征还原增强了HTTPS流量中的应用层信息的利用率，以应用数据单元长度序列为特征进行网页识别。通过理论分析和实验验证，证明了应用层特征对于加密网页识别的有效性。实验表明，Penetrator能够有效消除HTTPS协议栈引入的误差，提取协议误差率低于0.98%的应用数据单元长度序列。通过与现有方法的对比，证明了Penetrator在网页识别中的优越性。更多还原

【Abstract】 Webpage fingerprinting attacks can get information from hypertext transfer protocol secure(HTTPS) network traffic, and then leaks the privacy of users. Studying webpage recognition helps to find out security vulnerabilities in current encryption protocols, it is significant to improve the privacy protection policy of users, and increase the network management level in network service provider(ISP) management. Current webpage recognition does not fully consider its application layer characteristics, ignoring actual webpage browsing scenarios such as browser caching mechanisms. With the help of the characteristics of the HTTPS protocol stack and webpage loading procedures, a two-phase webpage identification method Penetrator is proposed through utilizing the application data unit(ADU). The ADU feature reconstruction enhances the exploitation of application layer information in the HTTPS traffic, taking the ADU length sequence as the feature for webpage identification. Through the theoretical analysis and experimental verification, the results show that the application layer characteristics can effectively identify the encrypted webpages. The experiments indicate that the Penetrator effectively reduces the errors of the HTTPS protocol stack, extracting the ADU length sequences with a protocol error rate of below 0.98%. Compared to existing methods, the Penetrator has a superiority in webpage identification.更多还原