Treffer: XFP-recognizer: detecting cross-file browser fingerprinting.

In recent years, the evolving browser fingerprinting technology has posed significant challenges and constant demands on detection methods. Research related to malicious code shows that cross-file techniques, which disperse code into multiple files, can resist current detection methods. To address this challenge, we introduce cross-file tracking technology into browser fingerprinting, constructing cross-file browser fingerprinting (XFP). The dispersion of files and features in XFP effectively circumvents detection methods that primarily focus on single-file tracking. In this paper, we propose XFP-Recognizer, a Random Forest-based detection method for identifying XFP behaviors. XFP-Recognizer aggregates code files and dynamic APIs by constructing function call relationship graphs (FCRgraphs). It extracts dynamic and static features to train random forest models for detecting and classifying the aggregated files, and then backtracks based on FCRgraphs to mark original scripts. To validate our method, we implement a code-splitting algorithm and constructed a cross-file tracking dataset to address the lack of XFP in real-world scenarios. We combine this dataset with the dataset of Alexa Top-10K websites in different proportions to verify the effectiveness of XFP-Recognizer. The results show that XFP-Recognizer achieved an Accuracy of 92.25%, a Precision of 97.01% and an AUC of 0.9152 in recognizing browser fingerprinting, demonstrating superior performance in both single-file and cross-file tracking. XFP-Recognizer complements existing detection methods, and the constructed split dataset also serves as a foundational resource for future research. [ABSTRACT FROM AUTHOR]

Copyright of Cybersecurity (2523-3246) is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)