DoQ+QUIC web traffic dataset

Moving away from plain-text DNS communications,users now have the option of using encrypted DNS protocolsfor domain name resolutions. DNS-over-QUIC (DoQ) employsQUIC—the latest transport protocol—for encrypted communi-cations between users and their recursive DNS servers. QUIC isalso poised to become the foundation of our daily web browsingexperience by replacing TCP with HTTPP/3, the latest versionof the HTTP protocol.Traditional TCP-based web browsing is vulnerable to websitefingerprinting (WFP) attacks that can identify the websites a uservisits. The emergence of QUIC-based DNS and HTTP protocolsraises an important question: are regular users better protectedfrom WFP attacks when using these new protocols?To investigate this, we first collect and publicly release thefirst benchmark dataset of network traffic corresponding to realvisits to QUIC-enabled websites while using DoQ for domainresolution. This dataset will help advance the research on WFPattacks and defenses. Second, we implement and evaluate thefirst WFP attack targeting the combined use of DoQ and HTTP/3protocols by users by developing two transformer models tailoredfor WFP attacks. Finally, we conduct comprehensive experiments,which reveal that these models are effective in identifying user-visited websites, emphasizing the need for defensive measures.

摒弃纯文本域名系统（Domain Name System, DNS）通信，用户如今可选择加密DNS协议完成域名解析。DNS-over-QUIC（DoQ）采用QUIC——当前最新的传输协议——实现用户与递归DNS服务器间的加密通信。QUIC亦有望通过以超文本传输协议第3版（HTTP/3）取代传输控制协议（TCP），成为日常网页浏览体验的底层支撑。传统基于TCP的网页浏览易受网站指纹识别（Website Fingerprinting, WFP）攻击，此类攻击可识别用户访问的网站。基于QUIC的DNS与HTTP协议的问世引发了一个关键问题：用户使用这些新型协议时，是否能更好地抵御WFP攻击？为探究该问题，本研究首先收集并公开发布首个基准数据集，该数据集包含使用DoQ进行域名解析时，访问支持QUIC的网站产生的真实网络流量。此数据集将助力WFP攻击与防御领域的研究进展。其次，本研究开发两款适配WFP攻击的Transformer模型，实现并评估了首个针对用户同时使用DoQ与HTTP/3协议场景的WFP攻击方案。最后，本研究开展了全面实验，结果表明上述模型可有效识别用户访问的网站，凸显了部署防御措施的必要性。