Investigation of the possibility of identifying websites visited by the user based on HTTP/2 traffic

Confidentiality is an important security feature when exchanging data over a network. To implement it, a family of SSL/TLS protocols is used, which, however, do not fully hide either the visited site or the user's actions. In addition to privacy, privacy also plays a significant role for network users. To provide additional privacy, some software solutions have been implemented, such as Tor and I2P. As a measure of the privacy of the relevant solutions, their resistance to a specialized class of attacks can be used. One of the attacks is Website Fingerprinting, which allows the traffic sent and received by a known user to determine which sites he visited. Website Fingerprinting is a classification task, where the object is the user's visit to the website, and the class is the website itself. This article examines the Website Fingerprinting attack for HTTP/2 traffic. The paper contains a description and calculation of popular features used in traffic classification, and assesses their applicability to the Website Fingerprinting task. To implement the Website Fingerprinting attack, several classifiers are built, among which an algorithm is selected that gives the best result on the collected data set. The accuracy of the best classifier is 97.8% under certain assumptions. In addition, there is an assessment and analysis of some real-world constraints affecting the accuracy of classification.