I Know What You Saw Last Minute—Encrypted HTTP Adaptive Video Streaming Title Classification

Abstract

Desktops and laptops can be maliciously exploited to violate privacy. There\nare two main types of attack scenarios: active and passive. In this paper, we\nconsider the passive scenario where the adversary does not interact actively\nwith the device, but he is able to eavesdrop on the network traffic of the\ndevice from the network side. Most of the Internet traffic is encrypted and\nthus passive attacks are challenging. Previous research has shown that\ninformation can be extracted from encrypted multimedia streams. This includes\nvideo title classification of non HTTP adaptive streams (non-HAS). This paper\npresents an algorithm for encrypted HTTP adaptive video streaming title\nclassification. We show that an external attacker can identify the video title\nfrom video HTTP adaptive streams (HAS) sites such as YouTube. To the best of\nour knowledge, this is the first work that shows this. We provide a large data\nset of 10000 YouTube video streams of 100 popular video titles (each title\ndownloaded 100 times) as examples for this task. The dataset was collected\nunder real-world network conditions. We present several machine algorithms for\nthe task and run a through set of experiments, which shows that our\nclassification accuracy is more than 95%. We also show that our algorithms are\nable to classify video titles that are not in the training set as unknown and\nsome of the algorithms are also able to eliminate false prediction of video\ntitles and instead report unknown. Finally, we evaluate our algorithms\nrobustness to delays and packet losses at test time and show that a solution\nthat uses SVM is the most robust against these changes given enough training\ndata. We provide the dataset and the crawler for future research.\n