In the metaverse, XR devices collect real-time data, such as hand movement trajectories, to provide immersive audiovisual experiences and interactive functions. However, this data collection poses privacy risks, as demonstrated by keystroke inference attacks that deduce user inputs by analyzing head movements during XR device use. For service providers, detecting malicious privacy attacks at the data level is often impractical. To address this, we propose XRwatcher, a detection scheme for XR privacy speculation attacks based on traffic analysis. XRwatcher uses XR application type, device type, and malicious traffic type as joint criteria to ensure accurate attack detection. To overcome the issue of insufficient labeled XR traffic samples, we employ transfer learning and domain adaptation strategies to classify XR application traffic and detect malicious traffic. Additionally, we design a lightweight XR device identification method based on location-sensitive hashing for low-overhead device type discrimination. We collect traffic data from three major XR devices in a LAN environment and simulate various attacks. Our evaluation results show that XRwatcher outperforms existing detection methods.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

XRwatcher: A Detection Scheme for XR Privacy Speculation Attacks Based on Traffic Analysis

  • Hao Zhang,
  • Guohao Li,
  • Li Yang,
  • Jiangyu Wang,
  • Ruiyuan Yang,
  • Huipeng Yang

摘要

In the metaverse, XR devices collect real-time data, such as hand movement trajectories, to provide immersive audiovisual experiences and interactive functions. However, this data collection poses privacy risks, as demonstrated by keystroke inference attacks that deduce user inputs by analyzing head movements during XR device use. For service providers, detecting malicious privacy attacks at the data level is often impractical. To address this, we propose XRwatcher, a detection scheme for XR privacy speculation attacks based on traffic analysis. XRwatcher uses XR application type, device type, and malicious traffic type as joint criteria to ensure accurate attack detection. To overcome the issue of insufficient labeled XR traffic samples, we employ transfer learning and domain adaptation strategies to classify XR application traffic and detect malicious traffic. Additionally, we design a lightweight XR device identification method based on location-sensitive hashing for low-overhead device type discrimination. We collect traffic data from three major XR devices in a LAN environment and simulate various attacks. Our evaluation results show that XRwatcher outperforms existing detection methods.