Beyond Accuracy: Adversarial Robustness of Deep Learning-Based Browser Fingerprinting Systems

Suresh Kumar Ganapathy

doi:10.64917/feaiml/Volume02Issue12-03

Authors

Suresh Kumar Ganapathy Software Engineering Director, Truist, USA https://orcid.org/0009-0008-0382-6920

DOI:

https://doi.org/10.64917/feaiml/Volume02Issue12-03

Keywords:

Browser Fingerprinting & AI Security, Deep Learning Adversarial Robustness, CNN-LSTM Hybrid Architecture, Stateless User Identification, High-Fidelity Fingerprinting, Evasion Attacks

Abstract

The paradigm of online user identification has increasingly shifted from stateful cookies to stateless browser fingerprinting, a technique significantly amplified in efficacy by deep learning. State-of-the-art methods, such as those employing Long Short-Term Memory (LSTM) networks, have demonstrated remarkable accuracy, surpassing 94% in identifying unique users across various platforms and conditions.¹ This advancement, however, has predominantly focused on optimizing classification accuracy, leaving a critical security dimension largely unexamined: the vulnerability of these sophisticated models to adversarial attacks.

This paper addresses this gap by investigating the adversarial robustness of AI-based browser fingerprinting systems. We introduce a novel hybrid deep learning architecture that synergistically combines 1D Convolutional Neural Networks (CNNs) for robust, localized feature extraction with LSTMs for sequential pattern analysis. To evaluate this architecture, we develop a domain-specific framework for generating adversarial browser fingerprints by adapting established gradient-based attack methods to the unique, heterogeneous feature space of browser data.

Through a comprehensive comparative analysis against a state-of-the-art LSTM model, our experimental results demonstrate that the proposed hybrid model not only maintains competitive accuracy on benign data but also exhibits significantly superior resilience to adversarial evasion attacks. These findings establish adversarial robustness as an essential, co-equal metric alongside accuracy for the evaluation and deployment of next-generation user identification systems, highlighting the need for a paradigm shift from a singular pursuit of accuracy to a more holistic, security-conscious approach.

References

An AI-based user identification method for webservices (Source:https://ceur-ws.org/Vol-3925/paper12.pdf)

Zhang, D., Zhang, J., Bu, Y., Chen, B., Sun, C., Wang, T., & Tardif, P. M. (2022). A Survey of Browser Fingerprint Research and Application. Wireless Communications and Mobile Computing, 2022, 3363335. DOI: 10.1155/2022/3363335.

Browser Fingerprinting: A Growing Threat to Online Privacy. (2024). arXiv:2411.12045v1.

Laperdrix, P., Bielova, N., Baudry, B., & Avoine, G. (2020). Browser Fingerprinting: A Survey. ACM Transactions on the Web, 14(2), 1-33. DOI: 10.48550/arXiv.1905.01051.

FP-INSPECTOR: A Large-Scale and In-Depth Study of Browser Fingerprinting. (2022). Federal Trade Commission.

Palo Alto Networks.What Are Adversarial Attacks on AI/Machine Learning?

A14CYBER. (2023). Adversarial Attacks Against AI-Based Intrusion Detection Systems (Source: https://ai4cyber.eu/?p=1196)

AmIUnique. Privacy Tools (Source:https://amiunique.org/privacy-tools/).

Pintor, M., et al. (2025). Adversarial AI vs. Offensive AI. arXiv:2506.12519v1.

BrowserLeaks. BrowserLeaks Home.

DataDome. AmIUnique Fingerprint: Browser Fingerprinting Analysis Tool.

A Traffic Camouflage Method Based on a Generative Adversarial Network Combining Wasserstein Distance and Genetic Algorithm. (2023). Electronics.

Rimmer, V., Preuveneers, D., Juarez, M., & Joosen, W. (2018). Automated Website Fingerprinting through Deep Learning. In Proceedings 2018 Network and Distributed System Security Symposium. DOI: 10.14722/ndss.2018.23105.

Deanonymizing Tor Traffic: A Machine Learning Approach to Website Fingerprinting Attacks. (2024). arXiv:2409.03791v1.

[15] NEC Corporation. (2021). Applying Deep Learning to Fingerprint Matching. NEC Technical Journal.

Guo, G., Ray, A., Izydorczak, M., Goldfeder, J., Lipson, H., & Xu, W. (2024). Unveiling intra-person fingerprint similarity via deep contrastive learning. Science advances, 10(2), eadi0329 DOI: 10.1126/sciadv.adi0329.

Hernandez-Castro, C. J. (2022). Machine Learning and Deep Learning for Hardware Fingerprinting. In Security and Artificial Intelligence: A Crossdisciplinary Approach (pp. 181-213). Cham: Springer International Publishing. DOI: 10.1007/978-3-030-98795-4_9

Sankhe, K., et al. (2020). Deep Learning for RF Fingerprinting: A Massive Experimental Study. IEEE Internet of Things Magazine, 3(1), 50-57. DOI:10.1109/IOTM.0001.1900065.

Merchant, K., Revay, S., Stantchev, G., & Nousain, B. (2018). Deep Learning for RF Device Fingerprinting in Cognitive Communication Networks. IEEE Journal of Selected Topics in Signal Processing, vol. 12, no. 1, pp. 160-167, Feb. 2018, doi: 10.1109/JSTSP.2018.2796446.

Chen, J., et al. (2020). Attacking Fingerprint Liveness Detection Systems with Adversarial Examples. Springer.

Backdoor Attacks on Deep Learning-based RF Fingerprinting. (2025). arXiv:2507.14109v1.

Zychlinski, S. (2025). A Whole New World: Creating a Parallel-Poisoned Web Only AI-Agents Can See. arXiv:2509.00124v1. DOI: 10.48550/arXiv.2509.00124.

Reus-Muns, G., Jaisinghani, D., Sankhe, K., & Chowdhury, K. R. (2020, December). Trust in 5G open RANs through machine learning: RF fingerprinting on the POWDER PAWR platform. In GLOBECOM 2020-2020 IEEE Global Communications Conference (pp. 1-6). IEEE

Elmaghbub, A., & Hamdaoui, B. (2023). ADL-ID: Adversarial Disentanglement Learning for Wireless Device Fingerprinting Temporal Domain Adaptation. In 2023 IEEE International Conference on Communications (ICC). DOI: 10.1109/ICC45041.2023.10279347.

Fei, Jianwei & Xia, Zhihua & Peipeng, Yu & Xiao, Fengjun. (2020). Adversarial attacks on fingerprint liveness detection. EURASIP Journal on Image and Video Processing. 2020. 0.1186/s13640-020-0490-z.

Frontiers in Emerging Artificial Intelligence and Machine Learning

Article Details Page