Subscribe

Highlights

In brief

Transformer models can exploit the traffic patterns of encrypted DNS-over-QUIC and HTTP/3 protocols to identify which websites a user visits, showing that encryption alone is not enough to protect browsing privacy.

Photo by Rob Wingate | Unsplash

Encrypted but not invisible

28 Apr 2026

The internet’s latest privacy upgrades hide your data, but the patterns they leave behind can still reveal where you browse.

If someone wanted to track a letter without opening it, they could follow the postman’s route to learn more about its sender and recipient. In a similar way, attackers can infer online activity by observing how data packets move across networks, even when the content itself is encrypted. To guard against such web fingerprinting, today’s internet architecture carries various privacy protocols.

For example, a data transfer protocol called Quick UDP Internet Connections (QUIC) enables faster connections between user devices and servers, as well as encrypts their communication, hiding the content of data exchanges from anyone observing the network in between. It supports both the Domain Name System (DNS) that converts web URLs into machine-readable addresses, as well as HTTP/3, which facilitates packet exchange and loading webpage content.

Initial tests suggested such encryption could protect privacy, but many of these either ran on older protocols before QUIC or did not incorporate HTTP/3 traffic. This prompted researchers at the A*STAR Institute for Infocomm Research (A*STAR I2R) to ask whether the data exchange patterns visible to a passive observer still carry enough distinctive characteristics to enable the same website identification possible with older protocols.

Led by A*STAR I2R Senior Principal Scientist Dinil Mon Divakaran and Senior Scientist Levente Csikor, the team collaborated with researchers from the National University of Singapore to simulate web fingerprinting attacks powered by artificial intelligence (AI). They developed an AI-based transformer model that analysed encrypted internet traffic, training it on 500 QUIC-enabled websites while using traces from over 74,000 additional websites to evaluate its performance in realistic browsing scenarios.

Their experiments revealed that when filtering on encrypted DNS traffic alone, the first 200 packets were enough to capture the complete DNS exchange in nearly all website visits. These packets already carried the unique characteristics of DNS requests that help reveal which website was visited. By analysing solely these DNS packets, the transformer model could correctly identify 70 percent of monitored websites at 90 percent precision.

“Modern websites trigger a characteristic sequence of DNS lookups, ranging from the domain itself to analytics and ads. Together, the patterns form a very distinctive web ‘signature’ that still broadcasts its identity, as our experiments have shown,” said Csikor.

When combining DNS-over-QUIC with HTTP/3 web traffic, the model’s performance improved further to approximately 80 percent recall at 90 percent precision. By contrast, an older deep learning approach achieved less than 10 percent recall at the same precision, highlighting how transformers’ ability to weigh relationships across the entire packet sequence allows for spotting patterns that previous models missed.

The findings further show that traditional defences like packet padding, which adds extra data to disguise traffic patterns, are ineffective against modern AI-based attacks trained on the latest QUIC protocols.

“We need defences that scramble the relationships between packets so the AI models can’t tell which one matters, much like adding white noise to a conversation to confuse a speech recogniser,” said Divakaran.

“Ultimately, users must become more privacy-conscious by using privacy-enhancing tools like Tor or VPNs to make any eavesdropping attacks more difficult to execute,” he added.

While websites’ fingerprinting signatures remain difficult to mask, the team has released their dataset and tools publicly to enable the broader community to build on their work and develop stronger defences against emerging privacy threats.

The A*STAR-affiliated researchers contributing to this research are from the A*STAR Institute for Infocomm Research (A*STAR I2R).

Want to stay up to date with breakthroughs from A*STAR? Follow us on Twitter and LinkedIn!

data privacy artificial intelligence A*STAR Institute for Infocomm Research (A*STAR I²R) network security Smart Nation and Digital Economy (SNDE) Website fingerprinting

References

Csikor, L., Lian, Z., Zhang, H., Lakshmanan, N. and Divakaran, D.M. DNS-over-QUIC and HTTP/3 in the era of transformers: The new internet privacy battle. IEEE Communications Magazine 63 (11), 114-120 (2025). | article

About the Researchers

View articles

Levente Csikor

Senior Scientist

A*STAR Institute for Infocomm Research (A*STAR I2R)
View articles
Levente Csikor is a Senior Scientist at the A*STAR Institute for Infocomm Research (I²R), researching network security and privacy to strengthen future communication networks. He explores how AI and agentic systems can enhance network hygiene, enable automated threat detection and improve threat intelligence extraction from the dark web. Levente earned his PhD from the Budapest University of Technology and Economics, Hungary. Before joining A*STAR, he held research positions at the University of Glasgow (UK), Eötvös Loránd University (Hungary), UNICAMP (Brazil) and the National University of Singapore, working on projects spanning Software-Defined Networking (SDN), Network Function Virtualisation (NFV), programmable networks, network security, privacy, and applied machine learning. He also brings industry experience from Ericsson, Singtel and NCS. His research achievements include discovering multiple zero-day attacks affecting widely deployed software-defined network components and automotive systems, with results presented at major venues such as Black Hat USA.
View articles

Dinil Mon Divakaran

Senior Principal Scientist

A*STAR Institute for Infocomm Research (A*STAR I2R)
View articles
Dinil Mon Divakaran (Senior Member '14, IEEE) is a Senior Principal Scientist at A*STAR Institute for Infocomm Research (I²R), with more than 20 years of research experience in the security of network, web, software and AI systems. Throughout his career, he has led the research and development of AI models addressing challenges in cybersecurity and privacy. He is also an Adjunct Assistant Professor of the School of Computing, National University of Singapore, and collaborates with researchers, experts and students around the globe. Dinil's research experience spans both industry and academia. In the past decade, he headed research teams at two cybersecurity firms, Acronis and Trustwave, and previously held a faculty position at the Indian Institute of Technology (IIT) Mandi. He carried out his doctoral studies at the INRIA lab in ENS Lyon in France, in collaboration with Bell Labs. He holds a Master’s degree in Computer Science and Engineering from IIT Madras, India. Dinil is also a frequent speaker on AI and cybersecurity.

This article was made for A*STAR Research by Wildtype Media Group

Related Articles

Sharpening shears for AI pruning

10 Apr 2026

Inspired by classical signal processing techniques, a new approach to fine-tuning AI models helps reduce irrelevant computing while maintaining performance.

Reading a richer genetic alphabet

6 Apr 2026

Nanopore sequencing and a self-enhancing AI model team up to enable a faster and more accurate method for reading synthetic genes.

When AI plays to learn

27 Mar 2026

A new framework to train artificial intelligence models draws on concepts from game theory to improve model stability and performance.