XRwatcher: A Detection Scheme for XR Privacy Speculation Attacks Based on Traffic Analysis
摘要
In the metaverse, XR devices collect real-time data, such as hand movement trajectories, to provide immersive audiovisual experiences and interactive functions. However, this data collection poses privacy risks, as demonstrated by keystroke inference attacks that deduce user inputs by analyzing head movements during XR device use. For service providers, detecting malicious privacy attacks at the data level is often impractical. To address this, we propose XRwatcher, a detection scheme for XR privacy speculation attacks based on traffic analysis. XRwatcher uses XR application type, device type, and malicious traffic type as joint criteria to ensure accurate attack detection. To overcome the issue of insufficient labeled XR traffic samples, we employ transfer learning and domain adaptation strategies to classify XR application traffic and detect malicious traffic. Additionally, we design a lightweight XR device identification method based on location-sensitive hashing for low-overhead device type discrimination. We collect traffic data from three major XR devices in a LAN environment and simulate various attacks. Our evaluation results show that XRwatcher outperforms existing detection methods.