Yixiao Xu,Tao Wang,Qi Li,Qingyuan Gong,Yang Chen,Yong Jiang

DOI: https://doi.org/10.1145/3274694.3274697

2018-01-01

Abstract:In a Website Fingerprinting (WF) attack, a local, passive eavesdropper utilizes network flow information to identify which web pages a user is browsing. Previous researchers have extensively demonstrated the feasibility and effectiveness of WF, but only under the strong Single Page Assumption: the network flow extracted by the adversary always belongs to a single page. In other words, the WF classifier will never be asked to classify a network flow corresponding to more than one page, or part of a page. The Single Page Assumption is unrealistic because people often browse with multiple tabs. When this happens, the network flow induced by multiple tabs will overlap, and current WF attacks fail to classify correctly. Our work demonstrates the feasibility of WF with the relaxed Single Page Assumption: we can attack a client who visits more than one pages simultaneously. We propose a multi-tab website fingerprinting attack that can accurately classify multi-tab web pages if they are requested and sequentially loaded over a short period of time. In particular, we develop a new BalanceCascade-XGBoost scheme for an attacker to identify the start point of the second page such that the attacker can accurately classify and identify these multi-tab pages. By developing a new classifier, we only use a small chunk of packets, i.e., packets between the first page's start time to the second page's start time, to fingerprint website. Our experiments demonstrate that in the multi-tab scenario, WF attacks are still practically effective. We have an average TPR of 92.58% on SSH, and we can also averagely identify the page with a TPR of 64.94% on Tor. Specially, compared with previous WF classifiers, our attack achieves a significantly higher true positive rate using a restricted chunk of packets.

Xinhao Deng,Qilei Yin,Zhuotao Liu,Xiyuan Zhao,Qi Li,Mingwei Xu,Ke Xu,Jianping Wu

DOI: https://doi.org/10.1109/SP46215.2023.10179464

2023-01-01

Abstract:Website fingerprinting enables an eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting (WF) attacks have demonstrated effectiveness even against Tor-protected network traffic. However, existing WF attacks have critical limitations on accurately identifying websites in multi-tab browsing sessions, where the holistic pattern of individual websites is no longer preserved, and the number of tabs opened by a client is unknown a priori. In this paper, we propose ARES, a novel WF framework natively designed for multi-tab WF attacks. ARES formulates the multi-tab attack as a multi-label classification problem and solves it using a multi-classifier framework. Each classifier, designed based on a novel transformer model, identifies a specific website using its local patterns extracted from multiple traffic segments. We implement a prototype of ARES and extensively evaluate its effectiveness using our large-scale dataset collected over multiple months (by far the largest multi-tab WF dataset studied in academic papers.) The experimental results illustrate that ARES effectively achieves the multi-tab WF attack with the best F1-score of 0.907. Further, ARES remains robust even against various WF defenses.

Mantun Chen,Yongxin Chen,Yongjun Wang,Peidai Xie,Shaojing Fu,Xiatian Zhu

DOI: https://doi.org/10.48550/arXiv.2203.06376

2022-03-12

Cryptography and Security

Abstract:Website fingerprinting attack (WFA) aims to deanonymize the website a user is visiting through anonymous networks channels (e.g., Tor). Despite of remarkable progress in the past years, most existing methods make implicitly a couple of artificial assumptions that (1) only a single website (i.e., single-tab) is visited each time, and (2) website fingerprinting data are pre-trimmed into a single trace per website manually. In reality, a user often open multiple tabs for multiple websites spontaneously. Indeed, this multi-tab WFA (MT-WFA) setting has been studied in a few recent works, but all of them still fail to fully respect the real-world situations. In particular, the overlapping challenge between website fingerprinting has never been investigated in depth. In this work, we redefine the problem of MT-WFA as detecting multiple monitored traces, given a natural untrimmed traffic data including monitored traces, unmonitored traces, and potentially unconstrained overlapping between them. This eliminates the above assumptions, going beyond the conventional single website fingerprint classification perspective taken by all previous WFA methods. To tackle this realistic MT-WFA problem, we formulate a novel Website Fingerprint Detection (WFD) model capable of detecting accurately the start and end points of all the monitored traces and classifying them jointly, given long, untrimmed raw traffic data. WFD is end-to-end, with the trace localization and website classification integrated in a single unified pipeline. To enable quantitative evaluation in our MT-WFA setting, we introduce new performance metrics. Extensive experiments on several newly constructed benchmarks show that our WFD outperforms the state-of-the-art alternative methods in both accuracy and efficiency by a large margin, even with a very small training set. Code is available at https://github.com/WFDetector/WFDetection

Jiaze Shang,Tianbo Lu,Zhaoxin Jin,Shuang Luo

DOI: https://doi.org/10.1145/3576915.3623107

2023-11-15

Abstract:While the anonymous communication system Tor can protect user privacy, website fingerprinting (WF) attackers can still identify the websites that users access over encrypted network connections by analyzing the metadata generated during network communication. Despite the emergence of new WF attack techniques in recent years, most research in this area has focused on pure traffic traces generated from single-tab browsing behavior. However, multi-tab browsing behavior significantly degrades the performance of WF classification models based on the single-tab assumption. As a result, some research has shifted its focus to multi-tab WF attacks, although most of these works have limited utilization of the mixed information contained in multi-tab traces. In this paper, we propose an end-to-end multi-tab WF attack model, called Transformer-based model for Multi-tab Website Fingerprinting attack (TMWF). Inspired by object detection algorithms in computer vision, we treat multi-tab WF recognition as a problem of predicting ordered sets with a maximum length. By adding enough single-tab queries to the detection model and letting each query extract WF features from different positions in the multi-tab traces, our model's Transformer architecture capitalizes more fully on trace features. Paired with our new proposed model training approach, we accomplish adaptive recognition of multi-tab traces with varying numbers of web pages. This approach successfully eliminates a strong and unrealistic assumption in the field of multi-tab WF attacks - that the number of tabs contained in a sample belongs to the attacker's prior knowledge. Experimental results in various scenarios demonstrate that the performance of TMWF is significantly better than existing multi-tab WF attack models. To evaluate model performance in more authentic scenarios, we present a dataset of multi-tab trace data collected from real open-world environments.

Computer Science

Chuxu Song,Zining Fan,Hao Wang,Richard Martin

2024-07-28

Abstract:Website fingerprinting (WF) attacks identify the websites visited over anonymized connections by analyzing patterns in network traffic flows, such as packet sizes, directions, or interval times using a machine learning classifier. Previous studies showed WF attacks achieve high classification accuracy. However, several issues call into question whether existing WF approaches are realizable in practice and thus motivate a re-exploration. Due to Tor's performance issues and resulting poor browsing experience, the vast majority of users opt for Virtual Private Networking (VPN) despite VPNs weaker privacy protections. Many other past assumptions are increasingly unrealistic as web technology advances. Our work addresses several key limitations of prior art. First, we introduce a new approach that classifies entire websites rather than individual web pages. Site-level classification uses traffic from all site components, including advertisements, multimedia, and single-page applications. Second, our Convolutional Neural Network (CNN) uses only the jitter and size of 500 contiguous packets from any point in a TCP stream, in contrast to prior work requiring heuristics to find page boundaries. Our seamless approach makes eavesdropper attack models realistic. Using traces from a controlled browser, we show our CNN matches observed traffic to a website with over 90% accuracy. We found the training traffic quality is critical as classification accuracy is significantly reduced when the training data lacks variability in network location, performance, and clients' computational capability. We enhanced the base CNN's efficacy using domain adaptation, allowing it to discount irrelevant features, such as network location. Lastly, we evaluate several defensive strategies against seamless WF attacks.

Cryptography and Security

Xiaoyun Yuan,Tengyao Li,Lingling Li,Ruixiang Li,Zhiquan Wang,Xiangyang Luo

DOI: https://doi.org/10.1016/j.comnet.2024.110217

IF: 5.493

2024-01-29

Computer Networks

Abstract:Website Fingerprinting (WF) attacks on Tor are exploited to analyze encrypted traffic traces and infer the visited websites by analyzing traffic traces between users and the Tor entry guard. State-of-the-art WF methods have demonstrated impressive results in simulation experiments against Tor-protected network traffic. However, existing WF attacks have significant limitations in real-world scenarios due to potential mismatches between the data distribution in the experimental environment and that of the real world. Additionally, it is often unknown in advance which sites a client will access. In this paper, we propose a WF enhancing technique that leverages difficult-to-classify samples to train a website classifier, which exploits hard samples to train a website classifier using their distinctive features. We conduct a more detailed analysis of the impact that unbalanced data on WF attacks. In order to improve the performance, we extract misclassified traces from the unmonitored sites as the hard samples and train them using a triplet network structure to enhance their feature representation. By utilizing this method, an attacker can train a classifier that learns more features from the open world, potentially improving the accuracy and effectiveness of website fingerprinting techniques. This approach allows for a more comprehensive understanding of website characteristics and better discrimination between monitored and unmonitored sites. The experimental results demonstrate that the proposed technique has a substantial positive impact on the precision of misidentified traffic traces. The best recall rate achieved is 98.43%, while the average recall for hard samples is an impressive 93.28%. These results collectively highlight the effectiveness and reliability of the proposed technique in accurately identifying challenging traffic samples.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Shihao Wang,Liangmin Wang,Shangnan Yin,Hui Zhao,Hao Shentu

DOI: https://doi.org/10.1109/nana51271.2020.00020

2020-01-01

Abstract:Website Fingerprinting (WF) attacks aim to identify the website label of anonymous website traffic trace. WF attacks are suitable for anonymous network scenario because it only needs to analyze the information contained in the packet header without analyzing the content of the packet payload. WF attacks are important means to combat anonymous cyber-crimes. However, with anonymous networks are widely deployed on different devices such as PC and mobile devices, the sources of anonymous website traffic have become more diverse, and differences in devices will cause differences in anonymous website traffic. Existing WF attacks only use anonymous website traffic collected from the same device to train the classifier, and the performance will be significantly reduced while it is trying to identify the mixed anonymous website traffic generated by different devices. In this study, we propose cross-platform website fingerprinting (CPWF) attack based on multi-similarity loss. First, we use the multi-similarity loss to train a deep learning-based website fingerprint extraction model. The model is able to extract a feature set for anonymous website traffic classification, ignoring the differences caused by different devices, so that attackers can use the anonymous website traffic collected from the single terminal device to train the classifier, the classifier capable of identifying anonymous website traffic collected from all devices effectively.

Xiyuan Zhao,Xinhao Deng,Qi Li,Yunpeng Liu,Zhuotao Liu,Kun Sun,Ke Xu

2024-09-06

Abstract:Website Fingerprinting (WF) attacks can effectively identify the websites visited by Tor clients via analyzing encrypted traffic patterns. Existing attacks focus on identifying different websites, but their accuracy dramatically decreases when applied to identify fine-grained webpages, especially when distinguishing among different subpages of the same website. WebPage Fingerprinting (WPF) attacks face the challenges of highly similar traffic patterns and a much larger scale of webpages. Furthermore, clients often visit multiple webpages concurrently, increasing the difficulty of extracting the traffic patterns of each webpage from the obfuscated traffic. In this paper, we propose Oscar, a WPF attack based on multi-label metric learning that identifies different webpages from obfuscated traffic by transforming the feature space. Oscar can extract the subtle differences among various webpages, even those with similar traffic patterns. In particular, Oscar combines proxy-based and sample-based metric learning losses to extract webpage features from obfuscated traffic and identify multiple webpages. We prototype Oscar and evaluate its performance using traffic collected from 1,000 monitored webpages and over 9,000 unmonitored webpages in the real world. Oscar demonstrates an 88.6% improvement in the multi-label metric Recall@5 compared to the state-of-the-art attacks.

Cryptography and Security,Artificial Intelligence

Boyu Sun,Wenyuan Yang,Mengqi Yan,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/icccs55155.2022.9846237

2022-01-01

Abstract:Website Fingerprinting (WF) can be used by network eavesdroppers to infer information about the content of encrypted and anonymous connections. Several defenses leverage adversarial examples to mitigate the threat of WF attacks, but they require to get entire traffic traces after network sessions have concluded to produce adversarial examples, thus offer users little protection in practical settings. In this paper, a novel practical WF defense method called WF-UAP is proposed by crafting Universal Adversarial Perturbations (UAP) to fight back against WF attacks, in which adversarial examples are produced to fool the classifiers used in WF attacks when UAPs are added to any network traffic trace in the target domain. We further present a Generative Adversarial Network (GAN) based UAP generation approach to enhance the performance of UAPs. It can efficiently generate UAPs once the generator is trained and make the adversarial traces and original traffic traces are more difficult to distinguish. Our experimental results over a public dataset demonstrate that WF-UAP reduces the accuracy of the state-of-the-art WF attacks from 98% to 15% with at most 20% increased bandwidth overhead, which outperforms the previous defenses in terms of the defense performance and overhead.

Meng Shen,Yiting Liu,Liehuang Zhu,Xiaojiang Du,Jiankun Hu

DOI: https://doi.org/10.1109/tifs.2020.3046876

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Encrypted web traffic can reveal sensitive information of users, such as their browsing behaviors. Existing studies on encrypted traffic analysis focus on website fingerprinting. We claim that fine-grained webpage fingerprinting, which speculates specific webpages on a same website visited by a victim, allows exploiting more user private information, e.g., shopping interests in an online shopping mall. Since webpages from the same website usually have very similar traffic traces that make them indistinguishable, existing solutions may end up with low accuracy. In this paper, we propose FineWP, a novel fine-grained webpage fingerprinting method. We make an observation that the length information of packets in bidirectional client-server interactions can be distinctive features for webpage fingerprinting. The extracted features are then fed into traditional machine learning models to train classifiers, which achieve both high accuracy and low training overhead. We collect two real-world traffic datasets and construct closed- and open-world evaluations to verify the effectiveness of FineWP. The experimental results demonstrate that FineWP is superior to the state-of-the-art methods in terms of accuracy, time complexity and stability.

computer science, theory & methods,engineering, electrical & electronic

Xi Xiao,Xiang Zhou,Zhenyu Yang,Le Yu,Bin Zhang,Qixu Liu,Xiapu Luo

DOI: https://doi.org/10.1016/j.cose.2023.103577

IF: 5.105

2024-01-01

Computers & Security

Abstract:Website fingerprinting (WF) enables eavesdroppers to identify the website a user is visiting by network surveillance, even if the traffic is protected by anonymous communication technologies such as Tor. To avoid this, several defense schemes have been proposed to protect users from the hazard of website fingerprinting attacks. However, some defenses are defeated by new attacks soon since they can not provide provable security guarantees; some defenses can not be deployed in practice since they incur high bandwidth overhead and latency overhead. In this paper, we survey existing WF defense schemes and make a comprehensive analysis. First, we divide WF defenses into four categories and introduce their principles and characteristics separately. Then, we point out some unreasonable settings in previous works and use a new experimental setting to evaluate WF defenses on a public dataset. We find many WF defenses are not as effective as they claim to be. Besides, we investigate the deployment of WF defenses and discuss some potential problems. Finally, we make some suggestions for researchers to design a feasible WF defense and make suggestions for users to protect their privacy.

Guodong Huang,Chuan Ma,Ming Ding,Yuwen Qian,Chunpeng Ge,Liming Fang,Zhe Liu

DOI: https://doi.org/10.48550/arXiv.2302.13763

2023-02-27

Abstract:Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and deep learning tend to use the most typical features to achieve a satisfactory performance of attacking rate. However, these attacks suffer from several practical implementation factors, such as a skillfully pre-processing step or a clean dataset. To defend against such attacks, random packet defense (RPD) with a high cost of excessive network overhead is usually applied. In this work, we first propose a practical filter-assisted attack against RPD, which can filter out the injected noises using the statistical characteristics of TCP/IP traffic. Then, we propose a list-assisted defensive mechanism to defend the proposed attack method. To achieve a configurable trade-off between the defense and the network overhead, we further improve the list-based defense by a traffic splitting mechanism, which can combat the mentioned attacks as well as save a considerable amount of network overhead. In the experiments, we collect real-life traffic patterns using three mainstream browsers, i.e., Microsoft Edge, Google Chrome, and Mozilla Firefox, and extensive results conducted on the closed and open-world datasets show the effectiveness of the proposed algorithms in terms of defense accuracy and network efficiency.

Cryptography and Security,Machine Learning

Meng Shen,Kexin Ji,Zhenbo Gao,Qi Li,Liehuang Zhu,Ke Xu

2023-01-01

Abstract:Anonymity networks, e.g., Tor, are vulnerable to various website fingerprinting (WF) attacks, which allows attackers to perceive user privacy on these networks. However, the defenses developed recently can effectively interfere with WF attacks, e.g., by simply injecting dummy packets. In this paper, we propose a novel WF attack called Robust Fingerprinting (RF), which enables an attacker to fingerprint the Tor traffic under various defenses. Specifically, we develop a robust traffic representation method that generates Traffic Aggregation Matrix (TAM) to fully capture key informative features leaked from Tor traces. By utilizing TAM, an attacker can train a CNN-based classifier that learns common high-level traffic features uncovered by different defenses. We conduct extensive experiments with public real-world datasets to compare RF with state-of-the-art (SOTA) WF attacks. The closed-and open-world evaluation results demonstrate that RF significantly outperforms the SOTA attacks. In particular, RF can effectively fingerprint Tor traffic under the SOTA defenses with an average accuracy improvement of 8.9% over the best existing attack (i.e., Tik-Tok).

Shuai Li,Huajun Guo,Nicholas Hopper

DOI: https://doi.org/10.48550/arXiv.1710.06080

2019-06-05

Abstract:Tor provides low-latency anonymous and uncensored network access against a local or network adversary. Due to the design choice to minimize traffic overhead (and increase the pool of potential users) Tor allows some information about the client's connections to leak. Attacks using (features extracted from) this information to infer the website a user visits are called Website Fingerprinting (WF) attacks. We develop a methodology and tools to measure the amount of leaked information about a website. We apply this tool to a comprehensive set of features extracted from a large set of websites and WF defense mechanisms, allowing us to make more fine-grained observations about WF attacks and defenses.

Cryptography and Security

Meng Shen,Zhenbo Gao,Liehuang Zhu,Ke Xu

DOI: https://doi.org/10.1109/iwqos52092.2021.9521272

2021-01-01

Abstract:Fine-grained website fingerprinting (WF) enables potential attackers to infer individual webpages on a monitored website that victims are visiting, by analyzing the resulting traffic protected by security protocols such as TLS. Most existing studies focus on WF at the granularity of website, which takes website homepages as their representatives for fingerprinting. Fine-grained WF can reveal more user privacy, such as online purchasing habits and video-viewing interests, and can also be employed for web censorship. Due to striking similarly of webpages on a same website, it is still an open problem to conduct fine-grained WF in an accurate and time-efficient way.In this paper, we propose BurNet, a fine-grained WF method using Convolutional Neural Networks (CNNs). To extract differences of similar webpages, we propose a new concept named unidirectional burst, which is a sequence of packets corresponding to a piece of HTTP message. BurNet takes as input unidirectional burst sequences, instead of bidirectional packet sequences, which makes it applicable to local and remote attack scenarios. BurNet employs CNNs to build a powerful classifier, where sophisticated architecture is designed to improve classification accuracy while reducing time complexity in training. We collect real-world datasets from two well-known websites and conduct extensive experiments to evaluate the performance of BurNet. The closed-world evaluation results show that BurNet outperforms the state-of-the-art methods in both attack scenarios. In the more realistic open-world setting, BurNet can achieve 0.99 precision and 0.99 recall. BurNet is also superior to its CNN-based counterparts in terms of training efficiency.

Xun Gong,Negar Kiyavash,Nabíl Schear,Nikita Borisov

DOI: https://doi.org/10.48550/arXiv.1109.0097

2011-09-01

Abstract:Recent work in traffic analysis has shown that traffic patterns leaked through side channels can be used to recover important semantic information. For instance, attackers can find out which website, or which page on a website, a user is accessing simply by monitoring the packet size distribution. We show that traffic analysis is even a greater threat to privacy than previously thought by introducing a new attack that can be carried out remotely. In particular, we show that, to perform traffic analysis, adversaries do not need to directly observe the traffic patterns. Instead, they can gain sufficient information by sending probes from a far-off vantage point that exploits a queuing side channel in routers. To demonstrate the threat of such remote traffic analysis, we study a remote website detection attack that works against home broadband users. Because the remotely observed traffic patterns are more noisy than those obtained using previous schemes based on direct local traffic monitoring, we take a dynamic time warping (DTW) based approach to detecting fingerprints from the same website. As a new twist on website fingerprinting, we consider a website detection attack, where the attacker aims to find out whether a user browses a particular web site, and its privacy implications. We show experimentally that, although the success of the attack is highly variable, depending on the target site, for some sites very low error rates. We also show how such website detection can be used to deanonymize message board users.

Cryptography and Security

Bo Gao,Weiwei Liu,Guangjie Liu,Fengyuan Nie

DOI: https://doi.org/10.1109/tccn.2024.3350531

IF: 6.359

2024-01-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.

telecommunications

Meng Shen,Kexin Ji,Jinhe Wu,Qi Li,Xiangdong Kong,Ke Xu,Liehuang Zhu

DOI: https://doi.org/10.1109/sp54263.2024.00247

2024-01-01

Abstract:Website Fingerprinting (WF) attacks significantly threaten user privacy in anonymity networks such as Tor. While numerous defenses have been proposed, they are unable to efficiently defend against recent deep learning based WF attacks. In this paper, we propose Palette, a novel and practical WF defense that utilizes traffic cluster anonymization to protect live Tor traffic. By clustering websites with high similarity in traffic patterns and regulating them into a well-designed uniform pattern for a cluster (i.e., a group of similar websites), Palette prevents attackers from distinguishing between these similar websites within the cluster and further provides a strong anonymity guarantee. Comprehensive evaluations with public real-world datasets show that Palette is superior to the existing defenses, greatly reducing the accuracy of the state-of-the-art (SOTA) WF attacks with acceptable overheads. Furthermore, we implement Palette as a Pluggable Transport in the Tor network. The experiment results demonstrate that, on average, Palette effectively reduces the accuracy of the SOTA WF attacks by 73.60%, which improves the existing defenses by 33.50%-43.47%.

Vera Rimmer,Davy Preuveneers,Marc Juarez,Tom Van Goethem,Wouter Joosen

DOI: https://doi.org/10.14722/ndss.2018.23105

2017-12-06

Abstract:Several studies have shown that the network traffic that is generated by a visit to a website over Tor reveals information specific to the website through the timing and sizes of network packets. By capturing traffic traces between users and their Tor entry guard, a network eavesdropper can leverage this meta-data to reveal which website Tor users are visiting. The success of such attacks heavily depends on the particular set of traffic features that are used to construct the fingerprint. Typically, these features are manually engineered and, as such, any change introduced to the Tor network can render these carefully constructed features ineffective. In this paper, we show that an adversary can automate the feature engineering process, and thus automatically deanonymize Tor traffic by applying our novel method based on deep learning. We collect a dataset comprised of more than three million network traces, which is the largest dataset of web traffic ever used for website fingerprinting, and find that the performance achieved by our deep learning approaches is comparable to known methods which include various research efforts spanning over multiple years. The obtained success rate exceeds 96% for a closed world of 100 websites and 94% for our biggest closed world of 900 classes. In our open world evaluation, the most performant deep learning model is 2% more accurate than the state-of-the-art attack. Furthermore, we show that the implicit features automatically learned by our approach are far more resilient to dynamic changes of web content over time. We conclude that the ability to automatically construct the most relevant traffic features and perform accurate traffic recognition makes our deep learning based approach an efficient, flexible and robust technique for website fingerprinting.

Cryptography and Security,Machine Learning

Xiaobo Ma,Jian Qu,Mawei Shi,Bingyu An,Jianfeng Li,Xiapu Luo,Junjie Zhang,Zhenhua Li,Xiaohong Guan

DOI: https://doi.org/10.1109/tnet.2023.3337270

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:Website fingerprinting (WFP) could infer which websites a user is accessing via an encrypted proxy by passively inspecting the traffic characteristics of accessing different websites between the user and the proxy. Designing WFP attacks is crucial for understanding potential vulnerabilities of encrypted proxies, which guides the design of defensive measures against WFP. In this paper, we design a novel WFP attack against (popular) encrypted proxies that relay connections between the user and the proxy individually (e.g., Shadowsocks, V2Ray), and accordingly implement lightweight countermeasures to effectively defend against the attack. The attack features flow-context-aware and is both accurate and immediately deployable, because it fully considers the obstacle (dubbed training-testing asymmetry) that fundamentally limits the practicability of WFP and addresses the obstacle with built-in spatial-temporal flow correlation mechanism. We implement the countermeasure as middleboxes installed on both the client and server sides of encrypted proxies, without altering any existing infrastructures for compatibility. The middleboxes can obfuscate a website's flow regularities across different visits. Large-scale experiments in real-world scenarios demonstrate that the WFP attack can generally achieve a detection rate above 98.8% with a false positive rate below 0.2%. The countermeasure forces the attack's false positive rate to be above 0.2 and true positive rate to be below 0.9 with just five persistent TCP connections while introducing very limited bandwidth overhead (e.g., 0.49%) and almost-zero additional network latency.