Chuxu Song,Zining Fan,Hao Wang,Richard Martin

2024-07-28

Abstract:Website fingerprinting (WF) attacks identify the websites visited over anonymized connections by analyzing patterns in network traffic flows, such as packet sizes, directions, or interval times using a machine learning classifier. Previous studies showed WF attacks achieve high classification accuracy. However, several issues call into question whether existing WF approaches are realizable in practice and thus motivate a re-exploration. Due to Tor's performance issues and resulting poor browsing experience, the vast majority of users opt for Virtual Private Networking (VPN) despite VPNs weaker privacy protections. Many other past assumptions are increasingly unrealistic as web technology advances. Our work addresses several key limitations of prior art. First, we introduce a new approach that classifies entire websites rather than individual web pages. Site-level classification uses traffic from all site components, including advertisements, multimedia, and single-page applications. Second, our Convolutional Neural Network (CNN) uses only the jitter and size of 500 contiguous packets from any point in a TCP stream, in contrast to prior work requiring heuristics to find page boundaries. Our seamless approach makes eavesdropper attack models realistic. Using traces from a controlled browser, we show our CNN matches observed traffic to a website with over 90% accuracy. We found the training traffic quality is critical as classification accuracy is significantly reduced when the training data lacks variability in network location, performance, and clients' computational capability. We enhanced the base CNN's efficacy using domain adaptation, allowing it to discount irrelevant features, such as network location. Lastly, we evaluate several defensive strategies against seamless WF attacks.

Cryptography and Security

Meng Shen,Zhenbo Gao,Liehuang Zhu,Ke Xu

DOI: https://doi.org/10.1109/iwqos52092.2021.9521272

2021-01-01

Abstract:Fine-grained website fingerprinting (WF) enables potential attackers to infer individual webpages on a monitored website that victims are visiting, by analyzing the resulting traffic protected by security protocols such as TLS. Most existing studies focus on WF at the granularity of website, which takes website homepages as their representatives for fingerprinting. Fine-grained WF can reveal more user privacy, such as online purchasing habits and video-viewing interests, and can also be employed for web censorship. Due to striking similarly of webpages on a same website, it is still an open problem to conduct fine-grained WF in an accurate and time-efficient way.In this paper, we propose BurNet, a fine-grained WF method using Convolutional Neural Networks (CNNs). To extract differences of similar webpages, we propose a new concept named unidirectional burst, which is a sequence of packets corresponding to a piece of HTTP message. BurNet takes as input unidirectional burst sequences, instead of bidirectional packet sequences, which makes it applicable to local and remote attack scenarios. BurNet employs CNNs to build a powerful classifier, where sophisticated architecture is designed to improve classification accuracy while reducing time complexity in training. We collect real-world datasets from two well-known websites and conduct extensive experiments to evaluate the performance of BurNet. The closed-world evaluation results show that BurNet outperforms the state-of-the-art methods in both attack scenarios. In the more realistic open-world setting, BurNet can achieve 0.99 precision and 0.99 recall. BurNet is also superior to its CNN-based counterparts in terms of training efficiency.

Xiaoyun Yuan,Tengyao Li,Lingling Li,Ruixiang Li,Zhiquan Wang,Xiangyang Luo

DOI: https://doi.org/10.1016/j.comnet.2024.110217

IF: 5.493

2024-01-29

Computer Networks

Abstract:Website Fingerprinting (WF) attacks on Tor are exploited to analyze encrypted traffic traces and infer the visited websites by analyzing traffic traces between users and the Tor entry guard. State-of-the-art WF methods have demonstrated impressive results in simulation experiments against Tor-protected network traffic. However, existing WF attacks have significant limitations in real-world scenarios due to potential mismatches between the data distribution in the experimental environment and that of the real world. Additionally, it is often unknown in advance which sites a client will access. In this paper, we propose a WF enhancing technique that leverages difficult-to-classify samples to train a website classifier, which exploits hard samples to train a website classifier using their distinctive features. We conduct a more detailed analysis of the impact that unbalanced data on WF attacks. In order to improve the performance, we extract misclassified traces from the unmonitored sites as the hard samples and train them using a triplet network structure to enhance their feature representation. By utilizing this method, an attacker can train a classifier that learns more features from the open world, potentially improving the accuracy and effectiveness of website fingerprinting techniques. This approach allows for a more comprehensive understanding of website characteristics and better discrimination between monitored and unmonitored sites. The experimental results demonstrate that the proposed technique has a substantial positive impact on the precision of misidentified traffic traces. The best recall rate achieved is 98.43%, while the average recall for hard samples is an impressive 93.28%. These results collectively highlight the effectiveness and reliability of the proposed technique in accurately identifying challenging traffic samples.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zhiquan Wang,Tengyao Li,Meijuan Yin,Xiaoyun Yuan,Xiangyang Luo,Lingling Li

DOI: https://doi.org/10.1016/j.cose.2024.103796

IF: 5.105

2024-03-05

Computers & Security

Abstract:Tor anonymity communication system provides privacy to users while also allowing sensitive users to access illegal websites. Website fingerprinting (WF) attack is a technique employed to identify websites visited by users, serving as a crucial tool for effectively recognizing user access to illegal online content. However, the majority of existing WF methods heavily rely on extensive training data, which faces challenges when dealing with more common few-shot scenarios which involve limited traffic traces. In such circumstance, these methods often fall into low accuracy in face of the absence of sufficient samples. Therefore, a N-shot WF recognition method with effective fusion feature attention(WF3A) is proposed in this paper. Different from the conventional single-feature recognition method, we innovatively combine direction and length, design and use the fusion feature that covers more website identification information; In order to interpret the traffic patterns that can identify the website categories from the fusion feature, we introduce the Enhanced Channel Attention (ECA) and design a stronger feature extractor when constructing WF model, which enhances the learning ability of the model by channel attention mechanism. The experimental results indicate that fusion feature outperforms original feature in few-shot scenarios. Furthermore, the proposed WF3A demonstrates superior performance compared to existing WF method. In the closed-world, the classification accuracy of WF3A is enhanced by 3.86% to 56.3% compared to existing methods. In the open-world, when the recall is controlled at 91.43%, the precision still remains stable at 81.16%.

computer science, information systems

Qiang Zhou,Liangmin Wang,Huijuan Zhu,Tong Lu,Heping Song

DOI: https://doi.org/10.1093/comjnl/bxae009

2024-02-02

The Computer Journal

Abstract:Abstract Website fingerprinting (WF) attacks based on deep neural networks pose a significant threat to the privacy of anonymous network users. However, training a deep WF model requires many labeled traces, which can be labor-intensive and time-consuming, and models trained on the originally collected traces cannot be directly used for the classification of newly collected traces due to the concept drift caused by the time gap in the data collection. Few-shot WF attacks are proposed for using the originally and few-shot newly collected labeled traces to facilitate anonymous trace classification. However, existing few-shot WF attacks ignore the fine-grained feature alignment to eliminate the concept drift in the model training, which fails to fully use the knowledge of labeled traces. We propose a novel few-shot WF attack called Joint Alignment Networks (JAN), which conducts fine-grained feature alignment at both semantic-level and feature-level. Specifically, JAN minimizes a distribution distance between originally and newly collected traces in the feature space for feature-level alignment, and utilizes two task-specific classifiers to detect unaligned traces and force these traces mapped within decision boundaries for semantic-level alignment. Extensive experiments on public datasets show that JAN outperforms the state-of-the-art few-shot WF methods, especially in the difficult 1-shot tasks.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Bo Gao,Weiwei Liu,Guangjie Liu,Fengyuan Nie

DOI: https://doi.org/10.1109/tccn.2024.3350531

IF: 6.359

2024-01-01

IEEE Transactions on Cognitive Communications and Networking

Abstract:Website fingerprinting (WF) attacks play a crucial role in network traffic analysis for ensuring network security and management. Despite increasing TLS encryption for user privacy, HTTP traffic dominates phishing and pirate website. Fast flux service networks, round robin domain name system, and content delivery networks have rendered IP address or domain name-based WF attacks less effective. Manual feature-based machine learning and recent end-to-end deep learning methods have showed promise. Nevertheless, website content updates induce concept-drift, limiting their accuracy. This study exploits the fact that resource types and website layouts are usually consistent, whereas specific resources are dynamically changing. The resource knowledge extracted from HTTP request packets is utilized to construct a graph representation of website browsing traffic. Then, a heterogeneous graph neural network specifically designed for website fingerprinting using this representation is proposed. This resource knowledge-driven graph learning framework can retain valuable pattern information while mitigating the impact of the concept-drift. The proposed WF attack is evaluated using a real-world dataset comprising over 120,000 malicious and more than 940,000 benign website flows. It can achieve over 98% accuracy when determining benign-malicious websites and 97.6% in identifying website types. These results demonstrate a notable improvement over state-of-the-art WF attacks.

telecommunications

Yixiao Xu,Tao Wang,Qi Li,Qingyuan Gong,Yang Chen,Yong Jiang

DOI: https://doi.org/10.1145/3274694.3274697

2018-01-01

Abstract:In a Website Fingerprinting (WF) attack, a local, passive eavesdropper utilizes network flow information to identify which web pages a user is browsing. Previous researchers have extensively demonstrated the feasibility and effectiveness of WF, but only under the strong Single Page Assumption: the network flow extracted by the adversary always belongs to a single page. In other words, the WF classifier will never be asked to classify a network flow corresponding to more than one page, or part of a page. The Single Page Assumption is unrealistic because people often browse with multiple tabs. When this happens, the network flow induced by multiple tabs will overlap, and current WF attacks fail to classify correctly. Our work demonstrates the feasibility of WF with the relaxed Single Page Assumption: we can attack a client who visits more than one pages simultaneously. We propose a multi-tab website fingerprinting attack that can accurately classify multi-tab web pages if they are requested and sequentially loaded over a short period of time. In particular, we develop a new BalanceCascade-XGBoost scheme for an attacker to identify the start point of the second page such that the attacker can accurately classify and identify these multi-tab pages. By developing a new classifier, we only use a small chunk of packets, i.e., packets between the first page's start time to the second page's start time, to fingerprint website. Our experiments demonstrate that in the multi-tab scenario, WF attacks are still practically effective. We have an average TPR of 92.58% on SSH, and we can also averagely identify the page with a TPR of 64.94% on Tor. Specially, compared with previous WF classifiers, our attack achieves a significantly higher true positive rate using a restricted chunk of packets.

Qilei Yin,Zhuotao Liu,Qi Li,Tao Wang,Qian Wang,Chao Shen,Yixiao Xu

DOI: https://doi.org/10.1109/tdsc.2021.3104869

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:In Website Fingerprinting (WF) attack, a local passive eavesdropper utilizes network flow information to identify which web pages a user is browsing. Previous researchers have demonstrated the feasibility and effectiveness of WF attacks under a strong Single Page Assumption: the network flow extracted by the adversary belongs to a single web page. In reality, the assumption may not hold because users tend to open multiple tabs simultaneously (or within a short period of time) so that their network traffic is mixed. In this article, we propose an automated multi-tab Website Fingerprinting attack that is able to accurately classify websites regardless of the number of simultaneously opened pages. Our design is powered by two innovative designs. First, we develop a split point classification method to dynamically identify the split point between the first page and its subsequent pages. As a result, the network traffic before the split point is solely generated for the first page. Then, we propose a new chunk-based WF classifier to infer the websites based on the initial chunk of clean traffic. For both classifiers, we apply automated feature selection to select a concise yet representative feature set. We implement a prototype of our design and perform extensive evaluations using SSH and Tor-based datasets to demonstrate the effectiveness of both our system components individually and the integrated system as a whole.

Boyu Sun,Wenyuan Yang,Mengqi Yan,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/icccs55155.2022.9846237

2022-01-01

Abstract:Website Fingerprinting (WF) can be used by network eavesdroppers to infer information about the content of encrypted and anonymous connections. Several defenses leverage adversarial examples to mitigate the threat of WF attacks, but they require to get entire traffic traces after network sessions have concluded to produce adversarial examples, thus offer users little protection in practical settings. In this paper, a novel practical WF defense method called WF-UAP is proposed by crafting Universal Adversarial Perturbations (UAP) to fight back against WF attacks, in which adversarial examples are produced to fool the classifiers used in WF attacks when UAPs are added to any network traffic trace in the target domain. We further present a Generative Adversarial Network (GAN) based UAP generation approach to enhance the performance of UAPs. It can efficiently generate UAPs once the generator is trained and make the adversarial traces and original traffic traces are more difficult to distinguish. Our experimental results over a public dataset demonstrate that WF-UAP reduces the accuracy of the state-of-the-art WF attacks from 98% to 15% with at most 20% increased bandwidth overhead, which outperforms the previous defenses in terms of the defense performance and overhead.

Shihao Wang,Liangmin Wang,Shangnan Yin,Hui Zhao,Hao Shentu

DOI: https://doi.org/10.1109/nana51271.2020.00020

2020-01-01

Abstract:Website Fingerprinting (WF) attacks aim to identify the website label of anonymous website traffic trace. WF attacks are suitable for anonymous network scenario because it only needs to analyze the information contained in the packet header without analyzing the content of the packet payload. WF attacks are important means to combat anonymous cyber-crimes. However, with anonymous networks are widely deployed on different devices such as PC and mobile devices, the sources of anonymous website traffic have become more diverse, and differences in devices will cause differences in anonymous website traffic. Existing WF attacks only use anonymous website traffic collected from the same device to train the classifier, and the performance will be significantly reduced while it is trying to identify the mixed anonymous website traffic generated by different devices. In this study, we propose cross-platform website fingerprinting (CPWF) attack based on multi-similarity loss. First, we use the multi-similarity loss to train a deep learning-based website fingerprint extraction model. The model is able to extract a feature set for anonymous website traffic classification, ignoring the differences caused by different devices, so that attackers can use the anonymous website traffic collected from the single terminal device to train the classifier, the classifier capable of identifying anonymous website traffic collected from all devices effectively.

Hongcheng Zou,Ziling Wei,Jinshu Su,Shuhui Chen,Zheng Qin

DOI: https://doi.org/10.1016/j.eswa.2024.123236

IF: 8.5

2024-02-01

Expert Systems with Applications

Abstract:Website fingerprinting (WF) attacks enable a local eavesdropper to infer the visiting websites of a user even in an encrypted connection. To improve the prediction performance of WF attacks, we approach from two perspectives, i.e., features and models. In terms of features, the paper proposes relation features, which contain useful classifying information that previous features do not reveal. Besides, we propose a CNN-based framework called NFS-CNN, whose key innovations include two aspects. First, we make three optimizations for ResNet18 to reduce the loss of data information. Second, we design a feature-attention block to automatically learn the contribution that the data of different channels makes to the prediction performance. Based on relation features and NFS-CNN, we put forward Relation-CNN, further design comprehensive evaluations to test relation features and Relation-CNN on typical Tor datasets, including webpage access and onion service access. Experimental results show that relation features do reveal a lot of unique discriminative information, which is hardly learned by DNNs. Further, we explain the results by theoretical analysis, i.e., information leakage analysis. Evaluation results also indicate that the accuracy of WF attacks is always improved when adding the relation features into the input. On top of that, Relation-CNN consistently performs the best on all evaluations, including the scenarios of closed-world and open-world, defended and non-defended. Remarkably, Relation-CNN can outperform the best baseline attack by about 5% and 8% on defended and non-defended datasets, respectively.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Litao Qiao,Bang Wu,Shuijun Yin,Heng Li,Wei Yuan,Xiapu Luo

DOI: https://doi.org/10.1109/tifs.2023.3304528

IF: 7.231

2023-09-06

IEEE Transactions on Information Forensics and Security

Abstract:Deep neural network (DNN) based website fingerprinting (WF) attacks pose a severe threat to the privacy of Tor users. To overcome this challenge, adversarial perturbation based WF defenses have been recently proposed to fool the classifiers of attackers, through purposefully perturbing the user's traffic traces. Unfortunately, these defenses significantly deteriorate once the WF attacks are enhanced with adversarial training (AT). AT endows the WF attacks with more powerful website recognition capability, through learning the perturbed traffic traces generated by attackers. To resist the WF attacks enhanced by AT, we develop a black-box WF defense, called Acup3. First, Acup3 leverages many-to- one website imitation to make the traffic traces associated with different websites look more like each other, increasing the difficulty of website classification. Second, Acup3 generates trace-agnostic perturbations without accessing traffic traces, making it suitable for practical deployment. Third, Acup3 employs perturbation variation to diversify the traffic traces of different users visiting the same website, making the knowledge learnt from AT less helpful for WF attacks. Therefore, Acup3 is more robust against AT. Experiments demonstrate Acup3 markedly surpasses four representative WF defenses (e.g., Mockingbird and AWA) in defense capability and bandwidth overhead. Facing the state-of-the-art (SOTA) attack Var-CNN enhanced with AT, Acup3 depresses its attack success rate (ASR) from 98% to 24.29% with only 13.95% bandwidth overhead. Compared to the SOTA defense AWA, Acup3 causes a 24.5% larger decrement in ASR of WF attacks, and achieves a more than 100 times faster speed of perturbation generation.

computer science, theory & methods,engineering, electrical & electronic

Shangdong Wang,Zhiliang Wang,Chenglong Li,Dongqi Han,Jiahai Yang,Hui Zhang

DOI: https://doi.org/10.1109/noms59830.2024.10575874

2024-01-01

Abstract:Website fingerprinting (WF) attacks pose a serious threat to users’ online privacy, even when using privacy-enhancing tools like Tor. Previous attacks mostly rely on supervised learning and only a few studies have explored the few-shot setting which is more realistic. In this paper, we propose TrafficSiam, a novel WF attack based on few-shot learning with self-supervised learning, which enables our model to be pretrained with unlabeled tor traffic and transferred to new tasks using a small number of labeled samples which is more realistic and yield stronger generalization ability. We conduct a series of experiments, using only a small amount of labeled samples, and find that our model achieves 92.32% accuracy in the closed-world setting, compared to the highest accuracy 88.73%, using previous methods. Furthermore, our model also outperforms previous attacks in the open-world setting.

Ishan Karunanayake,Jiaojiao Jiang,Nadeem Ahmed,Sanjay K. Jha

DOI: https://doi.org/10.1109/tifs.2023.3342607

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Amidst the rapid technological advancements of today, privacy and anonymity are facing increasing threats. Tor, one of the most widely used anonymity networks, enables users to browse the Internet without their activities being tracked. Extensive research has been conducted on both attacking and defending the anonymity of Tor users. Website Fingerprinting (WF) is one of the popular de-anonymisation techniques employed against Tor users. This paper presents two novel WF techniques based on Graph Neural Networks (GNNs) to explore two relatively understudied avenues of WF: the fingerprintability of Decentralised Applications (DApps) and the impact of reload traffic on WF. Due to the lack of publicly available datasets for DApp traffic and reload traffic suitable for WF, we collected five new datasets for our experiments. Our findings reveal that GNN-based techniques surpass the performance of state-of-the-art WF techniques when reload traffic is used. Meanwhile, certain high-performing state-of-the-art techniques exhibit a significant reduction in accuracy, more than 40%, when reload traffic is used instead of homepage traffic. Additionally, we identify that DApps are less susceptible to fingerprinting than conventional websites, leading to a 25% decrease in accuracy in some state-of-the-art WF techniques. While confirming prior research findings that GNN-based techniques can outperform existing techniques when accessing DApps via Chrome, we further demonstrate that using Tor to access DApps makes them even more difficult to fingerprint. Finally, we expect our datasets, four of which lack publicly available alternatives, will prove invaluable for future research.

computer science, theory & methods,engineering, electrical & electronic

Mantun Chen,Yongxin Chen,Yongjun Wang,Peidai Xie,Shaojing Fu,Xiatian Zhu

DOI: https://doi.org/10.48550/arXiv.2203.06376

2022-03-12

Cryptography and Security

Abstract:Website fingerprinting attack (WFA) aims to deanonymize the website a user is visiting through anonymous networks channels (e.g., Tor). Despite of remarkable progress in the past years, most existing methods make implicitly a couple of artificial assumptions that (1) only a single website (i.e., single-tab) is visited each time, and (2) website fingerprinting data are pre-trimmed into a single trace per website manually. In reality, a user often open multiple tabs for multiple websites spontaneously. Indeed, this multi-tab WFA (MT-WFA) setting has been studied in a few recent works, but all of them still fail to fully respect the real-world situations. In particular, the overlapping challenge between website fingerprinting has never been investigated in depth. In this work, we redefine the problem of MT-WFA as detecting multiple monitored traces, given a natural untrimmed traffic data including monitored traces, unmonitored traces, and potentially unconstrained overlapping between them. This eliminates the above assumptions, going beyond the conventional single website fingerprint classification perspective taken by all previous WFA methods. To tackle this realistic MT-WFA problem, we formulate a novel Website Fingerprint Detection (WFD) model capable of detecting accurately the start and end points of all the monitored traces and classifying them jointly, given long, untrimmed raw traffic data. WFD is end-to-end, with the trace localization and website classification integrated in a single unified pipeline. To enable quantitative evaluation in our MT-WFA setting, we introduce new performance metrics. Extensive experiments on several newly constructed benchmarks show that our WFD outperforms the state-of-the-art alternative methods in both accuracy and efficiency by a large margin, even with a very small training set. Code is available at https://github.com/WFDetector/WFDetection

Payap Sirinam,Mohsen Imani,Marc Juarez,Matthew Wright

DOI: https://doi.org/10.48550/arXiv.1801.02265

2018-08-20

Abstract:Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight website fingerprinting defenses for Tor have been proposed that substantially degrade existing attacks: WTF-PAD and Walkie-Talkie. In this work, we present Deep Fingerprinting (DF), a new website fingerprinting attack against Tor that leverages a type of deep learning called Convolutional Neural Networks (CNN) with a sophisticated architecture design, and we evaluate this attack against WTF-PAD and Walkie-Talkie. The DF attack attains over 98% accuracy on Tor traffic without defenses, better than all prior attacks, and it is also the only attack that is effective against WTF-PAD with over 90% accuracy. Walkie-Talkie remains effective, holding the attack to just 49.7% accuracy. In the more realistic open-world setting, our attack remains effective, with 0.99 precision and 0.94 recall on undefended traffic. Against traffic defended with WTF-PAD in this setting, the attack still can get 0.96 precision and 0.68 recall. These findings highlight the need for effective defenses that protect against this new attack and that could be deployed in Tor.

Cryptography and Security

Xinhao Deng,Qilei Yin,Zhuotao Liu,Xiyuan Zhao,Qi Li,Mingwei Xu,Ke Xu,Jianping Wu

DOI: https://doi.org/10.1109/SP46215.2023.10179464

2023-01-01

Abstract:Website fingerprinting enables an eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting (WF) attacks have demonstrated effectiveness even against Tor-protected network traffic. However, existing WF attacks have critical limitations on accurately identifying websites in multi-tab browsing sessions, where the holistic pattern of individual websites is no longer preserved, and the number of tabs opened by a client is unknown a priori. In this paper, we propose ARES, a novel WF framework natively designed for multi-tab WF attacks. ARES formulates the multi-tab attack as a multi-label classification problem and solves it using a multi-classifier framework. Each classifier, designed based on a novel transformer model, identifies a specific website using its local patterns extracted from multiple traffic segments. We implement a prototype of ARES and extensively evaluate its effectiveness using our large-scale dataset collected over multiple months (by far the largest multi-tab WF dataset studied in academic papers.) The experimental results illustrate that ARES effectively achieves the multi-tab WF attack with the best F1-score of 0.907. Further, ARES remains robust even against various WF defenses.

Haoyu Yin,Yingjian Liu,Yue Li,Zhongwen Guo,Yu Wang

DOI: https://doi.org/10.1016/j.jnca.2023.103733

IF: 7.574

2023-11-01

Journal of Network and Computer Applications

Abstract:Deep learning (DL) technologies bring new threats to network security. Website fingerprinting attacks (WFA) using DL models can distinguish victim’s browsing activities protected by anonymity technologies. Unfortunately, traditional countermeasures (website fingerprinting defenses, WFD) fail to preserve privacy against DL models. In this paper, we apply adversarial example technology to implement new WFD with static analyzing (SA) and dynamic perturbation (DP) settings. Although DP setting is close to a real-world scenario, its supervisions are almost unavailable due to the uncertainty of upcoming traffics and the difficulty of dependency analysis over time. SA setting relaxes the real-time constraints in order to implement WFD under a supervised learning perspective. We propose Greedy Injection Attack (GIA), a novel adversarial method for WFD under SA setting based on zero-injection vulnerability test. Furthermore, Sniper is proposed to mitigate the computational cost by using a DL model to approximate zero-injection test. FCNSniper and RNNSniper are designed for SA and DP settings respectively. Experiments show that FCNSniper decreases classification accuracy of the state-of-the-art WFA model by 96.57% with only 2.29% bandwidth overhead. The learned knowledge can be efficiently transferred into RNNSniper. As an indirect adversarial example attack approach, FCNSniper can be well generalized to different target WFA models and datasets without suffering fatal failures from adversarial training.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Alireza Bahramali,Ardavan Bozorgi,Amir Houmansadr

2023-09-19

Abstract:Website Fingerprinting (WF) is considered a major threat to the anonymity of Tor users (and other anonymity systems). While state-of-the-art WF techniques have claimed high attack accuracies, e.g., by leveraging Deep Neural Networks (DNN), several recent works have questioned the practicality of such WF attacks in the real world due to the assumptions made in the design and evaluation of these attacks. In this work, we argue that such impracticality issues are mainly due to the attacker's inability in collecting training data in comprehensive network conditions, e.g., a WF classifier may be trained only on samples collected on specific high-bandwidth network links but deployed on connections with different network conditions. We show that augmenting network traces can enhance the performance of WF classifiers in unobserved network conditions. Specifically, we introduce NetAugment, an augmentation technique tailored to the specifications of Tor traces. We instantiate NetAugment through semi-supervised and self-supervised learning techniques. Our extensive open-world and close-world experiments demonstrate that under practical evaluation settings, our WF attacks provide superior performances compared to the state-of-the-art; this is due to their use of augmented network traces for training, which allows them to learn the features of target traffic in unobserved settings. For instance, with a 5-shot learning in a closed-world scenario, our self-supervised WF attack (named NetCLR) reaches up to 80% accuracy when the traces for evaluation are collected in a setting unobserved by the WF adversary. This is compared to an accuracy of 64.4% achieved by the state-of-the-art Triplet Fingerprinting [35]. We believe that the promising results of our work can encourage the use of network trace augmentation in other types of network traffic analysis.

Cryptography and Security,Machine Learning

Xinhao Deng,Qi Li,Ke Xu

2024-07-01

Abstract:Website Fingerprinting (WF) attacks identify the websites visited by users by performing traffic analysis, compromising user privacy. Particularly, DL-based WF attacks demonstrate impressive attack performance. However, the effectiveness of DL-based WF attacks relies on the collected complete and pure traffic during the page loading, which impacts the practicality of these attacks. The WF performance is rather low under dynamic network conditions and various WF defenses, particularly when the analyzed traffic is only a small part of the complete traffic. In this paper, we propose Holmes, a robust and reliable early-stage WF attack. Holmes utilizes temporal and spatial distribution analysis of website traffic to effectively identify websites in the early stages of page loading. Specifically, Holmes develops adaptive data augmentation based on the temporal distribution of website traffic and utilizes a supervised contrastive learning method to extract the correlations between the early-stage traffic and the pre-collected complete traffic. Holmes accurately identifies traffic in the early stages of page loading by computing the correlation of the traffic with the spatial distribution information, which ensures robust and reliable detection according to early-stage traffic. We extensively evaluate Holmes using six datasets. Compared to nine existing DL-based WF attacks, Holmes improves the F1-score of identifying early-stage traffic by an average of 169.18%. Furthermore, we replay the traffic of visiting real-world dark web websites. Holmes successfully identifies dark web websites when the ratio of page loading on average is only 21.71%, with an average precision improvement of 169.36% over the existing WF attacks.

Cryptography and Security,Artificial Intelligence,Machine Learning