抵御网站指纹攻击的相似流量策略

Similar Traffic Strategy Against Website Fingerprinting Attacks

在访问一些特殊网页,如医院、学校、银行的网页时,网页踪迹会记录访问网页时产生的一系列请求和响应,而网络痕迹可能会泄露个人隐私。在现有技术手段下,即使传输的流量是加密的,流量分析攻击也可以轻松识别用户正在访问的页面,为网络攻击者获取用户隐私信息提供了便利。鉴于此,提出一种防御流量分析攻击的新方法,在服务器端填充Web对象的大小而不改变渲染效果,并引入等价渲染的概念,通过添加使两个页面的对象序列大小和顺序相同的空对象与填充对象的方法达到等价渲染的目的。受K-匿名思想启发,在一组具有隐私性的网页中,使用相似网站指纹识别策略以混淆分类器从而识别网页,可以取得良好效果。更重要的是,应用该策略后,相关统计数据的可用性依然支持对数据的统计分析。最后,相关实验也证实了该新方法的可行性。

While visiting some special web pages,such as hospitals,schools,banks,etc.,web traces,which record a series of requests and responses generated when visiting a web page,may reveal personal privacy.Traffic analysis attacks can easily identify the page a user is visit⁃ing,even if the transmitted traffic is encrypted,and infer the user's privacy.This paper proposes a new method to defend against traffic analy⁃sis attacks by padding the size of web objects on the server side without changing the rendering effect,introduces the concept of rendering equivalent and makes the object sequence size and order the same for both pages by adding NULL objects and padding objects.Following the idea of K-anonymity,in a set of web pages with privacy,we use a similar website fingerprinting strategy to obfuscate classifiers to identify web pages,and achieve good results.What's more,the relevant statistical analysis of the data is still available after applying our strategy.Finally,the proof-of-concept experiments is conducted to confirm the feasibility of our strategy.