Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by To...Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.展开更多
基金This work was supported in part by the National Natural Science Foundation of China(Nos.62102084 and 62072103)Jiangsu Provincial Natural Science Foundation of China(No.BK20190340)+2 种基金Jiangsu Provincial Key R&D Program(Nos.BE2021729,BE2022680,and BE2022065-4)Jiangsu Provincial Key Laboratory of Network and Information Security(No.BM2003201)Key Laboratory of Computer Network and Information Integration of Ministry of Education of China(No.93K-9).
文摘Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.