CMAES-WFD:Adversarial Website Fingerprinting Defense Based on Covariance Matrix Adaptation Evolution Strategy

Website fingerprinting,also known asWF,is a traffic analysis attack that enables local eavesdroppers to infer a user’s browsing destination,even when using the Tor anonymity network.While advanced attacks based on deep neural network(DNN)can performfeature engineering and attain accuracy rates of over 98%,research has demonstrated thatDNNis vulnerable to adversarial samples.As a result,many researchers have explored using adversarial samples as a defense mechanism against DNN-based WF attacks and have achieved considerable success.However,these methods suffer from high bandwidth overhead or require access to the target model,which is unrealistic.This paper proposes CMAES-WFD,a black-box WF defense based on adversarial samples.The process of generating adversarial examples is transformed into a constrained optimization problem solved by utilizing the Covariance Matrix Adaptation Evolution Strategy(CMAES)optimization algorithm.Perturbations are injected into the local parts of the original traffic to control bandwidth overhead.According to the experiment results,CMAES-WFD was able to significantly decrease the accuracy of Deep Fingerprinting(DF)and VarCnn to below 8.3%and the bandwidth overhead to a maximum of only 14.6%and 20.5%,respectively.Specially,for Automated Website Fingerprinting(AWF)with simple structure,CMAES-WFD reduced the classification accuracy to only 6.7%and the bandwidth overhead to less than 7.4%.Moreover,it was demonstrated that CMAES-WFD was robust against adversarial training to a certain extent.

An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch

Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.

Effective and Lightweight Defenses Against Website Fingerprinting on Encrypted Traffic

Recently,website fingerprinting(WF)attacks that eavesdrop on the web browsing activity of users by analyzing the observed traffic can endanger the data security of users even if the users have deployed encrypted proxies such as Tor.Several WF defenses have been raised to counter passive WF attacks.However,the existing defense methods have several significant drawbacks in terms of effectiveness and overhead,which means that these defenses rarely apply in the real world.The performance of the existing methods greatly depends on the number of dummy packets added,which increases overheads and hampers the user experience of web browsing activity.Inspired by the feature extraction of current WF attacks with deep learning networks,in this paper,we propose TED,a lightweight WF defense method that effectively decreases the accuracy of current WF attacks.We apply the idea of adversary examples,aiming to effectively disturb the accuracy of WF attacks with deep learning networks and precisely insert a few dummy packets.The defense extracts the key features of similar websites through a feature extraction network with adapted Grad-CAM and applies the features to interfere with the WF attacks.The key features of traces are utilized to generate defense fractions that are inserted into the targeted trace to deceive WF classifiers.The experiments are carried out on public datasets from DF.Compared with several WF defenses,the experiments show that TED can efficiently reduce the effectiveness of WF attacks with minimal expenditure,reducing the accuracy by nearly 40%with less than 30%overhead.

An Active De-anonymizing Attack Against Tor Web Traffic

Tor is pervasively used to conceal target websites that users are visiting. A de-anonymization technique against Tor, referred to as website fingerprinting attack, aims to infer the websites accessed by Tor clients by passively analyzing the patterns of encrypted traffic at the Tor client side. However, HTTP pipeline and Tor circuit multiplexing techniques can affect the accuracy of the attack by mixing the traffic that carries web objects in a single TCP connection. In this paper, we propose a novel active website fingerprinting attack by identifying and delaying the HTTP requests at the first hop Tor node. Then, we can separate the traffic that carries distinct web objects to derive a more distinguishable traffic pattern. To fulfill this goal, two algorithms based on statistical analysis and objective function optimization are proposed to construct a general packet delay scheme. We evaluate our active attack against Tor in empirical experiments and obtain the highest accuracy of 98.64%, compared with 85.95% of passive attack. We also perform experiments in the open-world scenario. When the parameter k of k-NN classifier is set to 5, then we can obtain a true positive rate of 90.96% with a false positive rate of 3.9%.