AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
PDF (1.1 MB)
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch

School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
Show Author Information

Abstract

Website Fingerprinting (WF) attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website, even if traffic is sophisticatedly anonymized by Tor. Many offline defenses have been proposed and claimed to have achieved good effectiveness. However, such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario. Because defenders generate optimized defense schemes only if the complete traffic traces are obtained. The practicality and effectiveness are doubtful. In this paper, we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios. And then the online WF defense based on the non-targeted adversarial patch is proposed. To reduce the overhead, we use the Gradient-weighted Class Activation Mapping (Grad-CAM) algorithm to identify critical segments that have high contribution to the classification. In addition, we optimize the adversarial patch generation process by splitting patches and limiting the values, so that the pre-trained patches can be injected and discarded in real-time traffic. Extensive experiments are carried out to evaluate the effectiveness of our defense. When bandwidth overhead is set to 20%, the accuracies of the two state-of-the-art attacks, DF and Var-CNN, drop to 10.83% and 15.49%, respectively. Furthermore, we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario, and achieve a defense accuracy of 95.50% with 12.57% time overhead.

References

[1]
N. Huss, How many websites are there, https://siteefy.com/how-many-websites-are-there/, 2023.
[2]
R. Dingledine, N. Mathewson, and P. Syverson, Tor: The second-generation onion router, in Proc. 13th Conf. USENIX Security Symp., Berkeley, CA, USA, 2004, pp. 303320.
[3]
J. Hayes and G. Danezis, K-fingerprinting: A robust scalable website fingerprinting technique, in Proc. 25th USENIX Conf. Security Symp., Austin, TX, USA, 2016, pp. 11871203.
[4]
M. S. Rahman, P. Sirinam, N. Matthews, K. G. Gangadhara, and M. Wright, Tik-tok: The utility of packet timing in website fingerprinting attacks, arXiv preprint arXiv: 1902.06421, 2019.
[5]
V. Rimmer, D. Preuveneers, M. Juarez, T. Van Goethem, and W. Joosen, Automated website fingerprinting through deep learning, arXiv preprint arXiv: 1708.06376, 2017.
[6]
S. Bhat, D. Lu, A. Kwon, and S. Devadas, Var-CNN: A data-efficient website fingerprinting attack based on deep learning, arXiv preprint arXiv: 1802.10215, 2018.
[7]
M. Juarez, M. Imani, M. Perry, C. Diaz, and M. Wright, Toward an efficient website fingerprinting defense, in Proc. 21st European Symposium on Research in Computer Security, Heraklion, Greece, 2016, pp. 2746.
[8]
A. Panchenko, L. Niessen, A. Zinnen, and T. Engel, Website fingerprinting in onion routing based anonymization networks, in Proc. 10th Annual ACM Workshop on Privacy in the Electronic Society, Chicago, IL, USA, 2011, pp. 103114.
[9]
X. Cai, R. Nithyanand, and R. Johnson, CS-BuFLO: A congestion sensitive website fingerprinting defense, in Proc. 13th Workshop on Privacy in the Electronic Society, Scottsdale, AZ, USA, 2014, pp. 121130.
[10]
P. Sirinam, M. Imani, M. Juarez, and M. Wright, Deep fingerprinting: Undermining website fingerprinting defenses with deep learning, arXiv preprint arXiv: 1801.02265, 2018.
[11]
I. J. Goodfellow, J. Shlens, and C. Szegedy, Explaining and harnessing adversarial examples, arXiv preprint arXiv: 1412.6572, 2014.
[12]
G. D. Bissias, M. Liberatore, D. Jensen, and B. N. Levine, Privacy vulnerabilities in encrypted HTTP streams, in Proc. 5th Int. Conf. Privacy Enhancing Technologies, Cavtat, Croatia, 2005, pp. 111.
[13]
M. Liberatore and B. N. Levine, Inferring the source of encrypted HTTP connections, in Proc. 13th ACM Conf. Computer and Communications Security, Alexandria, VA, USA, 2006, pp. 255263.
[14]
D. Herrmann, R. Wendolsky, and H. Federrath, Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier, in Proc. 2009 ACM Workshop on Cloud Computing Security, Chicago, IL, USA, 2009, pp. 3142.
[15]
X. Cai, X. C. Zhang, B. Joshi, and R. Johnson, Touching from a distance: Website fingerprinting attacks and defenses, in Proc. 2012 ACM Conf. Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 605616.
[16]
T. Wang and I. Goldberg, Improved website fingerprinting on Tor, in Proc. 12th ACM Workshop on Workshop on Privacy in the Electronic Society, Berlin, Germany, 2013, pp. 201212.
[17]
K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton, Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail, in Proc. 2012 IEEE Symp. on Security and Privacy, San Francisco, CA, USA, 2012, pp. 332346.
[18]
T. Wang and I. Goldberg, Walkie-Talkie: An efficient defense against passive website fingerprinting attacks, in Proc. 26th USENIX Security Symp., Vancouver, Canada, 2017, pp. 13751390.
[19]
T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg, Effective attacks and provable defenses for website fingerprinting, in Proc. 23rd USENIX Conf. Security Symp., San Diego, CA, USA, 2014, pp. 143157.
[20]
W. Lin, S. Reddy, and N. Borisov, Measuring the impact of HTTP/2 and server push on web fingerprinting, in Proc. Workshop on Measurements Attacks and Defenses for the Web (MADWeb), San Diego, CA, USA, 2019, pp. 17.
[21]
C. Hou, G. Gou, J. Shi, P. Fu, and G. Xiong, WF-GAN: Fighting back against website fingerprinting attack using adversarial learning, in Proc. 2020 IEEE Symp. on Computers and Communications (ISCC), Rennes, France, 2020, pp. 17.
[22]
J. Gong, W. Zhang, C. Zhang, and T. Wang, Surakav: Generating realistic traces for a strong website fingerprinting defense, in Proc. 2022 IEEE Symp. on Security and Privacy (SP), San Francisco, CA, USA, 2022, pp. 15581573.
[23]
T. B. Brown, D. Mané, A. Roy, M. Abadi, and J. Gilmer, Adversarial patch, arXiv preprint arXiv:1712.09665, 2017.
[24]
WFPadTools, Framework to develop padding strategies on Tor Pluggable Transports, https://github.com/mjuarezm/wfpadtools, 2018.
[25]
R. R. Selvaraju, M. Cogswell, A. Das, R. Vedantam, D. Parikh, and D. Batra, Grad-CAM: Visual explanations from deep networks via gradient-based localization, in Proc. 2017 IEEE Int. Conf. Computer Vision (ICCV), Venice, Italy, 2017, pp. 618626.
Tsinghua Science and Technology
Pages 1148-1159
Cite this article:
Gu X, Song B, Lan W, et al. An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch. Tsinghua Science and Technology, 2023, 28(6): 1148-1159. https://doi.org/10.26599/TST.2023.9010062

695

Views

68

Downloads

1

Crossref

1

Web of Science

3

Scopus

0

CSCD

Altmetrics

Received: 05 June 2023
Revised: 15 June 2023
Accepted: 15 June 2023
Published: 28 July 2023
© The author(s) 2023.

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return