Journal Home > Volume 28 , Issue 6
Tsinghua Science and Technology 2023, 28(6): 1148-1159 https://doi.org/10.26599/TST.2023.9010062
Open Access | Issue | Published: 28 July 2023

An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch

Show Author's Information Xiaodan Gu1( ) Bingchen Song1 Wei Lan1 Ming Yang1
School of Computer Science and Engineering, Southeast University, Nanjing 211189, China
Keywords:
traffic analysis, website fingerprinting, online defense, adversarial patch
Cite this article:
Gu X, Song B, Lan W, et al. An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch. Tsinghua Science and Technology, 2023, 28(6): 1148-1159. https://doi.org/10.26599/TST.2023.9010062
Download citation
EndNote(RIS)
BibTeX

383

Views

44

Downloads

Citations

1

Crossref

1

WoS

1

Scopus

0

CSCD

Abstract Full text About this article

Website Fingerprinting (WF) attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website, even if traffic is sophisticatedly anonymized by Tor. Many offline defenses have been proposed and claimed to have achieved good effectiveness. However, such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario. Because defenders generate optimized defense schemes only if the complete traffic traces are obtained. The practicality and effectiveness are doubtful. In this paper, we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios. And then the online WF defense based on the non-targeted adversarial patch is proposed. To reduce the overhead, we use the Gradient-weighted Class Activation Mapping (Grad-CAM) algorithm to identify critical segments that have high contribution to the classification. In addition, we optimize the adversarial patch generation process by splitting patches and limiting the values, so that the pre-trained patches can be injected and discarded in real-time traffic. Extensive experiments are carried out to evaluate the effectiveness of our defense. When bandwidth overhead is set to 20%, the accuracies of the two state-of-the-art attacks, DF and Var-CNN, drop to 10.83% and 15.49%, respectively. Furthermore, we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario, and achieve a defense accuracy of 95.50% with 12.57% time overhead.


menu
Abstract
Full text
Outline
About this article

An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch

Show Author's information Xiaodan Gu1( )Bingchen Song1Wei Lan1Ming Yang1
School of Computer Science and Engineering, Southeast University, Nanjing 211189, China

Abstract

Website Fingerprinting (WF) attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website, even if traffic is sophisticatedly anonymized by Tor. Many offline defenses have been proposed and claimed to have achieved good effectiveness. However, such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario. Because defenders generate optimized defense schemes only if the complete traffic traces are obtained. The practicality and effectiveness are doubtful. In this paper, we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios. And then the online WF defense based on the non-targeted adversarial patch is proposed. To reduce the overhead, we use the Gradient-weighted Class Activation Mapping (Grad-CAM) algorithm to identify critical segments that have high contribution to the classification. In addition, we optimize the adversarial patch generation process by splitting patches and limiting the values, so that the pre-trained patches can be injected and discarded in real-time traffic. Extensive experiments are carried out to evaluate the effectiveness of our defense. When bandwidth overhead is set to 20%, the accuracies of the two state-of-the-art attacks, DF and Var-CNN, drop to 10.83% and 15.49%, respectively. Furthermore, we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario, and achieve a defense accuracy of 95.50% with 12.57% time overhead.

Keywords: traffic analysis, website fingerprinting, online defense, adversarial patch

References(25)

[1]
N. Huss, How many websites are there, https://siteefy.com/how-many-websites-are-there/, 2023.
[2]
R. Dingledine, N. Mathewson, and P. Syverson, Tor: The second-generation onion router, in Proc. 13th Conf. USENIX Security Symp., Berkeley, CA, USA, 2004, pp. 303–320.
DOI Google Scholar
[3]
J. Hayes and G. Danezis, K-fingerprinting: A robust scalable website fingerprinting technique, in Proc. 25th USENIX Conf. Security Symp., Austin, TX, USA, 2016, pp. 1187–1203.
Google Scholar
[4]
M. S. Rahman, P. Sirinam, N. Matthews, K. G. Gangadhara, and M. Wright, Tik-tok: The utility of packet timing in website fingerprinting attacks, arXiv preprint arXiv: 1902.06421, 2019.
Google Scholar
[5]
V. Rimmer, D. Preuveneers, M. Juarez, T. Van Goethem, and W. Joosen, Automated website fingerprinting through deep learning, arXiv preprint arXiv: 1708.06376, 2017.
DOI Google Scholar
[6]
S. Bhat, D. Lu, A. Kwon, and S. Devadas, Var-CNN: A data-efficient website fingerprinting attack based on deep learning, arXiv preprint arXiv: 1802.10215, 2018.
Google Scholar
[7]
M. Juarez, M. Imani, M. Perry, C. Diaz, and M. Wright, Toward an efficient website fingerprinting defense, in Proc. 21st European Symposium on Research in Computer Security, Heraklion, Greece, 2016, pp. 27–46.
DOI Google Scholar
[8]
A. Panchenko, L. Niessen, A. Zinnen, and T. Engel, Website fingerprinting in onion routing based anonymization networks, in Proc. 10th Annual ACM Workshop on Privacy in the Electronic Society, Chicago, IL, USA, 2011, pp. 103–114.
DOI Google Scholar
[9]
X. Cai, R. Nithyanand, and R. Johnson, CS-BuFLO: A congestion sensitive website fingerprinting defense, in Proc. 13th Workshop on Privacy in the Electronic Society, Scottsdale, AZ, USA, 2014, pp. 121–130.
DOI Google Scholar
[10]
P. Sirinam, M. Imani, M. Juarez, and M. Wright, Deep fingerprinting: Undermining website fingerprinting defenses with deep learning, arXiv preprint arXiv: 1801.02265, 2018.
DOI Google Scholar
[11]
I. J. Goodfellow, J. Shlens, and C. Szegedy, Explaining and harnessing adversarial examples, arXiv preprint arXiv: 1412.6572, 2014.
Google Scholar
[12]
G. D. Bissias, M. Liberatore, D. Jensen, and B. N. Levine, Privacy vulnerabilities in encrypted HTTP streams, in Proc. 5th Int. Conf. Privacy Enhancing Technologies, Cavtat, Croatia, 2005, pp. 1–11.
DOI Google Scholar
[13]
M. Liberatore and B. N. Levine, Inferring the source of encrypted HTTP connections, in Proc. 13th ACM Conf. Computer and Communications Security, Alexandria, VA, USA, 2006, pp. 255–263.
DOI Google Scholar
[14]
D. Herrmann, R. Wendolsky, and H. Federrath, Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier, in Proc. 2009 ACM Workshop on Cloud Computing Security, Chicago, IL, USA, 2009, pp. 31–42.
DOI Google Scholar
[15]
X. Cai, X. C. Zhang, B. Joshi, and R. Johnson, Touching from a distance: Website fingerprinting attacks and defenses, in Proc. 2012 ACM Conf. Computer and Communications Security, Raleigh, NC, USA, 2012, pp. 605–616.
DOI Google Scholar
[16]
T. Wang and I. Goldberg, Improved website fingerprinting on Tor, in Proc. 12th ACM Workshop on Workshop on Privacy in the Electronic Society, Berlin, Germany, 2013, pp. 201–212.
DOI Google Scholar
[17]
K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton, Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail, in Proc. 2012 IEEE Symp. on Security and Privacy, San Francisco, CA, USA, 2012, pp. 332–346.
DOI Google Scholar
[18]
T. Wang and I. Goldberg, Walkie-Talkie: An efficient defense against passive website fingerprinting attacks, in Proc. 26th USENIX Security Symp., Vancouver, Canada, 2017, pp. 1375–1390.
Google Scholar
[19]
T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg, Effective attacks and provable defenses for website fingerprinting, in Proc. 23rd USENIX Conf. Security Symp., San Diego, CA, USA, 2014, pp. 143–157.
Google Scholar
[20]
W. Lin, S. Reddy, and N. Borisov, Measuring the impact of HTTP/2 and server push on web fingerprinting, in Proc. Workshop on Measurements Attacks and Defenses for the Web (MADWeb), San Diego, CA, USA, 2019, pp. 1–7.
Google Scholar
[21]
C. Hou, G. Gou, J. Shi, P. Fu, and G. Xiong, WF-GAN: Fighting back against website fingerprinting attack using adversarial learning, in Proc. 2020 IEEE Symp. on Computers and Communications (ISCC), Rennes, France, 2020, pp. 1–7.
DOI Google Scholar
[22]
J. Gong, W. Zhang, C. Zhang, and T. Wang, Surakav: Generating realistic traces for a strong website fingerprinting defense, in Proc. 2022 IEEE Symp. on Security and Privacy (SP), San Francisco, CA, USA, 2022, pp. 1558–1573.
DOI Google Scholar
[23]
T. B. Brown, D. Mané, A. Roy, M. Abadi, and J. Gilmer, Adversarial patch, arXiv preprint arXiv:1712.09665, 2017.
Google Scholar
[24]
WFPadTools, Framework to develop padding strategies on Tor Pluggable Transports, https://github.com/mjuarezm/wfpadtools, 2018.
[25]
R. R. Selvaraju, M. Cogswell, A. Das, R. Vedantam, D. Parikh, and D. Batra, Grad-CAM: Visual explanations from deep networks via gradient-based localization, in Proc. 2017 IEEE Int. Conf. Computer Vision (ICCV), Venice, Italy, 2017, pp. 618–626.
DOI Google Scholar
Publication history
Copyright
Acknowledgements
Rights and permissions

Publication history

Received: 05 June 2023
Revised: 15 June 2023
Accepted: 15 June 2023
Published: 28 July 2023
Issue date: December 2023

Copyright

© The author(s) 2023.

Acknowledgements

This work was supported in part by the National Natural Science Foundation of China (Nos. 62102084 and 62072103), Jiangsu Provincial Natural Science Foundation of China (No. BK20190340), Jiangsu Provincial Key R&D Program (Nos. BE2021729, BE2022680, and BE2022065-4), Jiangsu Provincial Key Laboratory of Network and Information Security (No. BM2003201), and Key Laboratory of Computer Network and Information Integration of Ministry of Education of China (No. 93K-9).

Rights and permissions

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).

Return