Adv-DWF: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces
share
Website Fingerprinting (WF) is a type of traffic analysis attack that enables a local passive eavesdropper to infer the victim's activity even when the traffic is protected by encryption, a VPN, or some other anonymity system like Tor. Leveraging a deep-learning classifier, a WF attacker can gain up to 98 accuracy against Tor. Existing WF defenses are either too expensive in terms of bandwidth and latency overheads (e.g. 2-3 times as large or slow) or ineffective against the latest attacks. In this paper, we explore a novel defense, Adv-DWF, based on the idea of adversarial examples that have been shown to undermine machine learning classifiers in other domains. Our Adv-DWF defense adds padding to a traffic trace in a manner that fools the classifier into classifying it as coming from a different site. The technique drops the accuracy of the state-of-the-art attack augmented with adversarial training from 98 of the cases, the state-of-the-art attack's accuracies of our defense are at least 45 Walkie-Talkie (W-T), respectively. The Top-2 accuracy of our defense is at best 56.9 bandwidth overheads of our defense are at least 8 and W-T, respectively, showing its promise as a possible defense for Tor.
READ FULL TEXT