Adversarial attacks against profile HMM website fingerprinting detection model

Abstract People are accustomed to using an anonymous network to protect their private information. The Profile HMM (Hidden Markov Model) Website Fingerprinting Detection algorithm can detect the website that the data stream accesses by pattern matching the captured data traffic. This makes the anonymous network lose its effect. In order to bypass the detection of this model, we propose a method based on genetic algorithm to generate adversarial samples. By migrating the problem of adversarial samples in deep learning, our approach is used for the broader machine learning detection model to do traffic confusion, and then achieves the purpose of bypassing the Profile HMM model detection. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample at minimal cost. The experimental results show that the success rate of our traffic confusion method is as high as 97%. At the same time, we only need to add less perturbation traffic than the traditional traffic confusion method.

[1]  Crispin Thurlow,et al.  Computer Mediated Communication , 2004 .

[2]  Nareli Cruz Cortés,et al.  Feature selection to detect botnets using machine learning algorithms , 2017, 2017 International Conference on Electronics, Communications and Computers (CONIELECOMP).

[3]  Mohsen Guizani,et al.  An effective key management scheme for heterogeneous sensor networks , 2007, Ad Hoc Networks.

[4]  Xiaojiang Du,et al.  TLTD: A Testing Framework for Learning-Based IoT Traffic Detection Systems , 2018, Sensors.

[5]  Ananthram Swami,et al.  Practical Black-Box Attacks against Machine Learning , 2016, AsiaCCS.

[6]  Carl A. Gunter,et al.  Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps , 2017, ACSAC.

[7]  Minh Le Nguyen,et al.  Feature weighting and SVM parameters optimization based on genetic algorithms for classification problems , 2016, Applied Intelligence.

[8]  Ivan Martinovic,et al.  On the security and privacy of ACARS , 2016, 2016 Integrated Communications Navigation and Surveillance (ICNS).

[9]  Mohsen Guizani,et al.  A lightweight live memory forensic approach based on hardware virtualization , 2017, Information Sciences.

[10]  Ramzi A. Haraty,et al.  I2P Data Communication System , 2011, ICON 2011.

[11]  Jie Wu,et al.  Effective Defense Schemes for Phishing Attacks on Mobile Computing Platforms , 2016, IEEE Transactions on Vehicular Technology.

[12]  Zhi Chen,et al.  A Parallel Genetic Algorithm Based Feature Selection and Parameter Optimization for Support Vector Machine , 2016, Sci. Program..

[13]  Ananthram Swami,et al.  The Limitations of Deep Learning in Adversarial Settings , 2015, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[14]  Xiaojiang Du,et al.  PIPAC: Patient infusion pattern based access control scheme for wireless insulin pump system , 2013, 2013 Proceedings IEEE INFOCOM.

[15]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[16]  Xiaosong Zhang,et al.  Website Fingerprinting Attack on Anonymity Networks Based on Profile Hidden Markov Model , 2017, IEEE Transactions on Information Forensics and Security.

[17]  Dongsu Han,et al.  Enhancing Security and Privacy of Tor's Ecosystem by Using Trusted Execution Environments , 2017, NSDI.