Adaptive Fingerprinting: Website Fingerprinting over Few Encrypted Traffic

Website fingerprinting attacks can infer which website a user visits over encrypted network traffic. Recent studies can achieve high accuracy (e.g., 98%) by leveraging deep neural networks. However, current attacks rely on enormous encrypted traffic data, which are time-consuming to collect. Moreover, large-scale encrypted traffic data also need to be recollected frequently to adjust the changes in the website content. In other words, the bootstrap time for carrying out website fingerprinting is not practical. In this paper, we propose a new method, named Adaptive Fingerprinting, which can derive high attack accuracy over few encrypted traffic by leveraging adversarial domain adaption. With our method, an attacker only needs to collect few traffic rather than large-scale datasets, which makes website fingerprinting more practical in the real world. Our extensive experimental results over multiple datasets show that our method can achieve 89% accuracy over few encrypted traffic in the closed-world setting and 99% precision and 99% recall in the open-world setting. Compared to a recent study (named Triplet Fingerprinting), our method is much more efficient in pre-training time and is more scalable. Moreover, the attack performance of our method can outperform Triplet Fingerprinting in both the closed-world evaluation and open-world evaluation.

[1]  Tao Wang,et al.  A Multi-tab Website Fingerprinting Attack , 2018, ACSAC.

[2]  Ming Yang,et al.  DeepFace: Closing the Gap to Human-Level Performance in Face Verification , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[3]  Patrick Thiran,et al.  Protecting against Website Fingerprinting with Multihoming , 2020, Proc. Priv. Enhancing Technol..

[4]  Hui Xiong,et al.  A Comprehensive Survey on Transfer Learning , 2019, Proceedings of the IEEE.

[5]  Wouter Joosen,et al.  Automated Website Fingerprinting through Deep Learning , 2017, NDSS.

[6]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[7]  Yoshua Bengio,et al.  How transferable are features in deep neural networks? , 2014, NIPS.

[8]  Tao Wang,et al.  Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks , 2017, USENIX Security Symposium.

[9]  Shigeki Goto,et al.  Fingerprinting Attack on Tor Anonymity using Deep Learning , 2016 .

[10]  Claudia Díaz,et al.  Inside Job: Applying Traffic Analysis to Measure Tor from Within , 2018, NDSS.

[11]  Jiajun Gong,et al.  Zero-delay Lightweight Defenses against Website Fingerprinting , 2020, USENIX Security Symposium.

[12]  Geoffrey E. Hinton,et al.  Visualizing Data using t-SNE , 2008 .

[13]  Qiang Yang,et al.  A Survey on Transfer Learning , 2010, IEEE Transactions on Knowledge and Data Engineering.

[14]  Mohammad Saidur Rahman,et al.  Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning , 2019, CCS.

[15]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[16]  Brian Neil Levine,et al.  Inferring the source of encrypted HTTP connections , 2006, CCS '06.

[17]  Gregory R. Koch,et al.  Siamese Neural Networks for One-Shot Image Recognition , 2015 .

[18]  James Philbin,et al.  FaceNet: A unified embedding for face recognition and clustering , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[19]  Mohsen Imani,et al.  Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks With Adversarial Traces , 2019, IEEE Transactions on Information Forensics and Security.

[20]  Mohsen Imani,et al.  Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning , 2018, CCS.

[21]  蕭瓊瑞撰述,et al.  2009 , 2019, The Winning Cars of the Indianapolis 500.

[22]  Michael I. Jordan,et al.  Learning Transferable Features with Deep Adaptation Networks , 2015, ICML.

[23]  Trevor Darrell,et al.  Adversarial Discriminative Domain Adaptation , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Prateek Mittal,et al.  Robust Website Fingerprinting Through the Cache Occupancy Channel , 2018, USENIX Security Symposium.

[25]  Andrew Zisserman,et al.  Deep Face Recognition , 2015, BMVC.

[26]  Rachel Greenstadt,et al.  A Critical Evaluation of Website Fingerprinting Attacks , 2014, CCS.

[27]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[28]  Kate Saenko,et al.  Return of Frustratingly Easy Domain Adaptation , 2015, AAAI.

[29]  Srinivas Devadas,et al.  Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning , 2018, Proc. Priv. Enhancing Technol..

[30]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[31]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[32]  Weiqi Cui,et al.  Revisiting Assumptions for Website Fingerprinting Attacks , 2019, AsiaCCS.

[33]  S. M. García,et al.  2014: , 2020, A Party for Lazarus.

[34]  Trevor Darrell,et al.  Deep Domain Confusion: Maximizing for Domain Invariance , 2014, CVPR 2014.

[35]  Taghi M. Khoshgoftaar,et al.  A survey on Image Data Augmentation for Deep Learning , 2019, Journal of Big Data.

[36]  Shuai Li,et al.  Measuring Information Leakage in Website Fingerprinting Attacks and Defenses , 2017, CCS.

[37]  Mike Perry,et al.  Toward an Efficient Website Fingerprinting Defense , 2015, ESORICS.

[38]  Amir Houmansadr,et al.  Blind Adversarial Network Perturbations , 2020, ArXiv.

[39]  Kristie B. Hadden,et al.  2020 , 2020, Journal of Surgical Orthopaedic Advances.

[40]  Xiang Cai,et al.  CS-BuFLO: A Congestion Sensitive Website Fingerprinting Defense , 2014, WPES.

[41]  Tao Wang,et al.  On Realistically Attacking Tor with Website Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[42]  Thomas Ristenpart,et al.  Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail , 2012, 2012 IEEE Symposium on Security and Privacy.

[43]  Tao Wang,et al.  High Precision Open-World Website Fingerprinting , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[44]  Ji Feng,et al.  Deep Forest: Towards An Alternative to Deep Neural Networks , 2017, IJCAI.

[45]  Ion Stoica,et al.  Population Based Augmentation: Efficient Learning of Augmentation Policy Schedules , 2019, ICML.

[46]  M. Varacallo,et al.  2019 , 2019, Journal of Surgical Orthopaedic Advances.