WF-GAN: Fighting Back Against Website Fingerprinting Attack Using Adversarial Learning

Hou, Chengshang; Gou, Gaopeng; Shi, Junzheng; Fu, Peipei; Xiong, Gang

doi:10.1109/iscc50000.2020.9219593

Cited by 23 publications

(10 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• We consider WF attacks that operate on packet directions 1 . This assumption is consistent with many previous defenses [21,31,34,58,75]. For each u's website session, the attacker collects its trace x u as a sequence of packet directions (i.e., marking each outgoing packet as +1 and each incoming packet as -1).…”

Section: Problem and Threat Modelsupporting

confidence: 66%

“…Such attacks have been widely studied in many domains, e.g., computer vision [13,15,16,39,72], natural language processing [24,83], and malware detection [28,68]. Recent WF defenses [34,58] use adversarial perturbations to defeat DNN-based attacks.…”

Section: Defenses Via Adversarial Perturbation Goodfellow Et Al First...mentioning

confidence: 99%

“…However, there are questions we have yet to study in detail. First, while most recent defenses and attacks focus on a direction-only threat model and ignore information leakage through time gaps [21,31,34,58,65,75], some recent WF attacks [7,59] also utilize time gaps between packets to classify websites. We believe Dolos can be extended to also defend against attacks utilizing time-gaps, and plan on addressing this task in ongoing work.…”

Section: Conclusion and Limitationsmentioning

confidence: 99%

“…Against these strong DNN attacks, the only defenses to show promise are recent proposals that apply adversarial examples to mislead WF classification models [34,58]. Adversarial examples are known weaknesses of DNNs, where a small, carefully tuned change to an input can dramatically alter the DNN's output.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Real-time Defense against Website Fingerprinting Attacks

Shan¹,

Bhagoji²,

Zheng³

et al. 2021

Preprint

View full text Add to dashboard Cite

Anonymity systems like Tor are vulnerable to Website Fingerprinting (WF) attacks, where a local passive eavesdropper infers the victim's activity. Current WF attacks based on deep learning classifiers have successfully overcome numerous proposed defenses. While recent defenses leveraging adversarial examples offer promise, these adversarial examples can only be computed after the network session has concluded, thus offer users little protection in practical settings.We propose Dolos, a system that modifies user network traffic in real time to successfully evade WF attacks. Dolos injects dummy packets into traffic traces by computing input-agnostic adversarial patches that disrupt deep learning classifiers used in WF attacks. Patches are then applied to alter and protect user traffic in real time. Importantly, these patches are parameterized by a user-side secret, ensuring that attackers cannot use adversarial training to defeat Dolos. We experimentally demonstrate that Dolos provides 94+% protection against state-of-the-art WF attacks under a variety of settings. Against prior defenses, Dolos outperforms in terms of higher protection performance and lower information leakage and bandwidth overhead. Finally, we show that Dolos is robust against a variety of adaptive countermeasures to detect or disrupt the defense.

show abstract

Section: Problem and Threat Modelsupporting

confidence: 66%

Section: Defenses Via Adversarial Perturbation Goodfellow Et Al First...mentioning

confidence: 99%

Section: Conclusion and Limitationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Real-time Defense against Website Fingerprinting Attacks

Shan¹,

Bhagoji²,

Zheng³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…It can make a classifier based on deep learning misclassification [1]. erefore, some WF defenses based on adversarial examples are proposed such as WF-GAN [16] and Mockingbird [17]. But, WTF-PAD, W-T, and DFD have expired defense capability and suboptimal bandwidth overhead.…”

Section: Introductionmentioning

confidence: 99%

SAD: Website Fingerprinting Defense Based on Adversarial Examples

Tang

Shen

Guo

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Website fingerprinting (WF) attacks can infer website names from encrypted network traffic when the victim is browsing the website. Inherent defenses of anonymous communication systems such as The Onion Router(Tor) cannot compete with current WF attacks. The state-of-the-art attack based on deep learning can gain over 98% accuracy in Tor. Most of the defenses have excellent defensive capabilities, but it will bring a relatively high bandwidth overhead, which will seriously affect the user’s network experience. And some defense methods have less impact on the latest website fingerprinting attacks. Defense-based adversarial examples have excellent defense capabilities and low bandwidth overhead, but they need to get the complete website traffic to generate defense data, which is obviously impractical. In this article, based on adversarial examples, we propose segmented adversary defense (SAD) for deep learning-based WF attacks. In SAD, sequence data are divided into multiple segments to ensure that SAD is feasible in real scenarios. Then, the adversarial examples for each segment of data can be generated by SAD. Finally, dummy packets are inserted after each segment original data. We also found that setting different head rates, that is, end points for the segments, will get better results. Experimentally, our results show that SAD can effectively reduce the accuracy of WF attacks. The technique drops the accuracy of the state-of-the-art attack hardened from 96% to 3% while incurring only 40% bandwidth overhead. Compared with the existing proposed defense named Deep Fingerprinting Defender (DFD), the defense effect of SAD is better under the same bandwidth overhead.

show abstract

Protecting Encrypted Video Stream Against Information Leak Using Adversarial Traces

Zhang

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

WF-GAN: Fighting Back Against Website Fingerprinting Attack Using Adversarial Learning

Cited by 23 publications

References 16 publications

A Real-time Defense against Website Fingerprinting Attacks

A Real-time Defense against Website Fingerprinting Attacks

SAD: Website Fingerprinting Defense Based on Adversarial Examples

Protecting Encrypted Video Stream Against Information Leak Using Adversarial Traces

Contact Info

Product

Resources

About