Effective and Lightweight Defenses Against Website Fingerprinting on Encrypted Traffic

Abstract

AbstractRecently, website fingerprinting (WF) attacks that eavesdrop on the web browsing activity of users by analyzing the observed traffic can endanger the data security of users even if the users have deployed encrypted proxies such as Tor. Several WF defenses have been raised to counter passive WF attacks. However, the existing defense methods have several significant drawbacks in terms of effectiveness and overhead, which means that these defenses rarely apply in the real world. The performance of the existing methods greatly depends on the number of dummy packets added, which increases overheads and hampers the user experience of web browsing activity.Inspired by the feature extraction of current WF attacks with deep learning networks, in this paper, we propose TED, a lightweight WF defense method that effectively decreases the accuracy of current WF attacks. We apply the idea of adversary examples, aiming to effectively disturb the accuracy of WF attacks with deep learning networks and precisely insert a few dummy packets. The defense extracts the key features of similar websites through a feature extraction network with adapted Grad-CAM and applies the features to interfere with the WF attacks. The key features of traces are utilized to generate defense fractions that are inserted into the targeted trace to deceive WF classifiers. The experiments are carried out on public datasets from DF. Compared with several WF defenses, the experiments show that TED can efficiently reduce the effectiveness of WF attacks with minimal expenditure, reducing the accuracy by nearly 40% with less than 30% overhead.KeywordsEncrypted trafficWebsite fingerprintingPrivacy