HSWF: Enhancing website fingerprinting attacks on Tor to address real world distribution mismatch

Abstract

Website Fingerprinting (WF) attacks on Tor are exploited to analyze encrypted traffic traces and infer the visited websites by analyzing traffic traces between users and the Tor entry guard. State-of-the-art WF methods have demonstrated impressive results in simulation experiments against Tor-protected network traffic. However, existing WF attacks have significant limitations in real-world scenarios due to potential mismatches between the data distribution in the experimental environment and that of the real world. Additionally, it is often unknown in advance which sites a client will access. In this paper, we propose a WF enhancing technique that leverages difficult-to-classify samples to train a website classifier, which exploits hard samples to train a website classifier using their distinctive features. We conduct a more detailed analysis of the impact that unbalanced data on WF attacks. In order to improve the performance, we extract misclassified traces from the unmonitored sites as the hard samples and train them using a triplet network structure to enhance their feature representation. By utilizing this method, an attacker can train a classifier that learns more features from the open world, potentially improving the accuracy and effectiveness of website fingerprinting techniques. This approach allows for a more comprehensive understanding of website characteristics and better discrimination between monitored and unmonitored sites. The experimental results demonstrate that the proposed technique has a substantial positive impact on the precision of misidentified traffic traces. The best recall rate achieved is 98.43%, while the average recall for hard samples is an impressive 93.28%. These results collectively highlight the effectiveness and reliability of the proposed technique in accurately identifying challenging traffic samples.