PST: A More Practical Adversarial Learning-Based Defense Against Website Fingerprinting

Abstract

To prevent serious privacy leakage from website fingerprinting (WF) attacks, many traditional or adversarial WF defenses have been released. However, traditional WF defenses such as Walkie-Talkie (W-T) still generate patterns that might be captured by the deep learning (DL) based WF attacks, which are not effective. Adversarial perturbation based WF defenses better confuse WF attacks, but their requirements for the entire original traffic trace and perturbating any points including historical packets or cells of the network traffic are not practical. To deal with the effectiveness and practicality issues of existing defenses, we proposed a novel WF defense in this paper, called PST. Given a few past bursts of a trace as input, PST Predicts subsequent fuzzy bursts with a neural network, then Searches small but effective adversarial perturbation directions based on observed and predicted bursts, and finally Transfers the perturbation directions to the remaining bursts. Our experimental results over a public closed-world dataset demonstrate that PST can successfully break the network traffic pattern and achieve a high evasion rate of 87.6%, beating W-T by more than 31.59% at the same bandwidth overhead, with only observing 10 transferred bursts. Moreover, our defense adapts to WF attacks dynamically, which could be retrained or updated.