SAD: Website Fingerprinting Defense Based on Adversarial Examples

Abstract

Website fingerprinting (WF) attacks can infer website names from encrypted network traffic when the victim is browsing the website. Inherent defenses of anonymous communication systems such as The Onion Router(Tor) cannot compete with current WF attacks. The state-of-the-art attack based on deep learning can gain over 98% accuracy in Tor. Most of the defenses have excellent defensive capabilities, but it will bring a relatively high bandwidth overhead, which will seriously affect the user’s network experience. And some defense methods have less impact on the latest website fingerprinting attacks. Defense-based adversarial examples have excellent defense capabilities and low bandwidth overhead, but they need to get the complete website traffic to generate defense data, which is obviously impractical. In this article, based on adversarial examples, we propose segmented adversary defense (SAD) for deep learning-based WF attacks. In SAD, sequence data are divided into multiple segments to ensure that SAD is feasible in real scenarios. Then, the adversarial examples for each segment of data can be generated by SAD. Finally, dummy packets are inserted after each segment original data. We also found that setting different head rates, that is, end points for the segments, will get better results. Experimentally, our results show that SAD can effectively reduce the accuracy of WF attacks. The technique drops the accuracy of the state-of-the-art attack hardened from 96% to 3% while incurring only 40% bandwidth overhead. Compared with the existing proposed defense named Deep Fingerprinting Defender (DFD), the defense effect of SAD is better under the same bandwidth overhead.