SnWF: Website Fingerprinting Attack by Ensembling the Snapshot of Deep Learning

Abstract

The website fingerprinting (WF) attack enables a local eavesdropper to identify which website a client is visiting under encrypted network connections. By leveraging deep neural networks, the state-of-the-art WF attacks achieve high accuracy in classic experimental scenes. However, due to the high variance of neural networks, those attacks are sensitive to the specific information in the data and would result in less-than-ideal performance on data outside the training set or on data that is impacted by the effect of concept drift. In this paper, we present snWF, a novelWF attack, which leverages an out-of-the ordinary ensemble to reduce the variance of neural networks and improve the robustness of the attack. In a large open-world setting with 400,000 websites, snWF manages to determine whether a user is visiting a monitored website, with a true positive rate of 98.1% and a false positive rate of 5.7%. We also evaluated snWF in a more realistic attack scenario, termed as <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">wide-world</i> , to examine whether snWF can correctly classify websites that even an adversary has not seen before, and we found that snWF achieves a higher classification accuracy than the state-of-the-art attacks in this new setting. In addition, in the face of concept drift, snWF is found to be more resilient than any other attacks. Moreover, we are the first to reveal that under concept drift WF attacks suffer more severe performance degradation in a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">open-world</i> setting than in a <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">closed-world</i> setting.