Tor Trace in Images: A Novel Multi-Tab Website Fingerprinting Attack With Object Detection

Abstract

Abstract Website fingerprinting (WF) attacks on Tor enable a passive adversary to predict the encrypted web browsing activity of a victim by matching the eavesdropped traffic with pretrained classifiers. Nowadays, deep learning-based methods have led to significant achievements in the single-tab Tor WF attack. However, the practical implementation of these single-tab methods is challenging due to most real-world Tor traffic involving multiple tabs. Existing single-tab methods hardly identify multi-tab WF due to the overlapping areas of the traffic trace confusing the original features. In this paper, we propose a Trace Image-based Object Detection model named TIOD as a novel multi-tab attacking model. Specifically, we model the traffic overlap in Tor as the object overlap in object detection tasks from the computer vision field. Besides, we propose a special S-matrix scheme to convert a trace into an image: (i) Retaining the original features by keeping the direction and order of the cells and (ii) Bringing cells of the same page closer together in space. We then utilize a specially designed object detection model for trace images, WF R-CNN, to extract features and identify potential destination websites within multi-tab traces. Comparative analysis with other multi-tab attacks is conducted, and the empirical results consistently underscore the superior performance of the proposed trace image model across diverse datasets. In the two-tab setting, TIOD achieves the best accuracy with more than 85% on both the first and second tabs.