A Real-time Defense against Website Fingerprinting Attacks

by   Shawn Shan, et al.

Anonymity systems like Tor are vulnerable to Website Fingerprinting (WF) attacks, where a local passive eavesdropper infers the victim's activity. Current WF attacks based on deep learning classifiers have successfully overcome numerous proposed defenses. While recent defenses leveraging adversarial examples offer promise, these adversarial examples can only be computed after the network session has concluded, thus offer users little protection in practical settings. We propose Dolos, a system that modifies user network traffic in real time to successfully evade WF attacks. Dolos injects dummy packets into traffic traces by computing input-agnostic adversarial patches that disrupt deep learning classifiers used in WF attacks. Patches are then applied to alter and protect user traffic in real time. Importantly, these patches are parameterized by a user-side secret, ensuring that attackers cannot use adversarial training to defeat Dolos. We experimentally demonstrate that Dolos provides 94+ against state-of-the-art WF attacks under a variety of settings. Against prior defenses, Dolos outperforms in terms of higher protection performance and lower information leakage and bandwidth overhead. Finally, we show that Dolos is robust against a variety of adaptive countermeasures to detect or disrupt the defense.


Adv-DWF: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces

Website Fingerprinting (WF) is a type of traffic analysis attack that en...

RegulaTOR: A Powerful Website Fingerprinting Defense

Website Fingerprinting (WF) attacks are used by passive, local attackers...

CoinPolice:Detecting Hidden Cryptojacking Attacks with Neural Networks

Traffic monetization is a crucial component of running most for-profit o...

WFDefProxy: Modularly Implementing and Empirically Evaluating Website Fingerprinting Defenses

Tor, an onion-routing anonymity network, has been shown to be vulnerable...

AWA: Adversarial Website Adaptation

One of the most important obligations of privacy-enhancing technologies ...

This is not the padding you are looking for! On the ineffectiveness of QUIC PADDING against website fingerprinting

Website fingerprinting (WF) is a well-know threat to users' web privacy....

Towards Effective and Efficient Padding Machines for Tor

Tor recently integrated a circuit padding framework for creating padding...