Log In Sign Up

Few-Shot Website Fingerprinting Attack

by   Mantun Chen, et al.

This work introduces a novel data augmentation method for few-shot website fingerprinting (WF) attack where only a handful of training samples per website are available for deep learning model optimization. Moving beyond earlier WF methods relying on manually-engineered feature representations, more advanced deep learning alternatives demonstrate that learning feature representations automatically from training data is superior. Nonetheless, this advantage is subject to an unrealistic assumption that there exist many training samples per website, which otherwise will disappear. To address this, we introduce a model-agnostic, efficient, and Harmonious Data Augmentation (HDA) method that can improve deep WF attacking methods significantly. HDA involves both intra-sample and inter-sample data transformations that can be used in harmonious manner to expand a tiny training dataset to an arbitrarily large collection, therefore effectively and explicitly addressing the intrinsic data scarcity problem. We conducted expensive experiments to validate our HDA for boosting state-of-the-art deep learning WF attack models in both closed-world and open-world attacking scenarios, at absence and presence of strong defense. For instance, in the more challenging and realistic evaluation scenario with WTF-PAD based defense, our HDA method surpasses the previous state-of-the-art results by more than 4 learning case.


A Relational Model for One-Shot Classification

We show that a deep learning model with built-in relational inductive bi...

Data Augmentation for Deep Learning-based Radio Modulation Classification

Deep learning has recently been applied to automatically classify the mo...

A Bayesian Data Augmentation Approach for Learning Deep Models

Data augmentation is an essential part of the training process applied t...

Adv-DWF: Defending Against Deep-Learning-Based Website Fingerprinting Attacks with Adversarial Traces

Website Fingerprinting (WF) is a type of traffic analysis attack that en...

Multi-Sample ζ-mixup: Richer, More Realistic Synthetic Samples from a p-Series Interpolant

Modern deep learning training procedures rely on model regularization te...

Model-Contrastive Learning for Backdoor Defense

Along with the popularity of Artificial Intelligence (AI) techniques, an...

Backdoor Attack and Defense for Deep Regression

We demonstrate a backdoor attack on a deep neural network used for regre...