Optimizing Precision for Open-World Website Fingerprinting

by   Tao Wang, et al.

Traffic analysis attacks to identify which web page a client is browsing, using only her packet metadata --- known as website fingerprinting --- has been proven effective in closed-world experiments against privacy technologies like Tor. However, due to the base rate fallacy, these attacks have failed in large open-world settings against clients that visit sensitive pages with a low base rate. We find that this is because they have poor precision as they were designed to maximize recall. In this work, we argue that precision is more important than recall for open-world website fingerprinting. For this reason, we develop three classes of precision optimizers, based on confidence, distance, and ensemble learning, that can be applied to any classifier to increase precision. We test them on known website fingerprinting attacks and show significant improvements in precision. Against a difficult scenario, where the attacker wants to monitor and distinguish 100 sensitive pages each with a low mean base rate of 0.00001, our best optimized classifier can achieve a precision of 0.78; the highest precision of any known attack before optimization was 0.014. We use precise classifiers to tackle realistic objectives in website fingerprinting, including selection, identification, and defeating website fingerprinting defenses.



There are no comments yet.


page 1

page 2

page 3

page 4


Robust Website Fingerprinting Through the Cache Occupancy Channel

Website fingerprinting attacks, which use statistical analysis on networ...

Advanced Evasion Attacks and Mitigations on Practical ML-Based Phishing Website Classifiers

Machine learning (ML) based approaches have been the mainstream solution...

RegulaTOR: A Powerful Website Fingerprinting Defense

Website Fingerprinting (WF) attacks are used by passive, local attackers...

The Effectiveness of Privacy Enhancing Technologies against Fingerprinting

We measure how effective Privacy Enhancing Technologies (PETs) are at pr...

Var-CNN and DynaFlow: Improved Attacks and Defenses for Website Fingerprinting

In recent years, there have been many works that use website fingerprint...

Leaked-Web: Accurate and Efficient Machine Learning-Based Website Fingerprinting Attack through Hardware Performance Counters

Users' website browsing history contains sensitive information, like hea...

Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks

A passive local eavesdropper can leverage Website Fingerprinting (WF) to...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.