An Online Website Fingerprinting Defense Based on the Non-Targeted Adversarial Patch  被引量：1

作　　者：Xiaodan Gu Bingchen Song Wei Lan Ming Yang 

机构地区：[1]School of Computer Science and Engineering,Southeast University,Nanjing 211189,China

出　　处：《Tsinghua Science and Technology》2023年第6期1148-1159,共12页清华大学学报（自然科学版（英文版）

基　　金：This work was supported in part by the National Natural Science Foundation of China(Nos.62102084 and 62072103);Jiangsu Provincial Natural Science Foundation of China(No.BK20190340);Jiangsu Provincial Key R&D Program(Nos.BE2021729,BE2022680,and BE2022065-4);Jiangsu Provincial Key Laboratory of Network and Information Security(No.BM2003201);Key Laboratory of Computer Network and Information Integration of Ministry of Education of China(No.93K-9).

摘　　要：Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.

关 键 词：website fingerprinting online defense adversarial patch traffic analysis 

分 类 号：TP18[自动化与计算机技术—控制理论与控制工程]