Go to TRUSTCOM 2021 homepageAttack versus Attack: Toward Adversarial Example Defend Website Fingerprinting Attack
Abstract: Website Fingerprinting (WF) attack is a side channel attack against encrypted tunnels which infers network activities of encrypted tunnels users. WF attack has been successfully applied to the Tor network, which poses a huge threat to the privacy of Tor visitors. A lot of countermeasures are therefore proposed to defend against such attacks. However, the newest attack successfully undermined the existing defense leveraging deep learning technique. In this paper, we propose an defense named Attack to Attack (A2A) that leverages adversarial example to attack the attacker's classifier. A2A treats website fingerprinting model as a black box. In order to find effective adversarial examples for the attacker's model, A2A manipulates traffic iteratively according to the output of a substitute model which is an elaborate model intentionally learning a similar classification boundary with the attacker's model. We evaluate the effectiveness of A2A on a public tor traffic dataset and the newest WF attack. The experimental results show that the proposed method provides effective defense with a bandwidth overhead of 2.2%, which significantly outperforms the manually designed defense (typically has a bandwidth overhead of 31%).
0 Replies
Loading