TL;DR
This paper introduces a practical method to establish security bounds for website fingerprinting defenses by estimating the Bayes error, enabling formal security guarantees and guiding future research on optimal feature sets.
Contribution
It presents a novel approach to derive security bounds for WF defenses using Bayes error, applicable in a black-box manner and adaptable to other ML-based attacks.
Findings
Provides a method to estimate the minimal achievable error in WF attacks.
Enables formal security evaluation of WF defenses based on feature sets.
Suggests focusing on optimal feature set identification for improved security.
Abstract
Website Fingerprinting (WF) attacks raise major concerns about users' privacy. They employ Machine Learning (ML) to allow a local passive adversary to uncover the Web browsing behavior of a user, even if she browses through an encrypted tunnel (e.g. Tor, VPN). Numerous defenses have been proposed in the past; however, it is typically difficult to have formal guarantees on their security, which is most often evaluated empirically against state-of-the-art attacks. In this paper, we present a practical method to derive security bounds for any WF defense, which depend on a chosen feature set. This result derives from reducing WF attacks to an ML classification task, where we can determine the smallest achievable error (the Bayes error); such error can be estimated in practice, and is a lower bound for a WF adversary, for any classification algorithm he may use. Our work has two main…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
See pages 1-last of paper.pdf
