# Bayes, not Na\"ive: Security Bounds on Website Fingerprinting Defenses

**Authors:** Giovanni Cherubin

arXiv: 1702.07707 · 2017-12-08

## TL;DR

This paper introduces a practical method to establish security bounds for website fingerprinting defenses by estimating the Bayes error, enabling formal security guarantees and guiding future research on optimal feature sets.

## Contribution

It presents a novel approach to derive security bounds for WF defenses using Bayes error, applicable in a black-box manner and adaptable to other ML-based attacks.

## Key findings

- Provides a method to estimate the minimal achievable error in WF attacks.
- Enables formal security evaluation of WF defenses based on feature sets.
- Suggests focusing on optimal feature set identification for improved security.

## Abstract

Website Fingerprinting (WF) attacks raise major concerns about users' privacy. They employ Machine Learning (ML) to allow a local passive adversary to uncover the Web browsing behavior of a user, even if she browses through an encrypted tunnel (e.g. Tor, VPN). Numerous defenses have been proposed in the past; however, it is typically difficult to have formal guarantees on their security, which is most often evaluated empirically against state-of-the-art attacks. In this paper, we present a practical method to derive security bounds for any WF defense, which depend on a chosen feature set. This result derives from reducing WF attacks to an ML classification task, where we can determine the smallest achievable error (the Bayes error); such error can be estimated in practice, and is a lower bound for a WF adversary, for any classification algorithm he may use. Our work has two main consequences: i) it allows determining the security of WF defenses, in a black-box manner, with respect to the state-of-the-art feature set and ii) it favors shifting the focus of future WF research to the identification of optimal feature sets. The generality of the approach further suggests that the method could be used to define security bounds for other ML-based attacks.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1702.07707/full.md

---
Source: https://tomesphere.com/paper/1702.07707