# Mockingbird: Defending Against Deep-Learning-Based Website   Fingerprinting Attacks with Adversarial Traces

**Authors:** Mohammad Saidur Rahman, Mohsen Imani, Nate Mathews, Matthew Wright

arXiv: 1902.06626 · 2022-11-15

## TL;DR

Mockingbird is a novel defense against website fingerprinting attacks that uses adversarial traces to significantly reduce attack accuracy with moderate bandwidth overhead, outperforming existing defenses.

## Contribution

The paper introduces Mockingbird, a new adversarial trace generation method that resists adversarial training, lowering attack success rates more effectively than prior defenses.

## Key findings

- Reduces attack accuracy from 98% to 42-58%.
- Maintains 58% bandwidth overhead.
- Achieves lower attack success than existing defenses.

## Abstract

Website Fingerprinting (WF) is a type of traffic analysis attack that enables a local passive eavesdropper to infer the victim's activity, even when the traffic is protected by a VPN or an anonymity system like Tor. Leveraging a deep-learning classifier, a WF attacker can gain over 98% accuracy on Tor traffic. In this paper, we explore a novel defense, Mockingbird, based on the idea of adversarial examples that have been shown to undermine machine-learning classifiers in other domains. Since the attacker gets to design and train his attack classifier based on the defense, we first demonstrate that at a straightforward technique for generating adversarial-example based traces fails to protect against an attacker using adversarial training for robust classification. We then propose Mockingbird, a technique for generating traces that resists adversarial training by moving randomly in the space of viable traces and not following more predictable gradients. The technique drops the accuracy of the state-of-the-art attack hardened with adversarial training from 98% to 42-58% while incurring only 58% bandwidth overhead. The attack accuracy is generally lower than state-of-the-art defenses, and much lower when considering Top-2 accuracy, while incurring lower bandwidth overheads.

## Figures

28 figures with captions in the complete paper: https://tomesphere.com/paper/1902.06626/full.md

---
Source: https://tomesphere.com/paper/1902.06626