Blind Adversarial Network Perturbations
Milad Nasr, Alireza Bahramali, Amir Houmansadr
TL;DR
This paper demonstrates that adversarial perturbations can effectively deceive deep neural network-based traffic analysis methods, highlighting a new vulnerability in these models.
Contribution
It introduces the concept of applying adversarial perturbations to live network traffic to defeat DNN-based traffic analysis techniques, a novel approach in this domain.
Findings
Adversarial perturbations can mislead traffic analysis DNNs
Live traffic can be manipulated with small perturbations
Vulnerability of DNN traffic analysis to adversarial attacks
Abstract
Deep Neural Networks (DNNs) are commonly used for various traffic analysis problems, such as website fingerprinting and flow correlation, as they outperform traditional (e.g., statistical) techniques by large margins. However, deep neural networks are known to be vulnerable to adversarial examples: adversarial inputs to the model that get labeled incorrectly by the model due to small adversarial perturbations. In this paper, for the first time, we show that an adversary can defeat DNN-based traffic analysis techniques by applying \emph{adversarial perturbations} on the patterns of \emph{live} network traffic.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Adversarial Robustness in Machine Learning · Network Security and Intrusion Detection