Few-Shot Website Fingerprinting Attack

TL;DR

This paper presents a novel data augmentation technique called Harmonious Data Augmentation (HDA) that significantly improves few-shot deep learning website fingerprinting attacks, especially under data scarcity and defense scenarios.

Contribution

Introduces a model-agnostic HDA method that enhances deep WF attack models in few-shot settings by expanding limited training data through intra- and inter-sample transformations.

Findings

HDA improves classification accuracy by over 4% in 20-shot scenarios with defenses.

HDA outperforms previous state-of-the-art methods in both closed-world and open-world scenarios.

The method effectively addresses data scarcity in deep learning-based website fingerprinting attacks.

Abstract

This work introduces a novel data augmentation method for few-shot website fingerprinting (WF) attack where only a handful of training samples per website are available for deep learning model optimization. Moving beyond earlier WF methods relying on manually-engineered feature representations, more advanced deep learning alternatives demonstrate that learning feature representations automatically from training data is superior. Nonetheless, this advantage is subject to an unrealistic assumption that there exist many training samples per website, which otherwise will disappear. To address this, we introduce a model-agnostic, efficient, and Harmonious Data Augmentation (HDA) method that can improve deep WF attacking methods significantly. HDA involves both intra-sample and inter-sample data transformations that can be used in harmonious manner to expand a tiny training dataset to an arbitrarily large collection, therefore effectively and explicitly addressing the intrinsic data scarcity problem. We conducted expensive experiments to validate our HDA for boosting state-of-the-art deep learning WF attack models in both closed-world and open-world attacking scenarios, at absence and presence of strong defense. {For instance, in the more challenging and realistic evaluation scenario with WTF-PAD based defense, our HDA method surpasses the previous state-of-the-art results by more than 4% in absolute classification accuracy in the 20-shot learning case.