Efficient and Low Overhead Website Fingerprinting Attacks and Defenses based on TCP/IP Traffic

TL;DR

This paper introduces a practical TCP/IP traffic filtering attack on website fingerprinting defenses and proposes an improved, low-overhead, list-assisted defensive mechanism with traffic splitting, validated on real browser traffic datasets.

Contribution

It presents a novel filter-assisted attack on RPD defenses and an improved, configurable, low-overhead list-based defense with traffic splitting, enhancing efficiency and effectiveness.

Findings

The attack effectively filters noise using TCP/IP traffic statistics.

The improved defense balances security and network overhead.

Experimental results show high defense accuracy with reduced overhead.

Abstract

Website fingerprinting attack is an extensively studied technique used in a web browser to analyze traffic patterns and thus infer confidential information about users. Several website fingerprinting attacks based on machine learning and deep learning tend to use the most typical features to achieve a satisfactory performance of attacking rate. However, these attacks suffer from several practical implementation factors, such as a skillfully pre-processing step or a clean dataset. To defend against such attacks, random packet defense (RPD) with a high cost of excessive network overhead is usually applied. In this work, we first propose a practical filter-assisted attack against RPD, which can filter out the injected noises using the statistical characteristics of TCP/IP traffic. Then, we propose a list-assisted defensive mechanism to defend the proposed attack method. To achieve a configurable trade-off between the defense and the network overhead, we further improve the list-based defense by a traffic splitting mechanism, which can combat the mentioned attacks as well as save a considerable amount of network overhead. In the experiments, we collect real-life traffic patterns using three mainstream browsers, i.e., Microsoft Edge, Google Chrome, and Mozilla Firefox, and extensive results conducted on the closed and open-world datasets show the effectiveness of the proposed algorithms in terms of defense accuracy and network efficiency.