Realistic Website Fingerprinting By Augmenting Network Trace

TL;DR

This paper introduces NetAugment, a trace augmentation method that improves website fingerprinting accuracy in unobserved network conditions by training classifiers on augmented data, demonstrating superior performance over existing techniques.

Contribution

The paper presents NetAugment, a novel trace augmentation technique tailored for Tor, enhancing WF classifier robustness across diverse network conditions using semi- and self-supervised learning.

Findings

NetAugment improves WF attack accuracy in unobserved network conditions.

Self-supervised NetCLR achieves up to 80% accuracy with 5-shot learning.

Augmentation leads to better generalization compared to state-of-the-art methods.

Abstract

Website Fingerprinting (WF) is considered a major threat to the anonymity of Tor users (and other anonymity systems). While state-of-the-art WF techniques have claimed high attack accuracies, e.g., by leveraging Deep Neural Networks (DNN), several recent works have questioned the practicality of such WF attacks in the real world due to the assumptions made in the design and evaluation of these attacks. In this work, we argue that such impracticality issues are mainly due to the attacker's inability in collecting training data in comprehensive network conditions, e.g., a WF classifier may be trained only on samples collected on specific high-bandwidth network links but deployed on connections with different network conditions. We show that augmenting network traces can enhance the performance of WF classifiers in unobserved network conditions. Specifically, we introduce NetAugment, an augmentation technique tailored to the specifications of Tor traces. We instantiate NetAugment through semi-supervised and self-supervised learning techniques. Our extensive open-world and close-world experiments demonstrate that under practical evaluation settings, our WF attacks provide superior performances compared to the state-of-the-art; this is due to their use of augmented network traces for training, which allows them to learn the features of target traffic in unobserved settings. For instance, with a 5-shot learning in a closed-world scenario, our self-supervised WF attack (named NetCLR) reaches up to 80% accuracy when the traces for evaluation are collected in a setting unobserved by the WF adversary. This is compared to an accuracy of 64.4% achieved by the state-of-the-art Triplet Fingerprinting [35]. We believe that the promising results of our work can encourage the use of network trace augmentation in other types of network traffic analysis.