Contrastive Fingerprinting: A Novel Website Fingerprinting Attack over Few-shot Traces
Authors: 
Yi Xie, Jiahao Feng, Wenju Huang, Yixi Zhang, Xueliang Sun, Xiaochou Chen, Xiapu LuoAuthors Info & Claims
Yi Xie, Jiahao Feng, Wenju Huang, Yixi Zhang, Xueliang Sun, Xiaochou Chen, Xiapu LuoAuthors Info & ClaimsPages 1203 - 1214
Abstract
Website Fingerprinting (WF) attacks enable passive adversaries to identify the website a user visits over encrypted or anonymized network connections. WF attacks based on deep learning have achieved high accuracy in identifying websites based on abundant training traffic traces per website. However, collecting large-scale and fresh traces is quite cost-consuming and unrealistic. Morevoer, these deep-learning-based WF attacks lack flexibility because they require a long bootstrap time for retraining when facing new traffic traces with different distributions or newly added monitored websites. This paper proposes a high-accuracy WF attack named Contrastive Fingerprinting (CF), which leverages contrastive learning and data augmentation over a few training traces. The results of extensive experiments on challenging datasets over few-shot traces demonstrate the high accuracy of the CF attack and its robustness against WF defenses. For example, when each monitored website only has 20 training traces, CF identifies monitored websites with a high accuracy of 90.4% in the closed-world scenario and distinguishes monitored websites with a high True Positive Rate of 91.2% in the open-world scenario. The experimental results also show that CF outperforms two existing WF attacks with few-shot traces under different network conditions in real-world applications.
Supplemental Material
MP4 File
Supplemental video
- Download
- 40.31 MB
References
[1]
Kota Abe and Shigeki Goto. 2016. Fingerprinting attack on Tor anonymity using deep learning. Proceedings of the Asia-Pacific Advanced Network, 15--20.
[2]
Sanjit Bhat, David Lu, Albert Kwon, and Srinivas Devadas. 2019. Var-CNN: A data-efficient website fingerprinting attack based on deep learning. Proceedings on Privacy Enhancing Technologies (2019), 292--310.
[3]
Xiang Cai, Rishab Nithyanand, and Rob Johnson. 2014a. Cs-buflo: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society. 121--130.
[4]
Xiang Cai, Rishab Nithyanand, Tao Wang, Rob Johnson, and Ian Goldberg. 2014b. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of ACM SIGSAC Conference on Computer and Communications Security. 227--238.
[5]
Xiang Cai, Xin Cheng Zhang, Brijesh Joshi, and Rob Johnson. 2012. Touching from a distance: Website fingerprinting attacks and defenses. In Proceedings of ACM Conference on Computer and Communications Security. 605--616.
[6]
Raghavendra Chalapathy and Sanjay Chawla. 2019. Deep Learning for Anomaly Detection: A Survey. https://doi.org/10.48550/ARXIV.1901.03407
[7]
Ting Chen, Simon Kornblith, Mohammad Norouzi, and Geoffrey Hinton. 2020. A Simple Framework for Contrastive Learning of Visual Representations. In Proceedings of the 37th International Conference on Machine Learning. 1597--1607.
[8]
Weiqi Cui, Tao Chen, and Eric Chan-Tin. 2020. More Realistic Website Fingerprinting Using Deep Learning. In Proceedings of IEEE 40th International Conference on Distributed Computing Systems. 333--343.
[9]
Xinhao Deng, Qilei Yin, Zhuotao Liu, Xiyuan Zhao, Qi Li, Mingwei Xu, Ke Xu, and Jianping Wu. 2023. Robust Multi-tab Website Fingerprinting Attacks in the Wild. In Proceedings of IEEE Symposium on Security and Privacy (SP). 1005--1022.
[10]
Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second-Generation Onion Router. In Proceedings of the 13th Conference on USENIX Security Symposium. 21--39.
[11]
Kevin P Dyer, Scott E Coull, Thomas Ristenpart, and Thomas Shrimpton. 2012. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In Proceedings of IEEE Symposium on Security and Privacy. 332--346.
[12]
Jiajun Gong and Tao Wang. 2020. Zero-delay lightweight defenses against website fingerprinting. In Proceedings of USENIX Security Symposium. 717--734.
[13]
Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust Scalable Website Fingerprinting Technique. In Proceedings of USENIX Security Symposium. 1187--1203.
[14]
Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. 770--778.
[15]
Dominik Herrmann, Rolf Wendolsky, and Hannes Federrath. 2009. Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Na"ive-Bayes Classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security. 31--42.
[16]
Andrew Hintz. 2002. Fingerprinting websites using traffic analysis. In Proceedings of International Workshop on Privacy Enhancing Technologies. 171--178.
[17]
Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. 2014. A Critical Evaluation of Website Fingerprinting Attacks. In Proceedings of ACM Conference on Computer and Communications Security. 263--274.
[18]
Marc Juarez, Mohsen Imani, Mike Perry, Claudia Diaz, and Matthew Wright. 2016. Toward an Efficient Website Fingerprinting Defense. In Proceedings of the European Symposium on Research in Computer Security (ESORICS). 27--46.
[19]
Prannay Khosla, Piotr Teterwak, Chen Wang, Aaron Sarna, Yonglong Tian, Phillip Isola, Aaron Maschinot, Ce Liu, and Dilip Krishnan. 2020. Supervised contrastive learning. Advances in neural information processing systems, Vol. 33 (2020), 18661--18673.
[20]
Yann LeCun, Yoshua Bengio, and Geoffrey Hinton. 2015. Deep learning. Nature, Vol. 521, 7553 (2015), 436--444.
[21]
Jianfeng Li, Shuohan Wu, Hao Zhou, Xiapu Luo, Ting Wang, Yangyang Liu, and Xiaobo Ma. 2022a. Packet-Level Open-World App Fingerprinting on Wireless Traffic. In Proceedings of the Network and Distributed System Security Symposium.
[22]
Jianfeng Li, Hao Zhou, Shuohan Wu, Xiapu Luo, Ting Wang, Xian Zhan, and Xiaobo Ma. 2022b. FOAP: Fine-Grained Open-World Android App Fingerprinting. In Proceedings of the 31st USENIX Security Symposium. 1579--1596.
[23]
Sungbin Lim, Ildoo Kim, Taesup Kim, Chiheon Kim, and Sungwoong Kim. 2019. Fast autoaugment. In Proceedings of Advances in Neural Information Processing Systems. 6665--6675.
[24]
David Lu, Sanjit Bhat, Albert Kwon, and Srinivas Devadas. 2018. Dynaflow: An efficient website fingerprinting defense based on dynamically-adjusting flows. In Proceedings of the 2018 Workshop on Privacy in the Electronic Society. 109--113.
[25]
Xiapu Luo, Peng Zhou, Edmond WW Chan, Wenke Lee, Rocky KC Chang, Roberto Perdisci, et al. 2011. HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows. In Proceedings of the Network and Distributed System Security Symposium.
[26]
Xiaobo Ma, Mawei Shi, Bingyu An, Jianfeng Li, Daniel Xiapu Luo, Junjie Zhang, and Xiaohong Guan. 2021. Context-aware website fingerprinting over encrypted proxies. In Proceedings of IEEE Conference on Computer Communications. 1--10.
[27]
Andriy Panchenko, Fabian Lanze, Andreas Zinnen, Martin Henze, Jan Pennekamp, Klaus Wehrle, and Thomas Engel. 2016. Website Fingerprinting at Internet Scale. In Proceedings of the Network and Distributed System Security Symposium. 1--15.
[28]
Litao Qiao, Bang Wu, Shuijun Yin, Heng Li, Wei Yuan, and Xiapu Luo. 2023. Resisting DNN-based website fingerprinting attacks enhanced by adversarial training. IEEE Transactions on Information Forensics and Security, Vol. 18 (2023), 5375--5386.
[29]
Jian Qu, Xiaobo Ma, Jianfeng Li, Xiapu Luo, Lei Xue, Junjie Zhang, Zhenhua Li, Li Feng, and Xiaohong Guan. 2023. An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting. In Proceedings of the 32nd USENIX Security Symposium. 589--606.
[30]
Mohammad Saidur Rahman, Mohsen Imani, Nate Mathews, and Matthew Wright. 2020. Mockingbird: Defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Transactions on Information Forensics and Security, Vol. 16 (2020), 1594--1609.
[31]
Vera Rimmer, Davy Preuveneers, Marc Juarez, Tom Van Goethem, and Wouter Joosen. 2018. Automated Website Fingerprinting through Deep Learning. In Proceedings of the Network and Distributed System Security Symposium.
[32]
Florian Schroff, Dmitry Kalenichenko, and James Philbin. 2015. FaceNet: A unified embedding for face recognition and clustering. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 815--823.
[33]
Vitaly Shmatikov and Ming-Hsiu Wang. 2006. Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses. In Proceedings of the 11th European conference on Research in Computer Security. 18--33.
[34]
Connor Shorten and Taghi M Khoshgoftaar. 2019. A survey on image data augmentation for deep learning. Journal of Big Data, Vol. 6, 1 (2019), 1--48.
[35]
Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In Proceedings of the 3rd International Conference on Learning Representations.
[36]
Payap Sirinam, Mohsen Imani, Marc Juarez, and Matthew Wright. 2018. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In Proceedings of ACM Conference on Computer and Communications Security. 1928--1943.
[37]
Payap Sirinam, Nate Mathews, Mohammad Saidur Rahman, and Matthew Wright. 2019. Triplet fingerprinting: More practical and portable website fingerprinting with n-shot learning. In Proceedings of ACM Conference on Computer and Communications Security. 1131--1148.
[38]
Xueliang Sun, Anxin Huang, Xiapu Luo, and Yi Xie. 2021. Webpage Fingerprinting Identification on Tor: A Survey. Journal of Computer Research and Development, Vol. 58, 8 (2021), 1773--1788.
[39]
Chuanqi Tan, Fuchun Sun, Tao Kong, Wenchang Zhang, Chao Yang, and Chunfang Liu. 2018. A survey on deep transfer learning. In Proceedings of 27th International Conference on Artificial Neural Networks. 270--279.
[40]
Eric Tzeng, Judy Hoffman, Kate Saenko, and Trevor Darrell. 2017. Adversarial discriminative domain adaptation. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 7167--7176.
[41]
Chenggang Wang, Jimmy Dani, Xiang Li, Xiaodong Jia, and Boyang Wang. 2021. Adaptive Fingerprinting: Website Fingerprinting over Few Encrypted Traffic. In Proceedings of ACM Conference on Data and Application Security and Privacy. 149--160.
[42]
Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In Proceedings of USENIX Security Symposium. 143--157.
[43]
Xi Xiao, Xiang Zhou, Zhenyu Yang, Le Yu, Bin Zhang, Qixu Liu, and Xiapu Luo. 2024. A comprehensive analysis of website fingerprinting defenses on Tor. Computers & Security, Vol. 136 (2024), 103577.
[44]
Yixiao Xu, Tao Wang, Qi Li, Qingyuan Gong, Yang Chen, and Yong Jiang. 2018. A Multi-Tab Website Fingerprinting Attack. In Proceedings of the 34th Annual Computer Security Applications Conference. 327--341.
[45]
Ziwei Zhang, Peng Cui, and Wenwu Zhu. 2022. Deep Learning on Graphs: A Survey. IEEE Transactions on Knowledge and Data Engineering, Vol. 34, 1 (2022), 249--270.
[46]
Zhun Zhong, Liang Zheng, Guoliang Kang, Shaozi Li, and Yi Yang. 2020. Random Erasing Data Augmentation. Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34, 07 (2020), 13001--13008.
[47]
Zongwei Zhou, Jae Shin, Lei Zhang, Suryakanth Gurudu, Michael Gotway, and Jianming Liang. 2017. Fine-Tuning Convolutional Neural Networks for Biomedical Image Analysis: Actively and Incrementally. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 7340--7351.
[48]
Fuzhen Zhuang, Zhiyuan Qi, Keyu Duan, Dongbo Xi, Yongchun Zhu, Hengshu Zhu, Hui Xiong, and Qing He. 2021. A Comprehensive Survey on Transfer Learning. Proc. IEEE, Vol. 109, 1 (2021), 43--76. io
Index Terms
- Contrastive Fingerprinting: A Novel Website Fingerprinting Attack over Few-shot Traces
Recommendations
Realistic Website Fingerprinting By Augmenting Network Traces
CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications SecurityWebsite Fingerprinting (WF) is considered a major threat to the anonymity of Tor users (and other anonymity systems). While state-of-the-art WF techniques have claimed high attack accuracies, e.g., by leveraging Deep Neural Networks (DNN), several recent ...
Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityWebsite fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection. State-of-the-art website fingerprinting attacks have been shown to be effective even against Tor. Recently, lightweight ...
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications SecurityWebsite Fingerprinting (WF) attacks pose a serious threat to users' online privacy, including for users of the Tor anonymity system. By exploiting recent advances in deep learning, WF attacks like Deep Fingerprinting (DF) have reached up to 98% ...
Comments
Information & Contributors
Information
Published In
May 2024
4826 pages
ISBN:9798400701719
DOI:10.1145/3589334
- General Chairs:
- Tat-Seng Chua,
- Chong-Wah Ngo,
- Proceedings Chair:
- Roy Ka-Wei Lee,
- Program Chairs:
- Ravi Kumar,
- Hady W. Lauw
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 13 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- The National Key R&D Program of China
- Hong Kong RGC Project
Conference
WWW '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,899 of 8,196 submissions, 23%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 273Total Downloads
- Downloads (Last 12 months)273
- Downloads (Last 6 weeks)39
Reflects downloads up to 01 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in