SAD: Website Fingerprinting Defense Based on Adversarial Examples

Website Fingerprinting (WF) attacks can infer website names from encrypted network traffic when the victim is browsing the website. Inherent defenses of anonymous communication systems such as The Onion Router (Tor) cannot compete with current WF attacks. The state-of-the-art attack based on deep learning can gain over 98% accuracy in Tor. However, the existing defense will bring high bandwidth overhead, affect the user’s network experience or cannot be used in actual scenarios. Some researchers found that deep learning models are vulnerable to adversarial examples. In this paper, based on adversarial examples we propose Segmented Adversary Defense (SAD) for deep learning-based WF attacks. Network traffic is divided into multiple segments. Then, the adversarial examples for each segment of traffic can be generated by SAD. Finally, dummy packets from adversarial examples are inserted after each segment traffic. Experimentally, our results show that SAD can effectively reduce the accuracy of WF attacks. The technique drops the accuracy of the state-of-the-art attack hardened from 96% to 3% while incurring only 40% bandwidth overhead. Compared with the existing proposed defense named Deep Fingerprinting Defender (DFD), the defense effect of SAD is better under the same bandwidth overhead.