Skip to main content
SpringerLink
Log in

AAP: Defending Against Website Fingerprinting Through Burst Obfuscation

  • Conference paper
  • First Online:
Advanced Data Mining and Applications (ADMA 2023)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 14180))

Included in the following conference series:

  • 475 Accesses

Abstract

Website fingerprinting enables eavesdroppers to identify the website a user is visiting by network surveillance, even if the traffic is protected by anonymous communication technologies such as Tor. To defend against website fingerprinting attacks, Tor provides a circuit padding framework as the official way to implement padding defenses. However, the circuit padding framework can not support additional delay, which makes most defense schemes unworkable. In this paper, we study the patterns of HTTP requests and responses generated during website loading and analyze how these high-level features correlate with the underlying features of network traffic. We find that the HTTP requests sent and responses received continuously in a short period of time, which we call HTTP burst, have a significant impact on network traffic. Then we propose a novel website fingerprinting defense algorithm, Advanced Adaptive Padding(AAP). The design principle of AAP is similar to Adaptive Padding, which works by obfuscating burst features. AAP does not delay application packets and is in line with the design philosophy of low latency networks such as Tor. Besides, AAP uses a more sensible traffic obfuscation strategy, which makes it more effective. Experiments show that AAP outperforms other zero-delay defenses with moderate bandwidth overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.alexa.com.

References

  1. Syverson, P., Dingledine, R., Mathewson, N.: Tor: the secondgeneration onion router. In: Proceedings of the 13th USENIX Security Symposium, (San Diego, CA, USA), pp. 303–320, USENIX Association (2004)

    Google Scholar 

  2. Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS, (Toronto, ON, Canada), pp. 1928–1943 (2018)

    Google Scholar 

  3. Cherubin, G., Jansen, R., Troncoso, C.: Online website fingerprinting: evaluating website fingerprinting attacks on tor in the real world. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 753–770 (2022)

    Google Scholar 

  4. Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006). https://doi.org/10.1007/11863908_2

    Chapter  Google Scholar 

  5. Juarez, M., Imani, M., Perry, M., Diaz, C., Wright, M.: Toward an efficient website fingerprinting defense. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 27–46. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_2

    Chapter  Google Scholar 

  6. Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: 33rd IEEE Symposium on Security and Privacy, pp. 332–346 (2012)

    Google Scholar 

  7. Cai, X., Nithyanand, R., Johnson, R.: CS-BuFLO: a congestion sensitive website fingerprinting defense. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES, (Scottsdale, AZ, USA), pp. 121–130. ACM (2014)

    Google Scholar 

  8. Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS, (Scottsdale, AZ, USA), pp. 227–238. ACM (2014)

    Google Scholar 

  9. Lu, D., Bhat, S., Kwon, A., Devadas, S.: DynaFlow: an efficient website fingerprinting defense based on dynamically-adjusting flows. In: Proceedings of the 2018 Workshop on Privacy in the Electronic Society, WPES, (Toronto, Canada), pp. 109–113. ACM (2018)

    Google Scholar 

  10. Nithyanand, R., Cai, X., Johnson, R.: Glove: a bespoke website fingerprinting defense. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 131–134 (2014)

    Google Scholar 

  11. Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the 23rd USENIX Security Symposium, (San Diego, CA, USA), pp. 143–157, USENIX Association (2014)

    Google Scholar 

  12. Wang, T., Goldberg, I.: Walkie-Talkie: an efficient defense against passive website fingerprinting attacks. In: Proceedings of the 26th USENIX Security Symposium, (Vancouver, BC), pp. 1375–1390, USENIX Association (2017)

    Google Scholar 

  13. Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES, (Chicago, IL, USA), pp. 103–114 (2011)

    Google Scholar 

  14. Luo, X., Zhou, P., Chan, E.W., Lee, W., Chang, R.K., Perdisci, R., et al.: HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In: Proceedings of the Network and Distributed System Security Symposium, NDSS, (San Diego, CA, USA) (2011)

    Google Scholar 

  15. Cherubin, G., Hayes, J., Juárez, M.: Website fingerprinting defenses at the application layer. Proc. Priv. Enhan. Technol. 2017(2), 186–203 (2017)

    Google Scholar 

  16. Cai, X., Zhang, X.C., Joshi, B., Johnson, R.: Touching from a distance: website fingerprinting attacks and defenses. In: Proceedings of the 2012 ACM conference on Computer and communications security, CCS, pp. 605–616. ACM (2012)

    Google Scholar 

  17. Gong, J., Wang, T.: Zero-delay lightweight defenses against website fingerprinting. In: Proceedings of the 29th USENIX Security Symposium, (Boston, MA, USA), pp. 717–734, USENIX Association (2020)

    Google Scholar 

  18. Henri, S., García, G., Serrano, P., Banchs, A., Thiran, P., et al.: Protecting against website fingerprinting with multihoming. Proc. Priv. Enhan. Technol. 2020(2), 89–110 (2020)

    Google Scholar 

  19. De la Cadena, W., et al.: TrafficSliver: fighting website fingerprinting attacks with traffic splitting. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CSS, (Virtual Event, USA), pp. 1971–1985. ACM (2020)

    Google Scholar 

  20. Hou, C., Gou, G., Shi, J., Fu, P., Xiong, G.: WF-GAN: fighting back against website fingerprinting attack using adversarial learning. In: IEEE Symposium on Computers and Communications, ISCC, (Rennes, France), pp. 1–7. IEEE (2020)

    Google Scholar 

  21. Xiao, C., Li, B., Zhu, J.-Y., He, W., Liu, M., Song, D.: Generating adversarial examples with adversarial networks. In: Proceedings of the 27th International Joint Conference on Artificial Intelligence, IJCAI, pp. 3905–3911. AAAI (2018)

    Google Scholar 

  22. Rahman, M.S., Imani, M., Mathews, N., Wright, M.: Mockingbird: defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Trans. Inf. Forensics Secur. 16, 1594–1609 (2020)

    Article  Google Scholar 

  23. Nasr, M., Bahramali, A., Houmansadr, A.: Defeating DNN-based traffic analysis systems in real-time with blind adversarial perturbations. In: Proceedings of the 30th USENIX Security Symposium, (Vancouver, B.C., Canada), pp. 2705–2722, USENIX Association (2021)

    Google Scholar 

  24. Cortesi, A., Hils, M., Kriechbaumer, T.: mitmproxy: a free and open source interactive HTTPS proxy (2010) [Version 9.0]

    Google Scholar 

  25. Wang, T., Goldberg, I.: Improved website fingerprinting on tor. In: Proceedings of the 12th ACM Workshop on Workshop on Privacy in the Electronic Society, WPES, (Berlin, Germany), pp. 201–212. ACM (2013)

    Google Scholar 

  26. Panchenko, A., et al.: Website fingerprinting at internet scale. In: Proceedings of Internet Society Symposium on Network and Distributed Systems Security, (San Diego, CA, USA). IEEE (2016)

    Google Scholar 

Download references

Acknowledgment

This work was supported inpart by the National Natural Science Foundation of China (61972219), the Research and Development Program of Shenzhen (JCYJ20190813174403598), the Overseas Research Cooperation Fund of Tsinghua Shenzhen International Graduate School (HW2021013), the Youth Innovation Promotion Association CAS (2019163), the Guangdong Basic and Applied Basic Research Foundation (2022A1515010417), the Key Project of Shenzhen Municipality(JSGG20211029095545002), the Science and Technology Research Project of Henan Province(222102210096), the Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, and Shenzhen Science and Technology Innovation Commission (Research Center for Computer Network (Shenzhen) Ministry of Education).

Author information

Authors and Affiliations

  1. Shenzhen International Graduate School, Tsinghua University, Beijing, China

    Zhenyu Yang & Xi Xiao

  2. Peng Cheng Laboratory, Shenzhen, China

    Bin Zhang & Qing Li

  3. Shenzhen Institute of Information Technology, Shenzhen, China

    Guangwu Hu

  4. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Xi Xiao & Qixu Liu

Authors
  1. Zhenyu Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xi Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bin Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Guangwu Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Qing Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Qixu Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xi Xiao .

Editor information

Editors and Affiliations

  1. Northeastern University, Shenyang, China

    Xiaochun Yang

  2. The University of Indonesia, Depok, Indonesia

    Heru Suhartanto

  3. Beijing Institute of Technology, Beijing, China

    Guoren Wang

  4. Northeastern University, Shenyang, China

    Bin Wang

  5. University of Technology Sydney, Sydney, NSW, Australia

    Jing Jiang

  6. Agency for Science, Technology and Research (A*STAR), Singapore, Singapore

    Bing Li

  7. Sun Yat-sen University, Guangzhou, China

    Huaijie Zhu

  8. Anhui University, Hefei, China

    Ningning Cui

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yang, Z., Xiao, X., Zhang, B., Hu, G., Li, Q., Liu, Q. (2023). AAP: Defending Against Website Fingerprinting Through Burst Obfuscation. In: Yang, X., et al. Advanced Data Mining and Applications. ADMA 2023. Lecture Notes in Computer Science(), vol 14180. Springer, Cham. https://doi.org/10.1007/978-3-031-46677-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-46677-9_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-46676-2

  • Online ISBN: 978-3-031-46677-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation