Search Results (5)

Popular Large Language Models (LLMs) access uses website browsing and also faces website fingerprinting attacks. Website fingerprinting attacks have increasingly threatened website users to the leakage of browsing privacy. In addition to the often-used network traffic analysis, interrupt tracing exploits the microarchitectural side channels to be a new compromising method and assists website fingerprinting attacks on non-LLM websites with up to 96.6% classification accuracy. More importantly, our observations show that LLM website access performs inherent defense and decreases the attack classification accuracy to 6.5%. This resistance highlights the need to develop new website fingerprinting attacks for LLM websites. Therefore, we propose a fine-grained LLM-oriented website fingerprinting attack via fusing interrupt trace and network traffic (LLM-WFIN) to identify the browsing website and the content type accurately. A prior-fusion-based one-stage classifier and post-fusion-based two-stage classifier are trained to enhance website fingerprinting attacks. The comprehensive results and ablation study on 25 popular LLM websites and varying machine learning methods demonstrate that LLM-WFIN using post-fusion achieves 97.2% attack classification accuracy with no defense and outperforms prior-fusion with 81.6% attack classification accuracy with effective defenses. Full article

Website fingerprinting attacks attempt to apply deep learning technology to identify websites corresponding to encrypted traffic data. Unfortunately, to the best of our knowledge, once the total number of encrypted traffic data becomes insufficient, the identification accuracy in most existing works will drop dramatically. This phenomenon grows worse because the statistical features of the encrypted traffic data are not always stable but irregularly varying in different time periods. Even a deep learning model requires good performance to capture the statistical features, its accuracy usually diminishes in a short period of time because the changes of the statistical features technically put the training and testing data into two non-identical distributions. In this paper, we first propose a convolutional neural network-based website fingerprinting attack (CWFA) scheme. This scheme integrates packet direction with the timing sequence from the encrypted traffic data to improve the accuracy of analysis as much as possible on few data samples. We then design a new fine-tuning mechanism for the CWFA (FM-CWFA) scheme based on transfer learning. This mechanism enables the proposed FM-CWFA scheme to support the changes in the statistical patterns. The experimental results in closed-world and open-world settings show that the effectiveness of the CWFA scheme is better than previous researches, with the slowest performance degradation when the number of data decreases, and the FM-CWFA scheme can remain effective when the statistical features change. Full article

The rapid development of IoT technology has promoted the integration of physical space and cyberspace. At the same time, it has also increased the risk of privacy leakage of Internet users. A large number of research works have shown that attackers can infer Internet surfing privacy through traffic patterns without decryption. Most of the existing research work on anti-traffic analysis is based on a weakened experimental assumption, which is difficult to apply in the actual IoT network environment and seriously affects the user experience. This article proposes a novel lightweight and reliable defense—SMART, which can ensure the anonymity and security of network communication without sacrificing network transmission performance. SMART introduces a multi-path transmission model in the Tor network, and divides traffic at multiple Tor entry onion relays, preventing attackers from obtaining network traffic statistical characteristics. We theoretically proved that SMART can improve the uncertainty of website fingerprint analysis results. The experimental result shows that SMART is able to resist encrypted traffic analysis tools, reducing the accuracy of four state-of-the-art classifiers from 98% to less than 12%, without inducing any additional artificial delay or dummy traffic. In order to avoid the performance degradation caused by data reassembly, SMART proposes a redundant slice mechanism to ensure reliability. Even in the case of human interference, the communication success rate is still as high as 97%. Full article

An anonymous network can be used to protect privacy and conceal the identities of both communication parties. A website fingerprinting attack identifies the target website for the data access by matching the pattern of the monitored data traffic, rendering the anonymous network ineffective. To defend against fingerprint attacks on anonymous networks, we propose a novel adversarial sample generation method based on genetic algorithms. We can generate effective adversarial samples with minimal cost by constructing an appropriate fitness function to select samples, allowing us to defend against several mainstream attack methods. The technique reduces the accuracy of a cutting-edge attack hardened with adversarial training from 90% to 20–30%. It also outperforms other defense methods of the same type in terms of information leakage rate. Full article

Tor serves better at protecting users’ privacy than other anonymous communication tools. Even though it is resistant to deep packet inspection, Tor can be de-anonymized by the website fingerprinting (WF) attack, which aims to monitor the website users are browsing. WF attacks based on deep learning perform better than those using manually designed features and traditional machine learning. However, a deep learning model is data-hungry when simulating the mapping relations of traffic and the website it belongs to, which may not be practical in reality. In this paper, we focus on investigating the composition mechanism of website fingerprinting and try to solve data shortage with bionic traffic traces. More precisely, we propose a new concept called the send-and-receive pair (SRP) to deconstruct traffic traces and design SRP-based cumulative features. We further reconstruct and generate bionic traces (BionicT) based on the rearranged SRPs. The results show that our bionic traces can improve the performance of the state-of-the-artdeep-learning-based Var-CNN. The increment in accuracy reaches up to 50% in the five-shot setting, much more effective than the data augmentation method HDA. In the 15/20-shot setting, our method even defeated TF with more than 95% accuracy in closed-world scenarios and an $F_1$-score of over 90% in open-world scenarios. Moreover, expensive experiments show that our method can enhance the deep learning model’s ability to combat concept drift. Overall, the SRP can serve as an effective tool for analyzing and describing website traffic traces. Full article