Abstract
Website fingerprinting has been recognized as a traffic analysis attack against encrypted traffic induced by anonymity networks (e.g., Tor) and encrypted proxies. Recent studies have demonstrated that, leveraging machine learning techniques and numerous side-channel traffic features, website fingerprinting is effective in inferring which website a user is visiting via anonymity networks and encrypted proxies. In this paper, we concentrate on Shadowsocks, an encrypted proxy widely used to evade Internet censorship, and we are interested in to what extent state-of-the-art website fingerprinting techniques can break the privacy of Shadowsocks users in real-world scenarios. By design, Shadowsocks does not deploy any timing-based or packet size-based defenses like Tor. Therefore, we expect that website fingerprinting could achieve better attack performance against Shadowsocks compared to Tor. However, after deploying Shadowsocks with more than 20 active users and collecting 30 GB traces during one month, our observation is counter-intuitive. That is, the attack performance against Shadowsocks is even worse than that against Tor (based on public Tor traces). Motivated by such an observation, we investigate a series of practical factors affecting website fingerprinting, such as data labeling, feature selection, and number of instances per class. Our study reveals that state-of-the-art website fingerprinting techniques may not be effective in real-world scenarios, even in the face of Shadowsocks which does not deploy typical defenses.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Scikit-learn (2017). http://scikit-learn.org/stable/
Google Trend of Shadowsocks, January 2018. https://trends.google.com.hk/trends/
Shadowsocks, January 2018. https://github.com/shadowsocks/shadowsocks
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of the ACM CCS (2014)
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of the IEEE Security and Privacy (2012)
Gong, X., Kiyavash, N., Borisov, N.: Fingerprinting websites using remote traffic analysis. In: Proceedings of the ACM CCS (2010)
Gu, X., Yang, M., Luo, J.: A novel website fingerprinting attack against multi-tab browsing behavior. In: Proceedings of the IEEE CSCWD (2015)
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: Proceedings of the USENIX Security (2016)
Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the ACM CCSW (2009)
Hintz, A.: Fingerprinting websites using traffic analysis. In: Proceedings of the PET (2002)
Ho, T.K., Basu, M.: Complexity measures of supervised classification problems. IEEE Trans. Pattern Anal. Mach. Intell. 24(3), 289–300 (2002)
Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the ACM CCS (2014)
Juárez, M., Imani, M., Perry, M., Díaz, C., Wright, M.: WTF-PAD: toward an efficient website fingerprinting defense for tor. CoRR abs/1512.00524 (2015). http://arxiv.org/abs/1512.00524
Li, J., et al.: Can we learn what people are doing from raw DNS queries? In: Proceedings of the IEEE INFOCOM (2018)
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the ACM CCS (2006)
Lu, L., Chang, E., Chan, M.C.: Website fingerprinting and identification using ordered feature sequences. In: Proceedings of the ESORICS (2010)
Luo, X., Zhou, P., Chan, E., Lee, W., Chang, R., Perdisci, R.: Httpos: sealing information leaks with browser-side obfuscation of encrypted flows. In: Proceedings of the NDSS (2011)
Nithyanand, R., Cai, X., Johnson, R.: Glove: A bespoke website fingerprinting defense. In: Proceedings of the WPES (2014)
Panchenko, A., et al.: Website fingerprinting at internet scale. In: Proceedings of the NDSS (2016)
Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the ACM WPES (2011)
Shmatikov, V., Wang, M.-H.: Timing analysis in low-latency mix networks: attacks and defenses. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 18–33. Springer, Heidelberg (2006). https://doi.org/10.1007/11863908_2
Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of the USENIX Security (2014)
Wright, C., Coulls, S., Monrose, F.: Traffic morphing: an efficient defense against statistical traffic analysis. In: Proceedings of the NDSS (2009)
Yu, S., Zhao, G., Dou, W., James, S.: Predicted packet padding for anonymous web browsing against traffic analysis attacks. IEEE Trans. Inf. Forensics Secur. 7(4), 1381–1393 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhao, Y., Ma, X., Li, J., Yu, S., Li, W. (2018). Revisiting Website Fingerprinting Attacks in Real-World Scenarios: A Case Study of Shadowsocks. In: Au, M., et al. Network and System Security. NSS 2018. Lecture Notes in Computer Science(), vol 11058. Springer, Cham. https://doi.org/10.1007/978-3-030-02744-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-02744-5_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02743-8
Online ISBN: 978-3-030-02744-5
eBook Packages: Computer ScienceComputer Science (R0)