SmartSwitch: Efficient Traffic Obfuscation Against Stream Fingerprinting

Abstract

In stream fingerprinting, an attacker can compromise user privacy by leveraging side-channel information (e.g., packet size) of encrypted traffic in streaming services. By taking advantages of machine learning, especially neural networks, an adversary can reveal which YouTube video a victim watches with extremely high accuracy. While effective defense methods have been proposed, extremely high bandwidth overheads are needed. In other words, building an effective defense with low overheads remains unknown. In this paper, we propose a new defense mechanism, referred to as SmartSwitch, to address this open problem. Our defense intelligently switches the noise level on different packets such that the defense remains effective but minimizes overheads. Specifically, our method produces higher noises to obfuscate the sizes of more significant packets. To identify which packets are more significant, we formulate it as a feature selection problem and investigate several feature selection methods over high-dimensional data. Our experimental results derived from a large-scale dataset demonstrate that our proposed defense is highly effective against stream fingerprinting built upon Convolutional Neural Networks. Specifically, an adversary can infer which YouTube video a user watches with only 1% accuracy (same as random guess) even if the adversary retrains neural networks with obfuscated traffic. Compared to the state-of-the-art defense, our mechanism can save nearly 40% of bandwidth overheads.

Appendix

Hyperparameters of CNN. The tuned hyperparameters of our CNN are described in Table 4. For the search space of each hyperparameter, we represent it as a set. For the activation functions, dropout, filter size and pool size, we searched hyperparameters at each layer. The tuned parameters we report in the table are presented as a sequence of values by following the order of layers we presented in Fig. 2. For instance, the tuned activation functions are selu (1st Conv), elu (2nd Conv), relu (3rd Conv), elu (4th Conv), tanh (the second-to-last Dense layer).

Table 4. Tuned hyperparameters of CNN When \(w = 0.05\) s

\(d^*\)-privacy. Xiao et al. [26] proposed \(d^*\)-privacy, which is a variant of differential privacy on time-series data, to preserve side-channel information leakage. They proved that \(d^*\)-privacy can achieve (\(d^*\),2\(\epsilon \))-privacy, where \(d^{*}\) is a distance between two time series data and \(\epsilon \) is privacy parameter in differential privacy.

Let \(\mathbf {x}=(x_{1}, ..., x_{n})\) and \(\mathbf {y}=(y_{1}, ..., y_{n})\) denote two time series with the same length. The \(d^*\)-distance between \(\mathbf {x}\) and \(\mathbf {y}\) is defined as:

$$\begin{aligned} d^*(\mathbf {x}, \mathbf {y}) = \sum _{i\ge 2} \left| (x_{i}-x_{i-1})-(y_{i}-y_{i-1}) \right| \end{aligned}$$

(6)

\(d^{*}\)-privacy produces noise to data at a later timestamp by considering data from an earlier timestamp in the same time series. Specifically, let D(i) denote the greatest power of 2 that divides timestamp i, \(d^*\)-privacy computes noised data at timestamp i as , where = 0, function \(G(\cdot )\) and \(r_{i}\) are defined as below

$$\begin{aligned} G(i)= {\left\{ \begin{array}{ll} 0 &{} \text {if } i = 1 \\ i/2 &{} \text {if } i = D(i) \\ i-D(i) &{} \text {if } i > D(i) \\ \end{array}\right. } \end{aligned}$$

(7)

$$\begin{aligned} r_i= {\left\{ \begin{array}{ll} \mathrm {Laplace}(\frac{1}{\epsilon })&{} \text {if } i = D(i) \\ \mathrm {Laplace}(\frac{\lfloor \log _2i\rfloor }{\epsilon })&{} \text {otherwise} \end{array}\right. } \end{aligned}$$

(8)