Abstract
TLS protocol encryption hides the specific packet content but not the network characteristics. The adversary can determine the relevant information of the video through traffic analysis by using convolutional neural networks. In this paper, we propose a new novel defense mechanism that injects dummy packets into the video stream by pre-computing adversarial traces. Moreover, to deal with different network conditions, we offer two adversarial methods. 1) When the network condition is relatively single, applying traditional adversarial examples will play a good role in the effect with a small amount of bandwidth overhead. 2) When the network condition becomes more complex, we have no prior knowledge about upcoming network packets. Therefore, the traditional adversarial sample method that needs entire stream traces to calculate cannot be applied. To solve this problem, we take advantage of adversarial patches’ input-agnostic and location-agnostic properties to generate “universal” adversarial traces. We experimentally demonstrate that our defense methods are promising solutions in the underlying scenarios.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: USENIX Security Symposium (2016)
Gong, J., Wang, T.: Zero-delay lightweight defenses against website fingerprinting. In: 29th USENIX Security Symposium. USENIX Association, Boston (2020)
de la Cadena, W., et al.: Trafficsliver: fighting website fingerprinting attacks with traffic splitting. In: Proceedings of CCS (2020), pp. 1971–1985 (2020)
T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg, “Effective attacks and provable defenses for website fingerprinting,” in USENIX Security Symposium, 2014
Hou, C., Gou, G., Shi, J., Fu, P., Xiong, G.: Wfgan: Fighting back against website fingerprinting attack using adversarial learning. In: Proceedings of ISCC (2020), pp. 1–7. IEEE (2020)
Juarez, M., Imani, M., Perry, M., Diaz, C., Wright, M.: Toward an efficient website fingerprinting defense. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 27–46. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_2
Schuster, R., Shmatikov, V., Tromer, E.: Beauty and the burst: remote identification of encrypted video streams. In: USENIX Security Symposium (2017)
Rauber, J., Brendel, W., Bethge, M.: Foolbox: a python toolbox to benchmark the robustness of machine learning models. In: 34th International Conference on Machine Learning, Reliable Machine Learning in the Wild Workshop (2017). https://arxiv.org/abs/ 1707.04131
Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572v3 (2014)
Brown, T.B., Mane, D., Roy, A., Abadi, M., Gilmer, J.: Adversarial patch. arXiv preprint ’ arXiv:1712.09665 (2017)
Li, P., Gao, D., Reiter, M.K.: Mitigating access-driven timing channels in clouds using stopwatch. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE (2013)
Liu, W., Gao, D., Reiter, M.K.: On-demand time blurring to support side-channel defense. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 210–228. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_12
Martin, R., Demme, J., Sethumadhavan, S.: Timewarp: rethinking timekeeping and performance monitoring mechanisms to mitigate sidechannel attacks. In: ACM SIGARCH Computer Architecture News (2012)
Vattikonda, B.C., Das, S., Shacham, H.: Eliminating fine grained timers in xen. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop. ACM (2011)
Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge aes against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive (2006)
Keramidas, G., Antonopoulos, A., Serpanos, D.N., Kaxiras, S.: Non deterministic caches: a simple and effective defense against side channel attacks. In: Design Automation for Embedded Systems (2008)
Xiao, Q., Reiter, M.K., Zhang, Y.: Mitigating storage side channels using statistical privacy mechanisms. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM (2015)
Zhang, X., Hamm, J., Reiter, M.K., Zhang, Y.: Statistical privacy for streaming traffic. In: Proceedings of NDSS 2019 (2019)
Cherubin, G., Hayes, J., Juarez, M.: Website fingerprinting defenses at the application layer. PoPETS 2017(2), 186–203 (2017)
Henri, S., Garcia-Aviles, G., Serrano, P., Banchs, A., Thiran, P.: Protecting against website fingerprinting with multihoming. PoPETS 2020(2), 89–110 (2020)
Cai, X., Nithyanand, R., Johnson, R.: Cs-buflo: a congestion sensitive website fingerprinting defense. In: Proceedings of WPES, pp. 121–130 (2014)
Cai, X., Nithyanand, R., Wang, T., Johnson, R., Goldberg, I.: A systematic approach to developing and evaluating website fingerprinting defenses. In: Proceedings of CCS, pp. 227–238 (2014)
Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, i still see you: why efficient traffic analysis countermeasures fail. In: Proceedings of IEEE S&P, pp. 332–346. IEEE (2012)
Nithyanand, R., Cai, X., Johnson, R.: Glove: a bespoke website fingerprinting defense. In: Proceedings of WPES, pp. 131–134 (2014)
Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: Proceedings of USENIX Security, pp. 143–157 (2014)
Wang, T., Goldberg, I. Walkie-talkie: an efficient defense against passive website fingerprinting attacks. In: Proceedings of USENIX Security, pp. 1375–1390 (2017)
Song, D., et al.: Physical adversarial examples for object detectors. In: Proceedings of WOOT (2018)
Wallace, E., Feng, S., Kandpal, N., Gardner, M., Singh, S.: Universal adversarial triggers for attacking and analyzing nlp. arXiv preprint arXiv:1908.07125 (2019)
Wu, Z., Lim, S.-N., Davis, L., Goldstein, T. Making an invisibility cloak: real world adversarial attacks on object detectors. arXiv preprint arXiv:1910.14667 (2019)
Papernot, N., Mcdaniel, P., Swami, A., Harang, R.: Crafting adversarial input sequences for recurrent neural networks. In: Proceedings of MILCOM, pp. 49–54. IEEE (2016)
Ren, S., Deng, Y., He, K., Che, W.: Generating natural language adversarial examples through probability weighted word saliency. In: Proceedings of ACL, pp. 1085–1097 (2019)
Wang, X., Jin, H., He, K.: Natural language adversarial attacks and defenses in word level. arXiv preprint arXiv:1909.06723 (2019)
Kolosnjaji, B., et al.: Adversarial malware binaries: evading deep learning for malware detection in executables. In: Proceedings of EUSIPCO, pp. 533–537. IEEE (2018)
Acknowledgement
This work was partially supported by the National Natural Science Foundation of China NSFC [grant numbers 62072343, U1736211]. the National Key Research Development Program of China[grant numbers 2019QY(Y)0206].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhang, Z., Ye, D. (2021). Protecting Encrypted Video Stream Against Information Leak Using Adversarial Traces. In: Peng, Y., Hu, SM., Gabbouj, M., Zhou, K., Elad, M., Xu, K. (eds) Image and Graphics. ICIG 2021. Lecture Notes in Computer Science(), vol 12890. Springer, Cham. https://doi.org/10.1007/978-3-030-87361-5_62
Download citation
DOI: https://doi.org/10.1007/978-3-030-87361-5_62
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87360-8
Online ISBN: 978-3-030-87361-5
eBook Packages: Computer ScienceComputer Science (R0)