Skip to main content
Springer Nature Link
Log in

Tiny WFP: Lightweight and Effective Website Fingerprinting via Wavelet Multi-Resolution Analysis

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13905))

Included in the following conference series:

  • 998 Accesses

Abstract

Network eavesdroppers can determine which website Tor users visit by analyzing encrypted traffic traces with the Website Fingerprinting (WF) attack. WF attacks based on Deep Learning, like Deep Fingerprinting (DF) outperformed traditional statistical methods by large margins and achieved state-of-the-art. However, Deep-Learning-based WF requires high computation and storage overhead, has scalability issues, and is difficult to deploy on weak attackers with limited resources. To address this challenge, we present Tiny WFP, a lightweight WF that uses wavelet-based dimensionality reduction and an efficient neural network. We conduct wavelet decomposition and discard high-frequency coefficients to reduce the feature dimension and keep the WF success rate. Our efficient neural network is a stack of depthwise separable convolution layers with a sophisticated design. Tiny WFP attains 99.2% accuracy on undefended Tor traces while being 81x smaller and 79x less computationally intensive than DF. Tiny WFP also achieves comparable performance in the presence of Tor defenses. Tiny WFP is an effective and scalable Website Fingerprinting attack that can potentially be deployed on real-life network devices, providing a solid deterrent to crimes that exploit anonymous communications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    More precisely, by a factor of \(kd_{j} /(k+d_{j})\).

References

  1. Keras (2022). https://keras.io/

  2. Users Tor metrics (2022). https://metrics.torproject.org/userstats-relay-country.html

  3. Abe, K., Goto, S.: Fingerprinting attack on tor anonymity using deep learning. Proc. Asia-Pacific Adv. Netw. 42, 15–20 (2016)

    Google Scholar 

  4. Bhat, S., Lu, D., Kwon, A., Devadas, S.: Var-CNN: a data-efficient website fingerprinting attack based on deep learning. Proc. Priv. Enhancing Technol. 2019(4), 292–310 (2019)

    Article  Google Scholar 

  5. Cai, X., Nithyanand, R., Johnson, R.: CS-BuFlo: a congestion sensitive website fingerprinting defense. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 121–130 (2014)

    Google Scholar 

  6. Chen, M., Chen, Y., Wang, Y., Xie, P., Fu, S., Zhu, X.: End-to-end multi-tab website fingerprinting attack: a detection perspective. arXiv preprint arXiv:2203.06376 (2022)

  7. Chen, M., Wang, Y., Qin, Z., Zhu, X.: Few-shot website fingerprinting attack with data augmentation. Secur. Commun. Netw. 2021 (2021)

    Google Scholar 

  8. Chen, M., Wang, Y., Xu, H., Zhu, X.: Few-shot website fingerprinting attack. Comput. Netw. 198, 108298 (2021)

    Article  Google Scholar 

  9. Chen, M., Wang, Y., Zhu, X.: Few-shot website fingerprinting attack with meta-bias learning. Pattern Recogn. 130, 108739 (2022)

    Article  Google Scholar 

  10. Chen, Y., Wang, Y., Yang, L., Luo, Y., Chen, M.: TForm-RF: an efficient data augmentation for website fingerprinting attack. In: 2022 IEEE International Performance, Computing, and Communications Conference (IPCCC), pp. 169–178. IEEE (2022)

    Google Scholar 

  11. Dyer, K.P., Coull, S.E., Ristenpart, T., Shrimpton, T.: Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: IEEE Symposium on Security and Privacy, SP 2012, 21–23 May 2012, San Francisco, California, USA, pp. 332–346. IEEE Computer Society (2012)

    Google Scholar 

  12. Gong, J., Wang, T.: Zero-delay lightweight defenses against website fingerprinting. In: 29th USENIX Security Symposium (USENIX Security 2020), pp. 717–734 (2020)

    Google Scholar 

  13. Gong, J., Zhang, W., Zhang, C., Wang, T.: Surakav: generating realistic traces for a strong website fingerprinting defense. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, 22–26 May 2022, pp. 1558–1573. IEEE (2022)

    Google Scholar 

  14. Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: 25th USENIX Security Symposium (USENIX Security 2016), pp. 1187–1203 (2016)

    Google Scholar 

  15. Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 31–42 (2009)

    Google Scholar 

  16. Howard, A., et al.: Searching for mobilenetv3. In: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 1314–1324 (2019)

    Google Scholar 

  17. Hu, Y., Cheng, G., Chen, W., Jiang, B.: Attribute-based zero-shot learning for encrypted traffic classification. IEEE Trans. Netw. Serv. Manag. (2022)

    Google Scholar 

  18. Huang, H., He, R., Sun, Z., Tan, T.: Wavelet-SRNet: a wavelet-based CNN for multi-scale face super resolution. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 1689–1697 (2017)

    Google Scholar 

  19. Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 263–274 (2014)

    Google Scholar 

  20. Juarez, M., Imani, M., Perry, M., Diaz, C., Wright, M.: Toward an efficient website fingerprinting defense. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9878, pp. 27–46. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45744-4_2

    Chapter  Google Scholar 

  21. Li, S., Guo, H., Hopper, N.: Measuring information leakage in website fingerprinting attacks and defenses. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1977–1992 (2018)

    Google Scholar 

  22. Lin, M., Chen, Q., Yan, S.: Network in network. arXiv preprint arXiv:1312.4400 (2013)

  23. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: 6th International Conference on Learning Representations, ICLR 2018, Vancouver, BC, Canada, 30 April–3 May 2018, Conference Track Proceedings. OpenReview.net (2018)

    Google Scholar 

  24. Mallat, S.: Wavelets for a vision. Proc. IEEE 84(4), 604–614 (1996)

    Article  Google Scholar 

  25. Nasr, M., Houmansadr, A., Mazumdar, A.: Compressive traffic analysis: a new paradigm for scalable traffic analysis. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 2053–2069 (2017)

    Google Scholar 

  26. Oh, S.E., Mathews, N., Rahman, M.S., Wright, M., Hopper, N.: GANDaLF: GAN for data-limited fingerprinting. Proc. Priv. Enhancing Technol. 2021(2), 305–322 (2021)

    Article  Google Scholar 

  27. Oh, S.E., Sunkam, S., Hopper, N.: P1-FP: extraction, classification, and prediction of website fingerprints with deep learning. Proc. Priv. Enhancing Technol. 2019(3), 191–209 (2019)

    Article  Google Scholar 

  28. Panchenko, A., et al.: Website fingerprinting at internet scale. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016. The Internet Society (2016)

    Google Scholar 

  29. Papernot, N., McDaniel, P.D., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016, pp. 582–597. IEEE Computer Society (2016)

    Google Scholar 

  30. Rahman, M.S., Imani, M., Mathews, N., Wright, M.: Mockingbird: defending against deep-learning-based website fingerprinting attacks with adversarial traces. IEEE Trans. Inf. Forensics Secur. 16, 1594–1609 (2020)

    Article  Google Scholar 

  31. Rahman, M.S., Sirinam, P., Mathews, N., Gangadhara, K.G., Wright, M.: Tik-Tok: the utility of packet timing in website fingerprinting attacks. Proc. Priv. Enhancing Technol. 2020(3), 5–24 (2020)

    Article  Google Scholar 

  32. Rimmer, V., Preuveneers, D., Juárez, M., van Goethem, T., Joosen, W.: Automated website fingerprinting through deep learning. In: 25th Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18–21 February 2018. The Internet Society (2018)

    Google Scholar 

  33. Sadeghzadeh, A.M., Tajali, B., Jalili, R.: AWA: adversarial website adaptation. IEEE Trans. Inf. Forensics Secur. 16, 3109–3122 (2021)

    Article  Google Scholar 

  34. Sandler, M., Howard, A., Zhu, M., Zhmoginov, A., Chen, L.C.: Mobilenetv 2: inverted residuals and linear bottlenecks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4510–4520 (2018)

    Google Scholar 

  35. Shan, S., Bhagoji, A.N., Zheng, H., Zhao, B.Y.: A real-time defense against website fingerprinting attacks. arXiv preprint arXiv:2102.04291 (2021)

  36. Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928–1943 (2018)

    Google Scholar 

  37. Sirinam, P., Mathews, N., Rahman, M.S., Wright, M.: Triplet fingerprinting: more practical and portable website fingerprinting with n-shot learning. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1131–1148 (2019)

    Google Scholar 

  38. Tan, M., Le, Q.: Efficientnet: rethinking model scaling for convolutional neural networks. In: International Conference on Machine Learning, pp. 6105–6114. PMLR (2019)

    Google Scholar 

  39. Wang, C., Dani, J., Li, X., Jia, X., Wang, B.: Adaptive fingerprinting: website fingerprinting over few encrypted traffic. In: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, pp. 149–160 (2021)

    Google Scholar 

  40. Wang, N., Chen, Y., Xiao, Y., Hu, Y., Lou, W., Hou, T.: Manda: on adversarial example detection for network intrusion detection system. IEEE Trans. Dependable Secure Comput. 20(2), 1139–1153 (2022)

    Article  Google Scholar 

  41. Wang, T.: High precision open-world website fingerprinting. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 152–167. IEEE (2020)

    Google Scholar 

  42. Wang, T., Cai, X., Nithyanand, R., Johnson, R., Goldberg, I.: Effective attacks and provable defenses for website fingerprinting. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 143–157 (2014)

    Google Scholar 

  43. Wang, T., Goldberg, I.: On realistically attacking tor with website fingerprinting. Proc. Priv. Enhancing Technol. 2016(4), 21–36 (2016)

    Article  Google Scholar 

  44. Wang, T., Goldberg, I.: \(\{\)Walkie-Talkie\(\}\): an efficient defense against passive website fingerprinting attacks. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 1375–1390 (2017)

    Google Scholar 

  45. Xu, Y., Wang, T., Li, Q., Gong, Q., Chen, Y., Jiang, Y.: A multi-tab website fingerprinting attack. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 327–341 (2018)

    Google Scholar 

  46. Yin, Q., et al.: Automated multi-tab website fingerprinting attack. IEEE Trans. Dependable Secure Comput. 19(6), 3656–3670 (2021)

    Article  Google Scholar 

  47. Zhuo, Z., Zhang, Y., Zhang, Z., Zhang, X., Zhang, J.: Website fingerprinting attack on anonymity networks based on profile hidden Markov model. IEEE Trans. Inf. Forensics Secur. 13(5), 1081–1095 (2018)

    Article  Google Scholar 

Download references

Acknowledgment

This research was funded by National Key Research and Development Program of China (2019QY(Y)0206), and the National Natural Science Foundation of China NSFC (62072343).

Author information

Authors and Affiliations

  1. Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University, Wuhan, China

    Cong Tian, Dengpan Ye & Chuanxi Chen

Authors
  1. Cong Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dengpan Ye
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Chuanxi Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dengpan Ye .

Editor information

Editors and Affiliations

  1. NTT Social Informatics Laboratories, Tokyo, Japan

    Mehdi Tibouchi

  2. Indiana University at Bloomington, Bloomington, IN, USA

    XiaoFeng Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tian, C., Ye, D., Chen, C. (2023). Tiny WFP: Lightweight and Effective Website Fingerprinting via Wavelet Multi-Resolution Analysis. In: Tibouchi, M., Wang, X. (eds) Applied Cryptography and Network Security. ACNS 2023. Lecture Notes in Computer Science, vol 13905. Springer, Cham. https://doi.org/10.1007/978-3-031-33488-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-33488-7_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-33487-0

  • Online ISBN: 978-3-031-33488-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics