CS-BuFLO

Cai, Xiang; Nithyanand, Rishab; Johnson, Rob

doi:10.1145/2665943.2665949

Cited by 115 publications

(18 citation statements)

References 15 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dyer et al [66] proposed Buffered Fixed-Length Obfuscator (BuFLO), which operated by sending fixed-length packets at a fixed interval for at least a fixed amount of time. Cai et al [65], [126] proposed Congestion-Sensitive BuFLO (CSBuFLO), which optimized BuFLO to make the protocol congestion sensitive, rate adaptive, and efficient at hiding macroscopic website features, such as total size and the size of the last object. Cai et al [115] proposed Tamaraw, based on an extension of the concept of optimal partitioning and feature hiding, which extended and tuned BuFLO to hide the most significant traffic features, the packet size was set at 750 bytes rather than the MTU, outgoing traffic was fixed at a higher packet interval than incoming traffic to reduce the overhead in both bandwidth and time.…”

Section: B Approachesmentioning

confidence: 99%

A Survey on Deep Learning for Website Fingerprinting Attacks and Defenses

Liu

2023

IEEE Access

View full text Add to dashboard Cite

The attacks and defenses on the information of which website pages are visited by users are important research subjects in the field of privacy enhancing technologies, they are termed as website fingerprinting (WF) attacks and defenses. Nowadays, deep learning is an important tool in many research areas, including WF attacks and defenses. In this paper, we offer a comprehensive survey on deep learning for WF attacks and defenses. After a brief introduction, we first summarize deep learning, WF attacks, and WF defenses. For deep learning, we review the common paradigms, architectures, and performance metrics. For WF attacks, we review the approaches, challenges and solutions. The approaches include deep learning, traditional machine learning, and other methods. Challenges and solutions cover multi-tab browsing, concept drift, and the base rate fallacy. For WF defenses, we review the strategies and approaches. Then, we survey deep learning for WF attacks, and deep learning for WF defenses. In deep learning for WF attacks, we survey in detail the deep learning paradigms, architectures of WF attack models, and the performance of several representative WF attack models, and look into the future. In deep learning for WF defenses, we survey the architecture, efficacy and overhead of deep learning models in WF defenses, and look into the future. In the end, we summarize this paper.

show abstract

Section: B Approachesmentioning

confidence: 99%

A Survey on Deep Learning for Website Fingerprinting Attacks and Defenses

Liu

2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Next, we deliver an overview of the space of existing WF defenses and their security/overhead trade-o s. Constant-rate padding. Defenses like BuFLO [8], CS-BuFLO [6], and Tamaraw [7] hide timing patterns and packet transmission burst behavior by leveraging di erent strategies that rely on the transmission of packets at xed-rates. In addition, some of these defenses [6,7] obfuscate the size of websites being transmitted by grouping websites in sets of websites with similar sizes and padding the sites within a set to a common size.…”

Section: Website Fingerprinting Defensesmentioning

confidence: 99%

“…Defenses like BuFLO [8], CS-BuFLO [6], and Tamaraw [7] hide timing patterns and packet transmission burst behavior by leveraging di erent strategies that rely on the transmission of packets at xed-rates. In addition, some of these defenses [6,7] obfuscate the size of websites being transmitted by grouping websites in sets of websites with similar sizes and padding the sites within a set to a common size. Despite their success in thwarting WF attacks, these defenses incur in large bandwidth and latency overheads that preclude their wide adoption in Tor.…”

Section: Website Fingerprinting Defensesmentioning

confidence: 99%

See 1 more Smart Citation

DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses

Veicht

Renggli

Barradas

2023

PoPETs

View full text Add to dashboard Cite

Website fingerprinting (WF) attacks, usually conducted with the help of a machine learning-based classifier, enable a network eavesdropper to pinpoint which website a user is accessing through the inspection of traffic patterns. These attacks have been shown to succeed even when users browse the Internet through encrypted tunnels, e.g., through Tor or VPNs. To assess the security of new defenses against WF attacks, recent works have proposed feature-dependent theoretical frameworks that estimate the Bayes error of an adversary's features set or the mutual information leaked by manually-crafted features. Unfortunately, as WF attacks increasingly rely on deep learning and latent feature spaces, our experiments show that security estimations based on simpler (and less informative) manually-crafted features can no longer be trusted to assess the potential success of a WF adversary in defeating such defenses. In this work, we propose DeepSE-WF, a novel WF security estimation framework that leverages specialized kNN-based estimators to produce Bayes error and mutual information estimates from learned latent feature spaces, thus bridging the gap between current WF attacks and security estimation methods. Our evaluation reveals that DeepSE-WF produces tighter security estimates than previous frameworks, reducing the required computational resources to output security estimations by one order of magnitude.

show abstract

“…e major packet padding defenses with delay include BuFLO (buffered fixed-length obfuscator) [29], CS-BuFLO (congestion sensitive BuFLO) [31], and Tamaraw [32]. Decoy defenses contain two types.…”

Section: Wfp Defensesmentioning

confidence: 99%

PF : Website Fingerprinting Attack Using Probabilistic Topic Model

Zou

Wei

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Website fingerprinting (WFP) attack enables identifying the websites a user is browsing even under the protection of privacy-enhancing technologies (PETs). Previous studies demonstrate that most machine-learning attacks need multiple types of features as input, thus inducing tremendous feature engineering work. However, we show the other alternative. That is, we present Probabilistic Fingerprinting (PF), a new website fingerprinting attack that merely leverages one type of features. They are produced by using a mathematical model PWFP that combines a probabilistic topic model with WFP for the first time, due to a finding that a plain text and the sequence file generated from a traffic instance are essentially the same. Experimental results show that the proposed new features are more distinguishing than the existing features. In a closed-world setting, PF attains a better accuracy performance (99.79% at most) than prior attacks on various datasets gathered in the scenarios of Shadowsocks, SSH, and TLS, respectively. Besides, even when the number of training instances drops to as few as 4, PF still reaches an accuracy of above 90%. In the more realistic open-world setting, PF attains a high true positive rate (TPR) and Bayes detection rate (BDR), and a low false positive rate (FPR) in all evaluations, which outperforms the other attacks. These results highlight that it is meaningful and possible to explore new features to improve the accuracy of WFP attacks.

show abstract

CS-BuFLO

Abstract: Website fingerprinting attacks [10]

Cited by 115 publications

References 15 publications

A Survey on Deep Learning for Website Fingerprinting Attacks and Defenses

A Survey on Deep Learning for Website Fingerprinting Attacks and Defenses

DeepSE-WF: Unified Security Estimation for Website Fingerprinting Defenses

PF : Website Fingerprinting Attack Using Probabilistic Topic Model

Contact Info

Product

Resources

About