Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis (2407.00918v1)

Abstract: Website Fingerprinting (WF) attacks identify the websites visited by users by performing traffic analysis, compromising user privacy. Particularly, DL-based WF attacks demonstrate impressive attack performance. However, the effectiveness of DL-based WF attacks relies on the collected complete and pure traffic during the page loading, which impacts the practicality of these attacks. The WF performance is rather low under dynamic network conditions and various WF defenses, particularly when the analyzed traffic is only a small part of the complete traffic. In this paper, we propose Holmes, a robust and reliable early-stage WF attack. Holmes utilizes temporal and spatial distribution analysis of website traffic to effectively identify websites in the early stages of page loading. Specifically, Holmes develops adaptive data augmentation based on the temporal distribution of website traffic and utilizes a supervised contrastive learning method to extract the correlations between the early-stage traffic and the pre-collected complete traffic. Holmes accurately identifies traffic in the early stages of page loading by computing the correlation of the traffic with the spatial distribution information, which ensures robust and reliable detection according to early-stage traffic. We extensively evaluate Holmes using six datasets. Compared to nine existing DL-based WF attacks, Holmes improves the F1-score of identifying early-stage traffic by an average of 169.18%. Furthermore, we replay the traffic of visiting real-world dark web websites. Holmes successfully identifies dark web websites when the ratio of page loading on average is only 21.71%, with an average precision improvement of 169.36% over the existing WF attacks.

• The paper presents Holmes, which boosts early-stage WF attack accuracy with a 169.18% improvement in F1-score over existing DL-based methods.
• It employs adaptive data augmentation and supervised contrastive learning to effectively correlate partial and complete web traffic data.
• Extensive evaluations across six datasets and real-world dark web traffic demonstrate Holmes' robustness and enhanced precision under dynamic conditions.

The paper "Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis" discusses advancements in the field of Website Fingerprinting (WF) attacks, which focus on identifying the websites accessed by users through traffic analysis, posing privacy concerns. The research highlights the limitations of current deep learning (DL)-based WF attacks, which depend on the availability of complete and uncontaminated traffic data during the page loading process. This dependency reduces their effectiveness under dynamic network conditions and against various WF defenses.

To address these challenges, the authors introduce a novel approach called Holmes. Holmes enhances the robustness and reliability of early-stage WF attacks by employing spatial-temporal distribution analysis of web traffic. The method leverages two key techniques:

1. Adaptive Data Augmentation: This technique is based on the temporal distribution of website traffic. It allows Holmes to adapt dynamically to changes in data, improving its handling of incomplete traffic logs.
2. Supervised Contrastive Learning: This approach is used to draw correlations between early-stage traffic and pre-collected complete traffic. By focusing on these correlations, Holmes can improve the accuracy of website identification even when only partial traffic data is available.

The paper presents extensive evaluations of Holmes across six distinct datasets. The results demonstrate a significant improvement in WF attack performance. Specifically, Holmes shows an average enhancement of 169.18% in the F1-score for identifying early-stage traffic compared to nine existing DL-based WF attacks.

Moreover, Holmes proves effective in a practical scenario by replaying traffic from real-world dark web website visits. It successfully identifies these websites during only 21.71% of the page loading process, with an average precision improvement of 169.36% over existing WF attack methods.

Overall, this research contributes a robust solution to the constraints of WF attacks by improving accuracy in early-stage detection, thereby advancing the practicality and effectiveness of such attacks in compromised network conditions and against protective measures.