Universal Website Fingerprinting Defense Based on Adversarial Examples

Website fingerprinting (WF) attacks pose a threat to privacy of web activity, especially on anonymity networks such as Tor. Recent studies show that the deep neural network (DNN) significantly improves the impact of website fingerprinting attacks. Especially, DNN-based attack undermines the existing defense methods which are mainly rely on the manually designed rule. In this paper, we present a novel defense that generates universal perturbation that can transform original examples to adversarial examples which is effectively defending against a specific WF model. The proposed defense is evaluated on state-of-the-art DNN attack over a public Tor traffic dataset. The experimental results show our adversarial example generation method performs better than the baseline methods. The proposed defense defeats all existing WF attacks based on deep neural networks with a low overhead. Comparing with state-of-the-art defenses such as Walkie-Talkie and WTF-PAD with a lower bound of 31% and 64% overheads, the proposed defense achieves identical defense performance with at least 50% bandwidth overhead saving.