WF-GAN: Fighting Back Against Website Fingerprinting Attack Using Adversarial Learning

Website Fingerprinting (WF) attack is an side-channel attack which aims at encrypted web traffic. WF attackers recognize encrypted website traffic through constructing fingerprinting for each website using the flow-based features extracted from encrypted traffic. WF defense typically aims at modifying the features of the encrypted websites. However, those countermeasures either cause high overhead or fail to counter the subsequent WF attacks. Especially, the newest WF attacks, which are based on deep neural network, is able to classify the defended traffic by directly learning from the labeled defended traffic. In this paper, we propose an novel defense through making use of the trick that machine learning models are vulnerable to adversarial exmaples. We design WF-GAN, a GAN with an additional WF classifier component, to generate adversarial examples for WF classifiers through adversarial learning. As the website set is divided into source and target website, WF-GAN are trained to map websites features from source set to adversarial examples and make adversarial examples more similar to the website features in the target set. The experimental result shows that WF-GAN achieves 90% success rate with at most 15% overhead for untargeted defense, which outperforms previous defense. In addition, adversarial examples based defense support targeted defense, which is not support by traditional defense. The result shows that WF-GAN achieves over 90% targeted defense success rate when the target websites set is twice as many as the source website set.