Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning

Website fingerprinting enables a local eavesdropper to determine which websites a user is visiting over an encrypted connection, and the state-of-the-art attacks have been shown to be effective even when the user is protecting her privacy with the Tor anonymity system. Recently, lightweight website fingerprinting defenses for Tor have emerged that substantially degrade existing attacks, including WTF-PAD and Walkie-Talkie. In this work, we propose a new website fingerprinting attack against Tor that leverages a type of deep learning called convolution neural networks (CNN), and we evaluate this attack against WTF-PAD and Walkie-Talkie. The CNN attack attains over 98% accuracy on Tor traffic without defenses, better than all prior attacks, and it is also effective against WTF-PAD with over 90% accuracy. Walkie-Talkie remains effective, holding the attack to just 53% accuracy. In a realistic open-world setting, the CNN attack remains effective, with a 93% true positive rate and a less than 1% false positive rate on undefended traffic. Against traffic defended with WTF-PAD in this setting, the attack still can get a 60% true positive rate with a less than 1% false positive rate. These findings indicate a need for more study of robust defenses that could be deployed in Tor.
View on arXiv