Website Fingerprinting Attacks and Defenses on Tor: A Survey

YANG Hongyu; SONG Chengyu; WANG Peng; ZHAO Yongkang; HU Ze; CHENG Xiang; ZHANG Liang

doi:10.11999/JEIT240091

Volume 46 Issue 9

Sep. 2024

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2024 > 46(9): 3474-3489

YANG Hongyu, SONG Chengyu, WANG Peng, ZHAO Yongkang, HU Ze, CHENG Xiang, ZHANG Liang. Website Fingerprinting Attacks and Defenses on Tor: A Survey[J]. Journal of Electronics & Information Technology, 2024, 46(9): 3474-3489. doi: 10.11999/JEIT240091

Citation:

YANG Hongyu, SONG Chengyu, WANG Peng, ZHAO Yongkang, HU Ze, CHENG Xiang, ZHANG Liang. Website Fingerprinting Attacks and Defenses on Tor: A Survey[J]. Journal of Electronics & Information Technology, 2024, 46(9): 3474-3489. doi: 10.11999/JEIT240091

Citation:

PDF( 1892 KB)

Website Fingerprinting Attacks and Defenses on Tor: A Survey

doi: 10.11999/JEIT240091

1.
School of Safety Science and Engineering, Civil Aviation University of China, Tianjin 300300, China
2.
School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
3.
School of Information Engineering, Yangzhou University, Yangzhou 225127, China
4.
Information Security Evaluation Center of Civil Aviation, Civil Aviation University of China, Tianjin 300300, China
5.
School of Information, The University of Arizona, Tucson 85721, USA

Funds: The National Natural Science Foundation of China (62201576, U1833107), Jiangsu Provincial Basic Research Program Natural Science Foundation—Youth Fund (BK20230558), The Supporting Fund of the National Natural Science Foundation of China (3122023PT10)

Received Date: 2024-02-22
Rev Recd Date: 2024-04-29

Available Online: 2024-05-17

Publish Date: 2024-09-26

Abstract

Abstract

The anonymity network represented by The onion router(Tor) is one of the most widely used encrypted communication networks, criminals utilize encrypted networks to conceal their illegal activities, posing significant challenges to network regulation and cybersecurity. The emergence of website fingerprinting attack has made the analysis of encrypted traffic possible, enabling supervisors to identify Tor traffic and infer the web pages being visited by users by utilizing features such as packet direction and so on. In this paper, a wide survey and analysis of website fingerprinting attack and defense methods on Tor are conducted. Firstly, relevant techniques of website fingerprinting attacks on Tor are summarized and compared. The emphasis is placed on website fingerprinting attacks based on traditional machine learning and deep learning technologies. Secondly, a comprehensive survey and analysis of various existing defense methods are conducted. The limitations in the field of website fingerprinting attack methods on Tor are analyzed and summarized, and the future development directions and prospects are looked forward to.
- The onion router (Tor) anonymity network,
- Website fingerprinting attacks,
- Traffic analysis,
- Privacy protection,
- Network regulation

FullText(HTML)

References(73)

References

[1]	DINGLEDINE R, MATHEWSON N, and SYVERSON P F. Tor: The second-generation onion router[C]. The 13th USENIX Security Symposium, San Diego, USA, 2004: 303–320.
[2]	KARUNANAYAKE I, AHMED N, MALANEY R, et al. De-anonymisation attacks on Tor: A survey[J]. IEEE Communications Surveys & Tutorials, 2021, 23(4): 2324–2350. doi: 10.1109/COMST.2021.3093615.
[3]	孙学良, 黄安欣, 罗夏朴, 等. 针对Tor的网页指纹识别研究综述[J]. 计算机研究与发展, 2021, 58(8): 1773–1788. doi: 10.7544/issn1000-1239.2021.20200498. SUN Xueliang, HUANG Anxin, LUO Xiapu, et al. Webpage fingerprinting identification on Tor: A survey[J]. Journal of Computer Research and Development, 2021, 58(8): 1773–1788. doi: 10.7544/issn1000-1239.2021.20200498.
[4]	邹鸿程, 苏金树, 魏子令, 等. 网站指纹识别与防御研究综述[J]. 计算机学报, 2022, 45(10): 2243–2278. doi: 10.11897/SP.J.1016.2022.02243. ZOU Hongcheng, SU Jinshu, WEI Ziling, et al. A review of the research of website fingerprinting identification and defense[J]. Chinese Journal of Computers, 2022, 45(10): 2243–2278. doi: 10.11897/SP.J.1016.2022.02243.
[5]	SHEN Meng, YE Ke, LIU Xingtong, et al. Machine learning-powered encrypted network traffic analysis: A comprehensive survey[J]. IEEE Communications Surveys & Tutorials, 2023, 25(1): 791–824. doi: 10.1109/COMST.2022.3208196.
[6]	WAGNER D and SCHNEIER B. Analysis of the SSL 3.0 protocol[C]. The 2nd USENIX Workshop on Electronic Commerce, Oakland, USA, 1996: 4. doi: 10.5555/1267167.1267171.
[7]	HINTZ A. Fingerprinting websites using traffic analysis[C]. The 2nd International Workshop on Privacy Enhancing Technologies, San Francisco, USA, 2003: 171–178. doi: 10.1007/3-540-36467-6_13.
[8]	LIBERATORE M and LEVINE B N. Inferring the source of encrypted HTTP connections[C]. The 13th ACM Conference on Computer and Communications Security, Alexandria, USA, 2006: 255–263. doi: 10.1145/1180405.1180437.
[9]	BISSIAS G D, LIBERATORE M, JENSEN D, et al. Privacy vulnerabilities in encrypted HTTP streams[C]. The 5th International Workshop on Privacy Enhancing Technologies, Cavtat, Croatia, 2006: 1–11. doi: 10.1007/11767831_1.
[10]	HERRMANN D, WENDOLSKY R, and FEDERRATH H. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-Bayes classifier[C]. The ACM Workshop on Cloud Computing Security, Chicago, USA, 2009: 31–42. doi: 10.1145/1655008.1655013.
[11]	PANCHENKO A, NIESSEN L, ZINNEN A, et al. Website fingerprinting in onion routing based anonymization networks[C]. The 10th Annual ACM Workshop on Privacy in the Electronic Society, Chicago, USA, 2011: 103–114. doi: 10.1145/2046556.2046570.
[12]	WANG Tao and GOLDBERG I. Improved website fingerprinting on tor[C]. The 12th ACM Workshop on Privacy in the Electronic Society, Berlin, Germany, 2013: 201–212. doi: 10.1145/2517840.2517851.
[13]	SIRINAM P, IMANI M, JUAREZ M, et al. Deep fingerprinting: Undermining website fingerprinting defenses with deep learning[C]. The 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, 2018: 1928–1943. doi: 10.1145/3243734.3243768.
[14]	GONG Jiajun and WANG Tao. Zero-delay lightweight defenses against website fingerprinting[C]. The 29th USENIX Conference on Security Symposium, Berkley, USA, 2020: 41. doi: 10.5555/3489212.3489253.
[15]	CAI Xiang, ZHANG Xincheng, JOSHI B, et al. Touching from a distance: Website fingerprinting attacks and defenses[C]. The ACM Conference on Computer and Communications Security, Raleigh, USA, 2012: 605–616. doi: 10.1145/2382196.2382260.
[16]	JAHANI H and JALILI S. A novel passive website fingerprinting attack on tor using fast Fourier transform[J]. Computer Communications, 2016, 96: 43–51. doi: 10.1016/j.comcom.2016.05.019.
[17]	PANCHENKO A, LANZE F, PENNEKAMP J, et al. Website fingerprinting at internet scale[C]. The 23rd Annual Network and Distributed System Security Symposium, San Diego, USA, 2016: 1–15.
[18]	WANG Tao, CAI Xiang, NITHYANAND R, et al. Effective attacks and provable defenses for website fingerprinting[C]. The 23rd USENIX Conference on Security Symposium, San Diego, USA, 2014: 143–157. doi: 10.5555/2671225.2671235.
[19]	HAYES J and DANEZIS G. K-fingerprinting: A robust scalable website fingerprinting technique[C]. The 25th USENIX Conference on Security Symposium, Austin, USA, 2016: 1187–1203. doi: 10.5555/3241094.3241186.
[20]	DYER K P, COULL S E, RISTENPART T, et al. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail[C]. The IEEE Symposium on Security and Privacy, San Francisco, USA, 2012: 332–346. doi: 10.1109/SP.2012.28.
[21]	CHANG C C and LIN C J. LIBSVM: A library for support vector machines[J]. ACM Transactions on Intelligent Systems and Technology, 2011, 2(3): 27. doi: 10.1145/1961189.1961199.
[22]	SHEN Meng, LIU Yiting, ZHU Liehuang, et al. Optimizing feature selection for efficient encrypted traffic classification: A systematic approach[J]. IEEE Network, 2020, 34(4): 20–27. doi: 10.1109/MNET.011.1900366.
[23]	ABE K and GOTO S. Fingerprinting attack on Tor anonymity using deep learning[J]. Proceedings of the Asia-Pacific Advanced Network, Hongkong, China, 2016, 42: 15–20.
[24]	RIMMER V, PREUVENEERS D, JUAREZ M, et al. Automated website fingerprinting through deep learning[C]. The 25th Network and Distributed System Security Symposium, San Diego, USA, 2018.
[25]	OH S E, SUNKAM S, and HOPPER N. p¹-FP: Extraction, classification, and prediction of website fingerprints with deep learning[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(3): 191–209. doi: 10.2478/popets-2019-0043.
[26]	BHAT S, LU D, KWON A, et al. Var-CNN: A data-efficient website fingerprinting attack based on deep learning[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(4): 292–310. doi: 10.2478/popets-2019-0070.
[27]	RAHMAN M S, SIRINAM P, MATHEWS N, et al. Tik-Tok: The utility of packet timing in website fingerprinting attacks[J]. Proceedings on Privacy Enhancing Technologies, 2020, 2020(3): 5–24. doi: 10.2478/popets-2020-0043.
[28]	马陈城, 杜学绘, 曹利峰, 等. 基于深度神经网络burst特征分析的网站指纹攻击方法[J]. 计算机研究与发展, 2020, 57(4): 746–766. doi: 10.7544/issn1000-1239.2020.20190860. MA Chencheng, DU Xuehui, CAO Lifeng, et al. Burst-analysis website fingerprinting attack based on deep neural network[J]. Journal of Computer Research and Development, 2020, 57(4): 746–766. doi: 10.7544/issn1000-1239.2020.20190860.
[29]	WANG Meiqi, LI Yanzeng, WANG Xuebin, et al. 2ch-TCN: A website fingerprinting attack over tor using 2-channel temporal convolutional networks[C]. The IEEE Symposium on Computers and Communications, Rennes, France, 2020: 1–7. doi: 10.1109/ISCC50000.2020.9219717.
[30]	ZHOU Qiang, WANG Liangmin, ZHU Huijuan, et al. WF-transformer: Learning temporal features for accurate anonymous traffic identification by using transformer networks[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 30–43. doi: 10.1109/TIFS.2023.3318966.
[31]	HE Xiaomin, WANG Jin, HE Yueying, et al. A deep learning approach for website fingerprinting attack[C]. The 4th International Conference on Computer and Communications, Chengdu, China, 2018: 1419–1423. doi: 10.1109/CompComm.2018.8780755.
[32]	XU Yixiao, WANG Tao, LI Qi, et al. A multi-tab website fingerprinting attack[C]. The 34th Annual Computer Security Applications Conference, San Juan, USA, 2018: 327–341. doi: 10.1145/3274694.3274697.
[33]	YIN Qilei, LIU Zhuotao, LI Qi, et al. An automated multi-tab website fingerprinting attack[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(6): 3656–3670. doi: 10.1109/TDSC.2021.3104869.
[34]	GU Xiaodan, YANG Ming, SONG Bingchen, et al. A practical multi-tab website fingerprinting attack[J]. Journal of Information Security and Applications, 2023, 79: 103627. doi: 10.1016/j.jisa.2023.103627.
[35]	DENG Xinhao, YIN Qilei, LIU Zhuotao, et al. Robust multi-tab website fingerprinting attacks in the wild[C]. 2023 IEEE Symposium on Security and Privacy, San Francisco, USA, 2023: 1005–1022. doi: 10.1109/SP46215.2023.10179464.
[36]	WANG Tao and GOLDBERG I. On realistically attacking tor with website fingerprinting[J]. Proceedings on Privacy Enhancing Technologies, 2016, 2016(4): 21–36. doi: 10.1515/popets-2016-0027.
[37]	JUAREZ M, IMANI M, PERRY M, et al. Toward an efficient website fingerprinting defense[C]. The 21st European Symposium on Research in Computer Security, Heraklion, Greece, 2016: 27–46. doi: 10.1007/978-3-319-45744-4_2.
[38]	HONG Xueshu, MA Xingkong, LI Shaoyong, et al. A website fingerprint defense technology with low delay and controllable bandwidth[J]. Computer Communications, 2022, 193: 332–345. doi: 10.1016/j.comcom.2022.06.028.
[39]	LIU Peidong, HE Longtao, and LI Zhoujun. A survey on deep learning for website fingerprinting attacks and defenses[J]. IEEE Access, 2023, 11: 26033–26047. doi: 10.1109/ACCESS.2023.3253559.
[40]	CAI Xiang, NITHYANAND R, and JOHNSON R. CS-BuFLO: A congestion sensitive website fingerprinting defense[C]. The 13th Workshop on Privacy in the Electronic Society, Scottsdale, USA, 2014: 121–130. doi: 10.1145/2665943.2665949.
[41]	CAI Xiang, NITHYANAND R, WANG Tao, et al. A systematic approach to developing and evaluating website fingerprinting defenses[C]. The 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, USA, 2014: 227–238. doi: 10.1145/2660267.2660362.
[42]	WANG Tao and GOLDBERG I. Walkie-talkie: An efficient defense against passive website fingerprinting attacks[C]. The 26th USENIX Conference on Security Symposium, Vancouver, Canada, 2017: 1375–1390. doi: 10.5555/3241189.3241296.
[43]	HOLLAND J K and HOPPER N. RegulaTor: A straightforward website fingerprinting defense[J]. Proceedings on Privacy Enhancing Technologies, 2022, 2022(2): 344–362. doi: 10.2478/popets-2022-0049.
[44]	LIANG Jingyuan, YU Chansu, SUH K, et al. Tail time defense against website fingerprinting attacks[J]. IEEE Access, 2022, 10: 18516–18525. doi: 10.1109/ACCESS.2022.3146236.
[45]	GOODFELLOW I J, SHLENS J, and SZEGEDY C. Explaining and harnessing adversarial examples[C]. The 3rd International Conference on Learning Representations, San Diego, USA, 2015.
[46]	RAHMAN M S, IMANI M, MATHEWS N, et al. Mockingbird: Defending against deep-learning-based website fingerprinting attacks with adversarial traces[J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 1594–1609. doi: 10.1109/TIFS.2020.3039691.
[47]	HOU Chengshang, GOU Gaopeng, SHI Junzheng, et al. WF-GAN: Fighting back against website fingerprinting attack using adversarial learning[C]. The IEEE Symposium on Computers and Communications, Rennes, France, 2020: 1–7. doi: 10.1109/ISCC50000.2020.9219593.
[48]	GONG Jiajun, ZHANG Wuqi, ZHANG C, et al. Surakav: Generating realistic traces for a strong website fingerprinting defense[C]. The IEEE Symposium on Security and Privacy, San Francisco, USA, 2022: 1558–1573. doi: 10.1109/SP46214.2022.9833722.
[49]	NASR M, BAHRAMALI A, and HOUMANSADR A. Defeating DNN-based traffic analysis systems in real-time with blind adversarial perturbations[C]. The 30th USENIX Security Symposium, Vancouver, Canada, 2021: 2705–2722.
[50]	LI Ding, ZHU Yuefei, CHEN Minghao, et al. Minipatch: Undermining DNN-based website fingerprinting with adversarial patches[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 2437–2451. doi: 10.1109/TIFS.2022.3186743.
[51]	QIAO Litao, WU Bang, YIN Shuijun, et al. Resisting DNN-based website fingerprinting attacks enhanced by adversarial training[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 5375–5386. doi: 10.1109/TIFS.2023.3304528.
[52]	GU Xiaodan, SONG Bingchen, LAN Wei, et al. An online website fingerprinting defense based on the non-targeted adversarial patch[J]. Tsinghua Science and Technology, 2023, 28(6): 1148–1159. doi: 10.26599/TST.2023.9010062.
[53]	GONG Jiajun, ZHANG Wuqi, ZHANG C, et al. WFDefProxy: Real world implementation and evaluation of website fingerprinting defenses[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 1357–1371. doi: 10.1109/TIFS.2023.3327662.
[54]	XIAO Xi, ZHOU Xiang, YANG Zhenyu, et al. A comprehensive analysis of website fingerprinting defenses on Tor[J]. Computers & Security, 2024, 136: 103577. doi: 10.1016/J.COSE.2023.103577.
[55]	WRIGHT C V, COULL S E, and MONROSE F. Traffic morphing: An efficient defense against statistical traffic analysis[C]. The 16th Network and Distributed System Security Symposium, San Diego, USA, 2009.
[56]	DE LA CADENA W, MITSEVA A, HILLER J, et al. TrafficSliver: Fighting website fingerprinting attacks with traffic splitting[C]. The 2020 ACM SIGSAC Conference on Computer and Communications Security, Orlando, USA, 2020: 1971–1985. doi: 10.1145/3372297.3423351.
[57]	LIU Ling, HU Ning, SHAN Chun, et al. SMART: A lightweight and reliable multi-path transmission model against website fingerprinting attacks[J]. Electronics, 2023, 12(7): 1668. doi: 10.3390/electronics12071668.
[58]	JUAREZ M, AFROZ S, ACAR G, et al. A critical evaluation of website fingerprinting attacks[C]. The 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, USA, 2014: 263–274. doi: 10.1145/2660267.2660368.
[59]	AMINUDDIN M A I M, ZAABA Z F, SAMSUDIN A, et al. The rise of website fingerprinting on Tor: Analysis on techniques and assumptions[J]. Journal of Network and Computer Applications, 2023, 212: 103582. doi: 10.1016/j.jnca.2023.103582.
[60]	Al-NAAMI K, CHANDRA S, MUSTAFA A, et al. Adaptive encrypted traffic fingerprinting with bi-directional dependence[C]. The 32nd Annual Conference on Computer Security Applications, Los Angeles, USA, 2016: 177–188. doi: 10.1145/2991079.2991123.
[61]	ATTARIAN R and HASHEMI S. Investigating the streaming algorithms usage in website fingerprinting attack against Tor privacy enhancing technology[C]. The 16th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology, Mashhad, Iran, 2019: 33–38. doi: 10.1109/ISCISC48546.2019.8985162.
[62]	PFAHRINGER B, HOLMES G, and KIRKBY R. New options for hoeffding trees[C]. The 20th Australian Joint Conference on Artificial Intelligence, Gold Coast, Australia, 2007: 90–99. doi: 10.1007/978-3-540-76928-6_11.
[63]	HULTEN G, SPENCER L, and DOMINGOS P. Mining time-changing data streams[C]. The Seventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, USA, 2001: 97–106. doi: 10.1145/502512.502529.
[64]	OZA N C and RUSSELL S J. Online bagging and boosting[C]. The Eighth International Workshop on Artificial Intelligence and Statistics, Key West, USA, 2001: 229–236.
[65]	MANAPRAGADA C, WEBB G I, and SALEHI M. Extremely fast decision tree[C]. The 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, London, UK, 2018: 1953–1962. doi: 10.1145/3219819.3220005.
[66]	ATTARIAN R, ABDI L, and HASHEMI S. AdaWFPA: Adaptive online website fingerprinting attack for tor anonymous network: A stream-wise paradigm[J]. Computer Communications, 2019, 148: 74–85. doi: 10.1016/j.comcom.2019.09.008.
[67]	WANG Yanbin, XU Haitao, GUO Zhenhao, et al. SnWF: Website fingerprinting attack by ensembling the snapshot of deep learning[J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 1214–1226. doi: 10.1109/TIFS.2022.3158086.
[68]	SIRINAM P, MATHEWS N, RAHMAN M S, et al. Triplet fingerprinting: More practical and portable website fingerprinting with N-shot learning[C]. The 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 1131–1148. doi: 10.1145/3319535.3354217.
[69]	CHEN Mantun, WANG Yongjun, and ZHU Xiatian. Few-shot website fingerprinting attack with meta-bias learning[J]. Pattern Recognition, 2022, 130: 108739. doi: 10.1016/j.patcog.2022.108739.
[70]	ZHOU Qiang, WANG Liangmin, ZHU Huijuan, et al. Few-shot website fingerprinting attack with cluster adaptation[J]. Computer Networks, 2023, 229: 109780. doi: 10.1016/j.comnet.2023.109780.
[71]	CHEN Yongxin, WANG Yongjun, and YANG Luming. SRP: A microscopic look at the composition mechanism of website fingerprinting[J]. Applied Sciences, 2022, 12(15): 7937. doi: 10.3390/app12157937.
[72]	KARUNANAYAKE I, JIANG Jiaojiao, AHMED N, et al. Exploring uncharted waters of website fingerprinting[J]. IEEE Transactions on Information Forensics and Security, 2024, 19: 1840–1854. doi: 10.1109/TIFS.2023.3342607.
[73]	SHEN Meng, JI Kexin, GAO Zhenbo, et al. Subverting website fingerprinting defenses with robust traffic representation[C]. The 32th USENIX Security Symposium, Anaheim, USA, 2023: 607–624.