Adversarial attacks against profile HMM website fingerprinting detection model |
| |
| Affiliation: | 1. The Big Data Research Center, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, PR China;2. The School of Statistics, University of Minnesota, Minneapolis, MN 55455, USA;3. The Center for Cybersecurity, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, PR China;4. The College of Information Science and Engineering, Hunan University, Changsha 410082, PR China;1. Department of Computer Science and Technology, Tsinghua University, Beijing, 100084, China;2. School of Information and Communication Engineering, Beijing University of Posts and Telecommunications, Beijing, 100876, China |
| |
| Abstract: | People are accustomed to using an anonymous network to protect their private information. The Profile HMM (Hidden Markov Model) Website Fingerprinting Detection algorithm can detect the website that the data stream accesses by pattern matching the captured data traffic. This makes the anonymous network lose its effect. In order to bypass the detection of this model, we propose a method based on genetic algorithm to generate adversarial samples. By migrating the problem of adversarial samples in deep learning, our approach is used for the broader machine learning detection model to do traffic confusion, and then achieves the purpose of bypassing the Profile HMM model detection. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample at minimal cost. The experimental results show that the success rate of our traffic confusion method is as high as 97%. At the same time, we only need to add less perturbation traffic than the traditional traffic confusion method. |
| |
| Keywords: | Adversarial samples PHMM Traffic confusion |
| 本文献已被 ScienceDirect 等数据库收录! |
|
