SSBM: A spatially separated boxes-based multi-tab website fingerprinting model

Abstract

In recent years, the website fingerprinting (WF) attack against the Tor anonymity system has become a hot research issue. The state-of-the-art WF studies have shown that the detection accuracy of websites is up to more than 95%. However, they are mainly conducted under the single-tab assumption, where each sample contains only one website traffic. The single-tab setting could not be realistic because users often open multiple tabs to browse simultaneously. The requests and responses from multiple tabs will overlap and interfere with each other, destroying existing single-tab WF attacks. In addition, the proposed multi-tab WF attack works poorly when traffic overlaps seriously. It remains challenging to implement WF attacks in multi-tab scenarios. This paper investigates a new spatial separated boxes-based multi-tab website fingerprinting model, called SSBM, to solve the multi-tab WF problem. It is an end-to-end model that separates traffic by equal-sized boxes and extracts features with convolutional neural networks. By predicting the label of each box, the tabs of the whole traffic are inferred. We design and implement SSBM and compare it with state-of-the-art multi-tab WF attacks in two different multi-tab modes: overlapping mode and delayed mode. In the overlapping mode, SSBM can successfully identify 81.24% of the first tab and 64.72% of the second tab when the overlapping proportions of the two tabs’ traffic reaches 50%, which are 4% and 29% higher than the current strongest BAPM. In the delayed mode, when the second tab traffic starts to overlap with the first tab traffic with a 5-second delay, SSBM improves the first tab’s classification accuracy from 60% to 69% and the second tab’s detection rates from 33% to 53%. Moreover, SSBM achieves the highest improvement, nearly 40%, in the three-tab evaluations. The experimental results show that SSBM outperforms existing multi-tab WF attack methods.