SSBM:基于空间分隔盒的多标签网站指纹识别模型

IF 7.7 2区 计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE Journal of Network and Computer Applications Pub Date : 2024-09-12 DOI:10.1016/j.jnca.2024.104023
Xueshu Hong , Xingkong Ma , Shaoyong Li , Yiqing Cai , Bo Liu
{"title":"SSBM:基于空间分隔盒的多标签网站指纹识别模型","authors":"Xueshu Hong ,&nbsp;Xingkong Ma ,&nbsp;Shaoyong Li ,&nbsp;Yiqing Cai ,&nbsp;Bo Liu","doi":"10.1016/j.jnca.2024.104023","DOIUrl":null,"url":null,"abstract":"<div><p>In recent years, the website fingerprinting (WF) attack against the Tor anonymity system has become a hot research issue. The state-of-the-art WF studies have shown that the detection accuracy of websites is up to more than 95%. However, they are mainly conducted under the single-tab assumption, where each sample contains only one website traffic. The single-tab setting could not be realistic because users often open multiple tabs to browse simultaneously. The requests and responses from multiple tabs will overlap and interfere with each other, destroying existing single-tab WF attacks. In addition, the proposed multi-tab WF attack works poorly when traffic overlaps seriously. It remains challenging to implement WF attacks in multi-tab scenarios. This paper investigates a new spatial separated boxes-based multi-tab website fingerprinting model, called SSBM, to solve the multi-tab WF problem. It is an end-to-end model that separates traffic by equal-sized boxes and extracts features with convolutional neural networks. By predicting the label of each box, the tabs of the whole traffic are inferred. We design and implement SSBM and compare it with state-of-the-art multi-tab WF attacks in two different multi-tab modes: overlapping mode and delayed mode. In the overlapping mode, SSBM can successfully identify 81.24% of the first tab and 64.72% of the second tab when the overlapping proportions of the two tabs’ traffic reaches 50%, which are 4% and 29% higher than the current strongest BAPM. In the delayed mode, when the second tab traffic starts to overlap with the first tab traffic with a 5-second delay, SSBM improves the first tab’s classification accuracy from 60% to 69% and the second tab’s detection rates from 33% to 53%. Moreover, SSBM achieves the highest improvement, nearly 40%, in the three-tab evaluations. The experimental results show that SSBM outperforms existing multi-tab WF attack methods.</p></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"232 ","pages":"Article 104023"},"PeriodicalIF":7.7000,"publicationDate":"2024-09-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"SSBM: A spatially separated boxes-based multi-tab website fingerprinting model\",\"authors\":\"Xueshu Hong ,&nbsp;Xingkong Ma ,&nbsp;Shaoyong Li ,&nbsp;Yiqing Cai ,&nbsp;Bo Liu\",\"doi\":\"10.1016/j.jnca.2024.104023\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>In recent years, the website fingerprinting (WF) attack against the Tor anonymity system has become a hot research issue. The state-of-the-art WF studies have shown that the detection accuracy of websites is up to more than 95%. However, they are mainly conducted under the single-tab assumption, where each sample contains only one website traffic. The single-tab setting could not be realistic because users often open multiple tabs to browse simultaneously. The requests and responses from multiple tabs will overlap and interfere with each other, destroying existing single-tab WF attacks. In addition, the proposed multi-tab WF attack works poorly when traffic overlaps seriously. It remains challenging to implement WF attacks in multi-tab scenarios. This paper investigates a new spatial separated boxes-based multi-tab website fingerprinting model, called SSBM, to solve the multi-tab WF problem. It is an end-to-end model that separates traffic by equal-sized boxes and extracts features with convolutional neural networks. By predicting the label of each box, the tabs of the whole traffic are inferred. We design and implement SSBM and compare it with state-of-the-art multi-tab WF attacks in two different multi-tab modes: overlapping mode and delayed mode. In the overlapping mode, SSBM can successfully identify 81.24% of the first tab and 64.72% of the second tab when the overlapping proportions of the two tabs’ traffic reaches 50%, which are 4% and 29% higher than the current strongest BAPM. In the delayed mode, when the second tab traffic starts to overlap with the first tab traffic with a 5-second delay, SSBM improves the first tab’s classification accuracy from 60% to 69% and the second tab’s detection rates from 33% to 53%. Moreover, SSBM achieves the highest improvement, nearly 40%, in the three-tab evaluations. The experimental results show that SSBM outperforms existing multi-tab WF attack methods.</p></div>\",\"PeriodicalId\":54784,\"journal\":{\"name\":\"Journal of Network and Computer Applications\",\"volume\":\"232 \",\"pages\":\"Article 104023\"},\"PeriodicalIF\":7.7000,\"publicationDate\":\"2024-09-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Network and Computer Applications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1084804524002005\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524002005","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0

摘要

近年来,针对 Tor 匿名系统的网站指纹(WF)攻击已成为一个热门研究课题。最先进的 WF 研究表明,网站检测准确率高达 95% 以上。然而,这些研究主要是在单标签假设下进行的,即每个样本只包含一个网站流量。单标签设置并不现实,因为用户经常同时打开多个标签进行浏览。来自多个标签页的请求和响应会相互重叠和干扰,从而破坏现有的单标签页 WF 攻击。此外,当流量严重重叠时,提议的多标签 WF 攻击效果也很差。在多标签场景中实现 WF 攻击仍具有挑战性。本文研究了一种新的基于空间分隔盒的多标签网站指纹识别模型,称为 SSBM,以解决多标签 WF 问题。这是一种端到端模型,它通过大小相等的盒子来分离流量,并利用卷积神经网络提取特征。通过预测每个盒子的标签,推断出整个流量的标签。我们设计并实现了 SSBM,并在两种不同的多标签模式(重叠模式和延迟模式)下将其与最先进的多标签 WF 攻击进行了比较。在重叠模式下,当两个标签的流量重叠比例达到 50%时,SSBM 可以成功识别 81.24% 的第一个标签和 64.72% 的第二个标签,分别比目前最强的 BAPM 高出 4% 和 29%。在延迟模式下,当第二个标签页的流量开始与第一个标签页的流量重叠并延迟 5 秒时,SSBM 将第一个标签页的分类准确率从 60% 提高到 69%,将第二个标签页的检测率从 33% 提高到 53%。此外,在三个标签页的评估中,SSBM 的改进幅度最大,接近 40%。实验结果表明,SSBM 优于现有的多标签 WF 攻击方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
SSBM: A spatially separated boxes-based multi-tab website fingerprinting model

In recent years, the website fingerprinting (WF) attack against the Tor anonymity system has become a hot research issue. The state-of-the-art WF studies have shown that the detection accuracy of websites is up to more than 95%. However, they are mainly conducted under the single-tab assumption, where each sample contains only one website traffic. The single-tab setting could not be realistic because users often open multiple tabs to browse simultaneously. The requests and responses from multiple tabs will overlap and interfere with each other, destroying existing single-tab WF attacks. In addition, the proposed multi-tab WF attack works poorly when traffic overlaps seriously. It remains challenging to implement WF attacks in multi-tab scenarios. This paper investigates a new spatial separated boxes-based multi-tab website fingerprinting model, called SSBM, to solve the multi-tab WF problem. It is an end-to-end model that separates traffic by equal-sized boxes and extracts features with convolutional neural networks. By predicting the label of each box, the tabs of the whole traffic are inferred. We design and implement SSBM and compare it with state-of-the-art multi-tab WF attacks in two different multi-tab modes: overlapping mode and delayed mode. In the overlapping mode, SSBM can successfully identify 81.24% of the first tab and 64.72% of the second tab when the overlapping proportions of the two tabs’ traffic reaches 50%, which are 4% and 29% higher than the current strongest BAPM. In the delayed mode, when the second tab traffic starts to overlap with the first tab traffic with a 5-second delay, SSBM improves the first tab’s classification accuracy from 60% to 69% and the second tab’s detection rates from 33% to 53%. Moreover, SSBM achieves the highest improvement, nearly 40%, in the three-tab evaluations. The experimental results show that SSBM outperforms existing multi-tab WF attack methods.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Network and Computer Applications
Journal of Network and Computer Applications 工程技术-计算机:跨学科应用
CiteScore
21.50
自引率
3.40%
发文量
142
审稿时长
37 days
期刊介绍: The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.
期刊最新文献
ALB-TP: Adaptive Load Balancing based on Traffic Prediction using GRU-Attention for Software-Defined DCNs On and off the manifold: Generation and Detection of adversarial attacks in IIoT networks Light up that Droid! On the effectiveness of static analysis features against app obfuscation for Android malware detection Clusters in chaos: A deep unsupervised learning paradigm for network anomaly detection Consensus hybrid ensemble machine learning for intrusion detection with explainable AI
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1