Defeating DNN-Based Traffic Analysis University of ...
Transcript of Defeating DNN-Based Traffic Analysis University of ...
![Page 1: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/1.jpg)
Milad Nasr, Alireza Bahramali, Amir HoumansadrUniversity of Massachusetts, Amherst
1
Defeating DNN-Based Traffic Analysis Systems in Real-Time With
Blind Adversarial Perturbations
USENIX Security 2021
![Page 2: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/2.jpg)
USENIX SECURITY 2021
2
Encryption Is UbiquitousThe content of the network traffic is encrypted!
Traffic Analysis: using the metadata of the traffic to do analysis
![Page 3: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/3.jpg)
USENIX SECURITY 2021
3
Example traffic analysis on Tor
BobAlice
Attackers can not link flows using packet contentsdue to onion encryption
But they can match traffic patternsas Tor is designed to be low-latency
![Page 4: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/4.jpg)
USENIX SECURITY 2021
State-of-the-art traffic analysis techniques leverage DNNs
● Detection rate in traffic correlation improved from 0.2 to 0.9 by using neural networks [Nasr’ 18]
● Accuracy in website fingerprinting improved from 60% to 90% by using neural networks [Bhat’ 18 ,Sirinam 19’,...]
4
![Page 5: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/5.jpg)
USENIX SECURITY 2021
The Threat of Adversarial Examples
• Neural networks are vulnerable to the small perturbations to the input a.k.a adversarial examples
5Image from openai.com
![Page 6: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/6.jpg)
Whether and how adversarial examples can be applied on
DNN-based traffic analysis systems
6
Our Goal:
![Page 7: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/7.jpg)
USENIX SECURITY 2021
Applying Adversarial Examples on Traffic Analysis Applications Is Very Challenging
7
Adversary
Perturbations should be applied in real-time
Adversary doesn’t know the pattern of coming packets!
Adversary cannot change the pattern after sending!
Adversary is Blind!
![Page 8: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/8.jpg)
USENIX SECURITY 2021
8
Applying Adversarial Examples on Traffic Analysis Applications Is Very Challenging
Original FlowAdversary
Change order
Change direction
Disturb the connection
Network flows should cannot be modified arbitrarily. Protocol specifications and constraints should be preserved!
![Page 9: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/9.jpg)
USENIX SECURITY 2021
• A generic framework for applying blind adversarial perturbations on live traffic analysis systems
• Implemented a Tor pluggable transport called BLANKET
• We apply the attack on recent traffic analysis works
9
Overview of Our Contributions
![Page 10: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/10.jpg)
USENIX SECURITY 2021
10
Our generic framework
Constraints (packet sizes, timing, protocol specifications)
Perturbation
Traffic pattern
Target Model
![Page 11: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/11.jpg)
USENIX SECURITY 2021
11
Overview
![Page 12: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/12.jpg)
USENIX SECURITY 2021
12
Experimental Setup
![Page 13: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/13.jpg)
USENIX SECURITY 2021
Target Systems:
• DeepCorr: Traffic correlation (Timing, Sizes and Directions)[Nasr 19’]
• Var-CNN: Website fingerprinting (Timing, Directions and statistical informations)[Bhat 18’]
• Deep Fingerprinting: Website fingerprinting (Timing, Directions)[Sirinam 18’]
13
Experimental Setup
![Page 14: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/14.jpg)
USENIX SECURITY 2021
14
Using BLANKET To Defeat Traffic Correlation
DeepCorr
Performance without an attack
By increasing the perturbation intensity
the performance drops significantly
Deep learning based traffic correlation
methods are vulnerable to
BLANKET
![Page 15: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/15.jpg)
USENIX SECURITY 2021
15
Using BLANKET To Defeat Website Fingerprinting
VarCNN 93% Average accuracy (Timing and Sizes)
Large Drop in Average Accuracy
DF 92% Average accuracy (Directions)
Large Drop in Average Accuracy for specific target
![Page 16: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/16.jpg)
USENIX SECURITY 2021
16
Can we counter BLANKET? Traffic Correlation
Website Fingerprinting
Our adversarial perturbation mechanism is hard to protect against!
![Page 17: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/17.jpg)
USENIX SECURITY 2021
17
Comparing BLANKET With Traditional Attacks on Traffic Analysis
Name Bandwidth Overhead
Latency OverHead Accuracy
WTF-PAD (DF) 64% 0% 3%
Walkie-Talkie (DF) 31% 36% 5%
BLANKET (DF) 25% 0% 1%
WTF-PAD (VarCNN) 27% 0% 88%
BLANKET (VarCNN) 25% 0% 2%
While there exist other attacks on traffic analysis, BLANKET outperforms all regarding latency, overhead, and performance
![Page 18: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/18.jpg)
USENIX SECURITY 2021
18
Conclusions• A generic framework for applying blind
adversarial perturbations on live traffic analysis systems
• Implemented a Tor pluggable transport called BLANKET
• We apply the attack on recent traffic analysis works
![Page 19: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/19.jpg)
COMPUTING FOR THE COMMON GOOD
19
![Page 20: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/20.jpg)
COMPUTING FOR THE COMMON GOOD
20
Nasr, Milad, Alireza Bahramali, and Amir Houmansadr. "Deepcorr: Strong flow correlation attacks on tor using deep learning." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018.
Bhat, Sanjit, et al. "Var-CNN: A Data-Efficient Website Fingerprinting Attack Based on Deep Learning." Proceedings on Privacy Enhancing Technologies 1: 19.
Sirinam, Payap, et al. "Deep fingerprinting: Undermining website fingerprinting defenses with deep learning." Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 2018.
References:
![Page 21: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/21.jpg)
USENIX SECURITY 2021
21
Packet Timing Constraints
Average of distributionsStandard deviation of distributions
![Page 22: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/22.jpg)
USENIX SECURITY 2021
22
Packet Size Constraints
![Page 23: Defeating DNN-Based Traffic Analysis University of ...](https://reader036.fdocuments.in/reader036/viewer/2022081503/62a2a488ca94a9245c4bdb5d/html5/thumbnails/23.jpg)
USENIX SECURITY 2021
23
Transferability
Traffic Correlation (Alexnet to DeepCorr) Website Fingerprinting (DF to VarCNN)