ISSN 1000-1239 CN 11-1777/TP

Special Issue: 2020数据驱动网络专题

### burst-Analysis Website Fingerprinting Attack Based on Deep Neural Network

Ma Chencheng1,2, Du Xuehui1,2, Cao Lifeng1,2, Wu Bei3

1. 1(Strategic Support Force Information Engineering University, Zhengzhou 450001);2(He’nan Province Key Laboratory of Information Security (Strategic Support Force Information Engineering University), Zhengzhou 450001);3(Unit 61497, Beijing 100000)
• Online:2020-04-01
• Supported by:
This work was supported by the National Key Research and Development Program of China (2016YFB0501901, 2018YFB0803603) and the National Natural Science Foundation of China (61502531, 61702550, 61802436).

Abstract: Anonymous network represented by Tor is a communication intermediary network that hides user data transmission behavior. The criminals use anonymous networks to engage in cyber crimes, which cause great difficulties in network supervision. The website fingerprinting attack technology is a feasible technology for cracking anonymous communication. It can be used to discover the behavior of intranet users who secretly access sensitive websites based on anonymous network, which is an important mean of network supervision. The application of neural network in website fingerprinting attack breaks through the performance bottleneck of traditional methods, but the existing researches have not fully considered to design the neural network structures based on the characteristics of Tor traffic such as burst and the characteristics of website fingerprinting attack technology. There are problems that the neural network is too complicated and the analysis module is redundant, which leads to problems such as incomplete feature extraction and analysis and running slowly. Based on the researches and analysis of Tor traffic characteristics, a lightweight burst feature extraction and analysis module based on one-dimensional convolutional network is designed, and a burst-analysis website fingerprinting attack method based on deep neural network is proposed. Furthermore, aiming at the shortcoming of simply using the threshold method to analyze fingerprinting vectors in open world scenarios, a fingerprint vector analysis model based on random forest algorithm is designed. The classification accuracy of the improved model reaches 99.87% and the model has excellent performance in alleviating concept drift, bypassing defense techniques against website fingerprinting attacks, identifying Tor hidden websites, performance of models trained with a small amount of data, and run time, which improves the practicality of applying website fingerprinting attack technology to real networks.

CLC Number: