Abstract
The deanonymization of Tor hidden services (HS) is the top priority for dark web governance. Thanks to the leap of artificial intelligence technology, it is a promising and feasible direction to launch a website fingerprint attack (WFA) by deep learning to identify the access traffic of HS. However, unlike public services (PS) on the surface network, the web pages of HS have simple structures, limited content, and similar development templates. Thus, it is different to extract effective features from the access traffic for HS identification. In addition, many WFA methods cannot capture global features from access traffic because their convolutional neural networks (CNN) lack the ability of long-distance modeling. Aiming at the shortcomings, we propose Zoomer, a novel WFA method with a scalable perspective when extracting features. The contribution of our work lies in three points. Firstly, a burst-based HS fingerprint generation method is proposed to describe the sequence of resource access. Secondly, a new WFA model is designed by introducing global burst attention (GBA) into the classic structure of CNN for global feature extraction. Finally, comparison experiments are conducted in both closed-world and open-world scenarios. The results show that our Zoomer outperforms three state-of-the-art WFA methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Bhat, S., Lu, D., Kwon, A., et al.: Var-CNN: a data-efficient website fingerprinting attack based on deep learning. Proc. Priv. Enhancing Technol. (PoPETs) 2019(4), 292–310 (2019)
Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International Conference on World Wide Web (WWW), pp. 213–224. ACM (2013)
Conti, M., Crane, S., Frassetto, T., et al.: Selfrando: securing the tor browser against de-anonymization exploits. Proc. Priv. Enhancing Technol. (PoPETs) 2016(4), 454–469 (2016)
Hayes, J., Danezis, G.: k-fingerprinting: a robust scalable website fingerprinting technique. In: Proceedings of the 25th USENIX Security Symposium, pp. 1187–1203. USENIX Association (2016)
Ling, Z., Luo, J., Yu, W., et al.: Protocol-level attacks against Tor. Comput. Netw. (CN) 57(4), 869–886 (2013)
Mohammad, R.S., Sirinam, P., Mathews, N., et al.: Tik-Tok: the utility of packet timing in website fingerprinting attacks. Proc. Priv. Enhancing Technol. (PoPETs) 2020(3), 5–24 (2020)
Overdorf, R., Juarez, M., Acar, G., et al.: How unique is your.onion? An analysis of the fingerprintability of tor onion services. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS), pp. 2021–2036. ACM (2017)
Rimmer, V., Preuveneers, D., Juarez, M., et al.: Automated website fingerprinting through deep learning. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS), pp. 1–15. The Internet Society (2018)
Shen, M., Gao, Z., Zhu, L., et al.: Efficient fine-grained website fingerprinting via encrypted traffic analysis with deep learning. In: Proceedings of the 29th IEEE/ACM International Symposium on Quality of Service (IWQOS), pp. 1–10. IEEE (2021)
Shen, M., Ye, K., Liu, X., et al.: Machine learning-powered encrypted network traffic analysis: a comprehensive survey. IEEE Commun. Surv. Tutor. (COMST) 25(1), 791–824 (2023)
Sirinam, P., Imani, M., Juarez, M., et al.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), pp. 1928–1943. ACM (2018)
Tan, Q., Wang, X., Shi, W., et al.: An anonymity vulnerability in Tor. IEEE/ACM Trans. Netw. (TON) 30(6), 2574–2587 (2022)
Wang, M., Li, Y., Wang, X., et al.: 2ch-TCN: a website fingerprinting attack over tor using 2-channel temporal convolutional networks. In: Proceedings of the 25th IEEE Symposium on Computers and Communications (ISCC), pp. 1–7. IEEE (2020)
Wang, X., Girshick, R., Gupta, A., et al.: Non-local neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 7794–7803. IEEE (2018)
Wang, Y., Xu, H., Guo, Z., et al.: SnWF: website fingerprinting attack by ensembling the snapshot of deep learning. IEEE Trans. Inf. Forensics Secur. (TIFS) 17, 1214–1226 (2022)
Xie, G., Li, Q., Jiang, Y.: Self-attentive deep learning method for online traffic classification and its interpretability. Comput. Netw. (CN) 196, 108267 (2021)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xu, Y., Wang, L., Li, J., Song, K., Yuan, Y. (2023). Zoomer: A Website Fingerprinting Attack Against Tor Hidden Services. In: Wang, D., Yung, M., Liu, Z., Chen, X. (eds) Information and Communications Security. ICICS 2023. Lecture Notes in Computer Science, vol 14252. Springer, Singapore. https://doi.org/10.1007/978-981-99-7356-9_22
Download citation
DOI: https://doi.org/10.1007/978-981-99-7356-9_22
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7355-2
Online ISBN: 978-981-99-7356-9
eBook Packages: Computer ScienceComputer Science (R0)