Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by To...Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.展开更多
The object detectors can precisely detect the camouflaged object beyond human perception.The investigations reveal that the CNNs-based(Convolution Neural Networks)detectors are vulnerable to adversarial attacks.Some w...The object detectors can precisely detect the camouflaged object beyond human perception.The investigations reveal that the CNNs-based(Convolution Neural Networks)detectors are vulnerable to adversarial attacks.Some works can fool detectors by crafting the adversarial camouflage attached to the object,leading to wrong prediction.It is hard for military operations to utilize the existing adversarial camouflage due to its conspicuous appearance.Motivated by this,this paper proposes the Dual Attribute Adversarial Camouflage(DAAC)for evading the detection by both detectors and humans.Generating DAAC includes two steps:(1)Extracting features from a specific type of scene to generate individual soldier digital camouflage;(2)Attaching the adversarial patch with scene features constraint to the individual soldier digital camouflage to generate the adversarial attribute of DAAC.The visual effects of the individual soldier digital camouflage and the adversarial patch will be improved after integrating with the scene features.Experiment results show that objects camouflaged by DAAC are well integrated with background and achieve visual concealment while remaining effective in fooling object detectors,thus evading the detections by both detectors and humans in the digital domain.This work can serve as the reference for crafting the adversarial camouflage in the physical world.展开更多
基金This work was supported in part by the National Natural Science Foundation of China(Nos.62102084 and 62072103)Jiangsu Provincial Natural Science Foundation of China(No.BK20190340)+2 种基金Jiangsu Provincial Key R&D Program(Nos.BE2021729,BE2022680,and BE2022065-4)Jiangsu Provincial Key Laboratory of Network and Information Security(No.BM2003201)Key Laboratory of Computer Network and Information Integration of Ministry of Education of China(No.93K-9).
文摘Website Fingerprinting(WF)attacks can extract side channel information from encrypted traffic to form a fingerprint that identifies the victim’s destination website,even if traffic is sophisticatedly anonymized by Tor.Many offline defenses have been proposed and claimed to have achieved good effectiveness.However,such work is more of a theoretical optimization study than a technology that can be applied to real-time traffic in the practical scenario.Because defenders generate optimized defense schemes only if the complete traffic traces are obtained.The practicality and effectiveness are doubtful.In this paper,we provide an in-depth analysis of the difficulties faced in porting existing offline defenses to the online scenarios.And then the online WF defense based on the non-targeted adversarial patch is proposed.To reduce the overhead,we use the Gradient-weighted Class Activation Mapping(Grad-CAM)algorithm to identify critical segments that have high contribution to the classification.In addition,we optimize the adversarial patch generation process by splitting patches and limiting the values,so that the pre-trained patches can be injected and discarded in real-time traffic.Extensive experiments are carried out to evaluate the effectiveness of our defense.When bandwidth overhead is set to 20%,the accuracies of the two state-of-the-art attacks,DF and Var-CNN,drop to 10.83%and 15.49%,respectively.Furthermore,we implement the real-time patch traffic injection based on WFPadTools framework in the online scenario,and achieve a defense accuracy of 95.50%with 12.57%time overhead.
基金National Natural Science Foundation of China(grant number 61801512,grant number 62071484)Natural Science Foundation of Jiangsu Province(grant number BK20180080)to provide fund for conducting experiments。
文摘The object detectors can precisely detect the camouflaged object beyond human perception.The investigations reveal that the CNNs-based(Convolution Neural Networks)detectors are vulnerable to adversarial attacks.Some works can fool detectors by crafting the adversarial camouflage attached to the object,leading to wrong prediction.It is hard for military operations to utilize the existing adversarial camouflage due to its conspicuous appearance.Motivated by this,this paper proposes the Dual Attribute Adversarial Camouflage(DAAC)for evading the detection by both detectors and humans.Generating DAAC includes two steps:(1)Extracting features from a specific type of scene to generate individual soldier digital camouflage;(2)Attaching the adversarial patch with scene features constraint to the individual soldier digital camouflage to generate the adversarial attribute of DAAC.The visual effects of the individual soldier digital camouflage and the adversarial patch will be improved after integrating with the scene features.Experiment results show that objects camouflaged by DAAC are well integrated with background and achieve visual concealment while remaining effective in fooling object detectors,thus evading the detections by both detectors and humans in the digital domain.This work can serve as the reference for crafting the adversarial camouflage in the physical world.