A novel active website fingerprinting attack against Tor anonymous system

• Published in: Proceedings of the 2014 IEEE 18th International Conference on Computer Supported Cooperative Work in Design (CSCWD) pp. 112 - 117
• Main Authors: Gaofeng He, Ming Yang, Xiaodan Gu, Junzhou Luo, Yuanyuan Ma
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.05.2014
• Subjects: Accuracy; active website fingerprinting; anonymous communication; Browsers; Delays; Fingerprint recognition; pattern recognition; privacy; Protocols; Support vector machines; Tor; traffic analysis; Web pages
• DOI: 10.1109/CSCWD.2014.6846826

Tor is a popular anonymizing network and the existing work shows that it can preserve users' privacy from website fingerprinting attacks well. However, based on our extensive analysis, we find it is the overlap of web objects in returned web pages that make the traffic features obfuscated, thus degrading the attack detection rate. In this paper, we propose a novel active website fingerprinting attack under Tor's local adversary model. The main idea resides in the fact that the attacker can delay HTTP requests originated from users for a certain period to isolate responding traffic segments containing different web objects. We deployed our attack in PlanetLab and the experiment lasted for one month. The SVM multi-classification algorithm was then applied on the collected datasets with the introduced features to identify the visited website among 100 top ranked websites in Alexa. Compared to the stat-of-the-art work, the classification result is improved from 48.5% to 65% by delaying at most 10 requests. We also analyzed the timing characteristics of Tor traffic to prove the stealth of our attack. The research results show that anonymity in Tor is not as strong as expected and should be enhanced in the future.