TY - JOUR
T1 - Adversarial attacks against profile HMM website fingerprinting detection model
AU - Liu, Xiaolei
AU - Zhuo, Zhongliu
AU - Du, Xiaojiang
AU - Zhang, Xiaosong
AU - Zhu, Qingxin
AU - Guizani, Mohsen
N1 - Publisher Copyright:
© 2018 Elsevier B.V.
PY - 2019/5
Y1 - 2019/5
N2 - People are accustomed to using an anonymous network to protect their private information. The Profile HMM (Hidden Markov Model) Website Fingerprinting Detection algorithm can detect the website that the data stream accesses by pattern matching the captured data traffic. This makes the anonymous network lose its effect. In order to bypass the detection of this model, we propose a method based on genetic algorithm to generate adversarial samples. By migrating the problem of adversarial samples in deep learning, our approach is used for the broader machine learning detection model to do traffic confusion, and then achieves the purpose of bypassing the Profile HMM model detection. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample at minimal cost. The experimental results show that the success rate of our traffic confusion method is as high as 97%. At the same time, we only need to add less perturbation traffic than the traditional traffic confusion method.
AB - People are accustomed to using an anonymous network to protect their private information. The Profile HMM (Hidden Markov Model) Website Fingerprinting Detection algorithm can detect the website that the data stream accesses by pattern matching the captured data traffic. This makes the anonymous network lose its effect. In order to bypass the detection of this model, we propose a method based on genetic algorithm to generate adversarial samples. By migrating the problem of adversarial samples in deep learning, our approach is used for the broader machine learning detection model to do traffic confusion, and then achieves the purpose of bypassing the Profile HMM model detection. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample at minimal cost. The experimental results show that the success rate of our traffic confusion method is as high as 97%. At the same time, we only need to add less perturbation traffic than the traditional traffic confusion method.
KW - Adversarial samples
KW - PHMM
KW - Traffic confusion
UR - http://www.scopus.com/inward/record.url?scp=85059090952&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85059090952&partnerID=8YFLogxK
U2 - 10.1016/j.cogsys.2018.12.005
DO - 10.1016/j.cogsys.2018.12.005
M3 - Article
AN - SCOPUS:85059090952
VL - 54
SP - 83
EP - 89
JO - Cognitive Systems Research
JF - Cognitive Systems Research
ER -