Adversarial attacks against profile HMM website fingerprinting detection model

People are accustomed to using an anonymous network to protect their private information. The Profile HMM (Hidden Markov Model) Website Fingerprinting Detection algorithm can detect the website that the data stream accesses by pattern matching the captured data traffic. This makes the anonymous network lose its effect. In order to bypass the detection of this model, we propose a method based on genetic algorithm to generate adversarial samples. By migrating the problem of adversarial samples in deep learning, our approach is used for the broader machine learning detection model to do traffic confusion, and then achieves the purpose of bypassing the Profile HMM model detection. The key challenge is how to construct a suitable fitness function to generate an effective adversarial sample at minimal cost. The experimental results show that the success rate of our traffic confusion method is as high as 97%. At the same time, we only need to add less perturbation traffic than the traditional traffic confusion method.