Deep Learning Website Fingerprinting Features

Anonymity networks like Tor enable Internet users to browse the web anonymously. This helps citizens circumvent censorship from repressive governments, journalists communicate with anonymous sources or regular users to avoid tracking online. However, adversaries can try to identify anonymous users by deploying several attacks. One of such attacks is website fingerprinting. Website fingerprinting exploits the ability of an adversary to generate anonymized (encrypted) traffic to a number of websites and then compare it —based on traffic metadata such as packet timing, size and direction—, to the traffic metadata of the users the adversary wishes to de-anonymize. When a user’s traffic metadata matches the metadata the adversary had previously generated, the website the user visits may be revealed to the adversary, thus breaking the user’s anonymity. In prior works, authors have identified several features that allow an adversary to fingerprint the websites visited by a user. Examples of such features include packet length counts or the timing and volume of traffic bursts. These features were however manually identified, e.g., using heuristics, leaving open the question of whether there are more identifying features or methods to fingerprint the websites visited by the anonymous users. In this thesis we depart from prior work and design a website fingerprinting attack with automated feature extraction, this is, we do not manually select the identifying features to fingerprint the websites but rely on machine learning methods to do so. Specifically, we use deep learning techniques to learn the best fingerprinting features and demonstrate the viability of our attack by deploying it on a closed-world scenario of 100 webpages. Our results show that, with 71% website identification accuracy, adversaries can use machine learning methods to de-anonymize Tor traffic instead of having to rely on the manual selection of fingerprinting features. This is a first and promising step on a new avenue of website fingerprinting attacks.