TY - GEN
T1 - A critical evaluation of website fingerprinting attacks
AU - Juarez, Marc
AU - Afroz, Sadia
AU - Acar, Gunes
AU - Diaz, Claudia
AU - Greenstadt, Rachel
PY - 2014/11/3
Y1 - 2014/11/3
N2 - Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).
AB - Recent studies on Website Fingerprinting (WF) claim to have found highly effective attacks on Tor. However, these studies make assumptions about user settings, adversary capabilities, and the nature of the Web that do not necessarily hold in practical scenarios. The following study critically evaluates these assumptions by conducting the attack where the assumptions do not hold. We show that certain variables, for example, user's browsing habits, differences in location and version of Tor Browser Bundle, that are usually omitted from the current WF model have a significant impact on the efficacy of the attack. We also empirically show how prior work succumbs to the base rate fallacy in the open-world scenario. We address this problem by augmenting our classification method with a verification step. We conclude that even though this approach reduces the number of false positives over 63%, it does not completely solve the problem, which remains an open issue for WF attacks. Copyright is held by the owner/author(s).
KW - Privacy
KW - Tor
KW - Website Fingerprinting
UR - http://www.scopus.com/inward/record.url?scp=84910669063&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84910669063&partnerID=8YFLogxK
U2 - 10.1145/2660267.2660368
DO - 10.1145/2660267.2660368
M3 - Conference contribution
AN - SCOPUS:84910669063
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 263
EP - 274
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
Y2 - 3 November 2014 through 7 November 2014
ER -