JumpEstimate: a Novel Black-box Countermeasure to Website Fingerprint Attack Based on Decision-boundary Confusion

Recent research shows that website fingerprinting (WF) is a growing threat to privacy-sensitive web users, especially when using machine learning techniques such as deep learning or machine learning (DL / ML) to attack website fingerprint, reducing the effectiveness of the previous defense strategies. The reason is that the features targeted by the previous defense countermeasures are manually extracted, the range of it can’t be large enough to cover the range of features automatically extracted by DL / ML-based attacks. This paper proposes a black box defense countermeasure based on decision boundary confusion. Instead of manually extracting features, it uses the classification results of the classifier to determine the decision boundary of the classifier then automatically find the adversarial traffic that may cause the classifier to be confused. At the same time, to solve the retraining problem caused by adversarial traffic, we also utilize Monte Carlo estimation to modify adversarial traffic, to confuse decision boundary, improve the retraining resistance of adversarial traffic. Therefore, it is difficult for the classifier to form a stable and effective decision boundary after training the adversarial traffic. Results shows that our method gets a average defense success rate of 78.2% when facing the baseline WF Attacks, outperforming existing SOTA method Walkie-Talkie’s 63.6% average defense success rate. At the same time, our method improves the ability of the adversarial traffic to resist retrain, increased the retrain defense success rate from 12% to 78.2% under 31% overhead.