FINN: Fingerprinting Network Flows using Neural Networks

Traffic analysis is essential to network security by enabling the correlation of encrypted network flows; in particular, traffic analysis has been used to detect stepping stone attackers and de-anonymize anonymous connections. A modern type of traffic analysis is flow fingerprinting, which works by slightly perturbing network flows to embed secret information into the flows that later can be used for traffic analysis. It is shown that flow fingerprinting enables the use of traffic analysis in a wide range of applications. In this paper, we introduce an effective flow fingerprinting technique by leveraging neural networks. Specifically, our system uses a fully connected network to generate slight perturbations that are then added to the live flows to fingerprint them. We show that our fingerprinting system offers reliable performance in the different network settings, outperforming the state-of-the-art. We also enforce an invisibility constraint in generating our flow fingerprints and use GAN to generate fingerprinting delays with Laplacian distribution to make it similar to natural network jitter. Therefore, we show that our fingerprinted flows are highly indistinguishable from benign network flows.