The network flow watermarking technique associates the two communicating parties by actively modifying certain characteristics of the stream generated by the sender so that it covertly carries some special marking information. Some curious users communicating with the hidden server as a Tor client may attempt de-anonymization attacks to uncover the real identity of the hidden server by using this technique. This compromises the privacy of the anonymized communication system. Therefore, we propose a defense scheme against flow watermarking. The scheme is based on deep neural networks and utilizes generative adversarial networks to convert the original Inter-Packet Delays (IPD) into new IPDs generated by the model. We also adopt the concept of adversarial attacks to ensure that the detector will produce an incorrect classification when detecting these new IPDs. This approach ensures that these IPDs are considered "clean", effectively covering the potential watermarks. This scheme is effective against time-based flow watermarking techniques.
翻译:网络流指纹标记技术通过主动修改发送方生成的数据流特征,使数据流隐蔽携带特殊标记信息,从而关联通信双方。某些作为Tor客户端与隐藏服务器通信的好奇用户可能利用该技术发起去匿名化攻击,揭露隐藏服务器的真实身份,这威胁到匿名通信系统的隐私性。为此,我们提出一种针对流指纹标记的防御方案。该方案基于深度神经网络,利用生成对抗网络将原始数据包间隔时间(IPD)转换为模型生成的新IPD。我们同时采用对抗攻击技术,确保检测器在检测这些新IPD时产生错误分类。这种方法能使IPD被判定为“洁净”,有效掩盖潜在指纹标记。该方案对基于时间的流指纹标记技术具有防御效果。