Blind Adversarial Network Perturbations
This addresses a security problem for network traffic analysis systems, showing a novel attack method that could compromise DNN-based defenses.
The paper tackles the vulnerability of deep neural networks (DNNs) used in traffic analysis, such as website fingerprinting, by demonstrating that an adversary can apply adversarial perturbations to live network traffic to defeat these techniques.
Deep Neural Networks (DNNs) are commonly used for various traffic analysis problems, such as website fingerprinting and flow correlation, as they outperform traditional (e.g., statistical) techniques by large margins. However, deep neural networks are known to be vulnerable to adversarial examples: adversarial inputs to the model that get labeled incorrectly by the model due to small adversarial perturbations. In this paper, for the first time, we show that an adversary can defeat DNN-based traffic analysis techniques by applying \emph{adversarial perturbations} on the patterns of \emph{live} network traffic.