Cache Shaping: An Effective Defense Against Cache-Based Website Fingerprinting

Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy Pub Date : 2022-04-14 DOI:10.1145/3508398.3511500

Haipeng Li, Nan Niu, Boyang Wang

{"title":"Cache Shaping: An Effective Defense Against Cache-Based Website Fingerprinting","authors":"Haipeng Li, Nan Niu, Boyang Wang","doi":"10.1145/3508398.3511500","DOIUrl":null,"url":null,"abstract":"Cache-based website fingerprinting attacks can infer which website a user visits by measuring CPU cache activities. Studies have shown that an attacker can achieve high accuracy with a low sampling rate by monitoring cache occupancy of the entire Last Level Cache. Although a defense has been proposed, it was not effective when an attacker adapts and retrains a classifier with defended data. In this paper, we propose a new defense, referred to as cache shaping, to preserve user privacy against cache-based website fingerprinting attacks. Our proposed defense produces dummy cache activities by introducing dummy I/O operations and implementing with multiple processes, which hides fingerprints when a user visits websites. Our experimental results over large-scale datasets collected from multiple web browsers and operating systems show that our defense remains effective even if an attacker retrains a classifier with defended cache traces. We demonstrate the efficacy of our defense in the closed-world setting and the open-world setting by leveraging deep neural networks as classifiers.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"8 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3508398.3511500","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Cache-based website fingerprinting attacks can infer which website a user visits by measuring CPU cache activities. Studies have shown that an attacker can achieve high accuracy with a low sampling rate by monitoring cache occupancy of the entire Last Level Cache. Although a defense has been proposed, it was not effective when an attacker adapts and retrains a classifier with defended data. In this paper, we propose a new defense, referred to as cache shaping, to preserve user privacy against cache-based website fingerprinting attacks. Our proposed defense produces dummy cache activities by introducing dummy I/O operations and implementing with multiple processes, which hides fingerprints when a user visits websites. Our experimental results over large-scale datasets collected from multiple web browsers and operating systems show that our defense remains effective even if an attacker retrains a classifier with defended cache traces. We demonstrate the efficacy of our defense in the closed-world setting and the open-world setting by leveraging deep neural networks as classifiers.

查看原文本刊更多论文

缓存整形:一个有效的防御基于缓存的网站指纹

基于缓存的网站指纹攻击可以通过测量CPU缓存活动来推断用户访问的网站。研究表明，攻击者可以通过监控整个Last Level cache的占用情况，以较低的采样率实现较高的准确率。尽管已经提出了一种防御方法，但当攻击者使用被防御的数据来适应和重新训练分类器时，这种防御方法并不有效。在本文中，我们提出了一种新的防御方法，称为缓存整形，以保护用户隐私免受基于缓存的网站指纹攻击。我们提出的防御通过引入虚拟I/O操作和实现多个进程来产生虚拟缓存活动，从而在用户访问网站时隐藏指纹。我们在从多个web浏览器和操作系统收集的大规模数据集上的实验结果表明，即使攻击者使用防御缓存跟踪重新训练分类器，我们的防御仍然有效。我们通过利用深度神经网络作为分类器，展示了我们在封闭世界和开放世界环境下的防御效果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy

自引率

0.00%

发文量