TOPLDM: Towards dynamic low overhead traffic obfuscation based on packet length distribution modification

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-11 DOI:10.1016/j.comnet.2025.111707

Zhichao Hu , Likun Liu , Jiaxing Gong , Yao Zhang , Minghao Guo , Mengmeng Ge , Qing Guo , Lina Ma , Xiangzhan Yu

{"title":"TOPLDM: Towards dynamic low overhead traffic obfuscation based on packet length distribution modification","authors":"Zhichao Hu , Likun Liu , Jiaxing Gong , Yao Zhang , Minghao Guo , Mengmeng Ge , Qing Guo , Lina Ma , Xiangzhan Yu","doi":"10.1016/j.comnet.2025.111707","DOIUrl":null,"url":null,"abstract":"<div><div>The emergence of encrypted traffic fingerprinting has made it possible to monitor and analyze users’ online activities even under encrypted protocols like SSL/TLS, posing a serious threat to the personal privacy and data security. While researchers have proposed various traffic obfuscation methods to defend against encrypted traffic fingerprinting, there are still issues such as the high resource overhead, the weak robustness, the difficulty in dynamically adjusting obfuscation strategies and the inability to deploy in real network environments. To address these problems, this paper proposes an efficient and effective traffic obfuscation method based on packet length distribution modification. It designs a distribution-based packet length mapping method to dynamically adjust the mapping rules of packet lengths by selecting different target distributions. The packets are then modified by segmentation and stacking. By modifying the distribution of packet lengths, this method indirectly affects temporal features, effectively resisting encrypted traffic fingerprinting methods. Experimental results show that the approach outperforms existing traffic obfuscation methods in terms of obfuscation effectiveness, with 7 % success rate improved in real traffic obfuscation. Additionally, through comparative experiments with classic methods such as BuFLO, Cs-BuFLO, WTF-PAD, FRONT, Wfd-GAN, WGAN, and FGSM-AS, the advantages of this method in terms of time and bandwidth resource consumption are verified, and showing satisfactory robustness towards retrain.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111707"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006735","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

The emergence of encrypted traffic fingerprinting has made it possible to monitor and analyze users’ online activities even under encrypted protocols like SSL/TLS, posing a serious threat to the personal privacy and data security. While researchers have proposed various traffic obfuscation methods to defend against encrypted traffic fingerprinting, there are still issues such as the high resource overhead, the weak robustness, the difficulty in dynamically adjusting obfuscation strategies and the inability to deploy in real network environments. To address these problems, this paper proposes an efficient and effective traffic obfuscation method based on packet length distribution modification. It designs a distribution-based packet length mapping method to dynamically adjust the mapping rules of packet lengths by selecting different target distributions. The packets are then modified by segmentation and stacking. By modifying the distribution of packet lengths, this method indirectly affects temporal features, effectively resisting encrypted traffic fingerprinting methods. Experimental results show that the approach outperforms existing traffic obfuscation methods in terms of obfuscation effectiveness, with 7 % success rate improved in real traffic obfuscation. Additionally, through comparative experiments with classic methods such as BuFLO, Cs-BuFLO, WTF-PAD, FRONT, Wfd-GAN, WGAN, and FGSM-AS, the advantages of this method in terms of time and bandwidth resource consumption are verified, and showing satisfactory robustness towards retrain.

查看原文本刊更多论文

TOPLDM：基于分组长度分布修改的动态低开销流量混淆

加密流量指纹的出现，使得即使在SSL/TLS等加密协议下，也可以对用户的在线活动进行监控和分析，对个人隐私和数据安全构成严重威胁。虽然研究人员提出了各种流量混淆方法来防御加密流量指纹，但仍然存在资源开销高、鲁棒性弱、难以动态调整混淆策略以及无法在真实网络环境中部署等问题。针对这些问题，本文提出了一种基于分组长度分配修改的高效流量混淆方法。设计了一种基于分布的数据包长度映射方法，通过选择不同的目标分布动态调整数据包长度的映射规则。然后通过分段和堆叠来修改数据包。该方法通过改变报文长度的分布，间接影响时间特征，有效抵抗加密流量指纹识别方法。实验结果表明，该方法在混淆效率方面优于现有的流量混淆方法，在实际的流量混淆中，成功率提高了7%。此外，通过与经典方法BuFLO、Cs-BuFLO、WTF-PAD、FRONT、Wfd-GAN、WGAN和FGSM-AS的对比实验，验证了该方法在时间和带宽资源消耗方面的优势，并对再训练具有满意的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.