Zhichao Hu , Likun Liu , Jiaxing Gong , Yao Zhang , Minghao Guo , Mengmeng Ge , Qing Guo , Lina Ma , Xiangzhan Yu
{"title":"TOPLDM: Towards dynamic low overhead traffic obfuscation based on packet length distribution modification","authors":"Zhichao Hu , Likun Liu , Jiaxing Gong , Yao Zhang , Minghao Guo , Mengmeng Ge , Qing Guo , Lina Ma , Xiangzhan Yu","doi":"10.1016/j.comnet.2025.111707","DOIUrl":null,"url":null,"abstract":"<div><div>The emergence of encrypted traffic fingerprinting has made it possible to monitor and analyze users’ online activities even under encrypted protocols like SSL/TLS, posing a serious threat to the personal privacy and data security. While researchers have proposed various traffic obfuscation methods to defend against encrypted traffic fingerprinting, there are still issues such as the high resource overhead, the weak robustness, the difficulty in dynamically adjusting obfuscation strategies and the inability to deploy in real network environments. To address these problems, this paper proposes an efficient and effective traffic obfuscation method based on packet length distribution modification. It designs a distribution-based packet length mapping method to dynamically adjust the mapping rules of packet lengths by selecting different target distributions. The packets are then modified by segmentation and stacking. By modifying the distribution of packet lengths, this method indirectly affects temporal features, effectively resisting encrypted traffic fingerprinting methods. Experimental results show that the approach outperforms existing traffic obfuscation methods in terms of obfuscation effectiveness, with 7 % success rate improved in real traffic obfuscation. Additionally, through comparative experiments with classic methods such as BuFLO, Cs-BuFLO, WTF-PAD, FRONT, Wfd-GAN, WGAN, and FGSM-AS, the advantages of this method in terms of time and bandwidth resource consumption are verified, and showing satisfactory robustness towards retrain.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111707"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006735","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
The emergence of encrypted traffic fingerprinting has made it possible to monitor and analyze users’ online activities even under encrypted protocols like SSL/TLS, posing a serious threat to the personal privacy and data security. While researchers have proposed various traffic obfuscation methods to defend against encrypted traffic fingerprinting, there are still issues such as the high resource overhead, the weak robustness, the difficulty in dynamically adjusting obfuscation strategies and the inability to deploy in real network environments. To address these problems, this paper proposes an efficient and effective traffic obfuscation method based on packet length distribution modification. It designs a distribution-based packet length mapping method to dynamically adjust the mapping rules of packet lengths by selecting different target distributions. The packets are then modified by segmentation and stacking. By modifying the distribution of packet lengths, this method indirectly affects temporal features, effectively resisting encrypted traffic fingerprinting methods. Experimental results show that the approach outperforms existing traffic obfuscation methods in terms of obfuscation effectiveness, with 7 % success rate improved in real traffic obfuscation. Additionally, through comparative experiments with classic methods such as BuFLO, Cs-BuFLO, WTF-PAD, FRONT, Wfd-GAN, WGAN, and FGSM-AS, the advantages of this method in terms of time and bandwidth resource consumption are verified, and showing satisfactory robustness towards retrain.
期刊介绍:
Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.