PEZD: A practical and effective zero-delay defense against website fingerprinting

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-14 DOI:10.1016/j.comnet.2025.111716

Hengheng Xiong, Dapeng Man, Huanran Wang, Jingwen Tan, Jiguang Lv, Wu Yang

{"title":"PEZD: A practical and effective zero-delay defense against website fingerprinting","authors":"Hengheng Xiong, Dapeng Man, Huanran Wang, Jingwen Tan, Jiguang Lv, Wu Yang","doi":"10.1016/j.comnet.2025.111716","DOIUrl":null,"url":null,"abstract":"<div><div>Website Fingerprinting (WF) enables an attacker to infer which website a user is visiting by analyzing the side-channel information of network traffic, posing a serious threat to anonymous systems such as Tor. To mitigate this issue, numerous defenses have been proposed to resist WF attacks. However, many defenses incur high overhead, impeding their deployment. Moreover, some defenses rely on the impractical assumption that the defender knows prior knowledge of which website the user visits. In this paper, we propose a practical and effective lightweight WF defense, named PEZD. It hinders attackers from recognizing a website’s unique patterns by adding dummy packets with diverse distributions into traffic traces. In particular, PEZD is a website-agnostic defense that does not require knowledge of the website users are visiting and incurs only moderate overhead to effectively prevent attacks. Extensive experiments demonstrate that PEZD reduces the accuracy of state-of-the-art attacks from 97 % to 19 %–38 % while introducing zero latency overhead and only 48 % bandwidth overhead. Moreover, we show that PEZD remains effective for injecting dummy packets only on the client-side, simplifying the implementation of the defense.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111716"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006826","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Website Fingerprinting (WF) enables an attacker to infer which website a user is visiting by analyzing the side-channel information of network traffic, posing a serious threat to anonymous systems such as Tor. To mitigate this issue, numerous defenses have been proposed to resist WF attacks. However, many defenses incur high overhead, impeding their deployment. Moreover, some defenses rely on the impractical assumption that the defender knows prior knowledge of which website the user visits. In this paper, we propose a practical and effective lightweight WF defense, named PEZD. It hinders attackers from recognizing a website’s unique patterns by adding dummy packets with diverse distributions into traffic traces. In particular, PEZD is a website-agnostic defense that does not require knowledge of the website users are visiting and incurs only moderate overhead to effectively prevent attacks. Extensive experiments demonstrate that PEZD reduces the accuracy of state-of-the-art attacks from 97 % to 19 %–38 % while introducing zero latency overhead and only 48 % bandwidth overhead. Moreover, we show that PEZD remains effective for injecting dummy packets only on the client-side, simplifying the implementation of the defense.

查看原文本刊更多论文

PEZD：一个实用和有效的零延迟防御网站指纹

网站指纹技术（Website Fingerprinting， WF）使攻击者能够通过分析网络流量的侧信道信息来推断用户正在访问哪个网站，这对Tor等匿名系统构成了严重威胁。为了缓解这个问题，已经提出了许多防御措施来抵抗WF攻击。然而，许多防御会产生很高的开销，从而阻碍了它们的部署。此外，一些防御依赖于不切实际的假设，即防御者知道用户访问哪个网站的先验知识。在本文中，我们提出了一种实用有效的轻量级WF防御，称为PEZD。它通过在流量轨迹中添加具有不同分布的虚拟数据包来阻止攻击者识别网站的独特模式。特别是，PEZD是一种与网站无关的防御，它不需要了解用户正在访问的网站，并且只会产生适度的开销来有效地防止攻击。大量的实验表明，PEZD将最先进攻击的准确率从97%降低到19% - 38%，同时引入零延迟开销和仅48%的带宽开销。此外，我们还表明，PEZD仅在客户端注入虚拟数据包时仍然有效，从而简化了防御的实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.