登 录|IP登 录|注 册| 知识中心首页 联系我们 版权声明
当前位置: 首页> 国外交通科技报告数据库 >详情
原文传递 Defending Against Deep Learning-Based Video Fingerprinting Attacks with Adversarial Examples.
题名: Defending Against Deep Learning-Based Video Fingerprinting Attacks with Adversarial Examples.
作者: Hayden, B. A.
摘要: In an increasingly digital world, online anonymity and privacy is a paramount issue for internet users. Tools like The Onion Router (Tor) offer users anonymous internet browsing. Recently, however, Tor’s anonymity has been compromised through fingerprinting, where machine learning models are used to analyze Tor traffic and predict user viewing habits, with some models achieving an accuracy of over 99%. There are defenses for Tor that attempt to prevent fingerprinting, but many are defeated by new techniques that utilize Deep Neural Networks (DNNs). New defenses that are robust against DNNs use adversarial examples to fool the classifier, but those defenses either assume the user has access to the full traffic trace beforehand or require expensive maintenance from Tor servers. In this thesis, we propose Prism, a defense against fingerprinting attacks that uses adversarial examples to fool classifiers in real time. We describe a novel method of adversarial example generation that enables adversarial example creation as input is learned over time. Prism injects these adversarial examples into the Tor traffic stream to prevent DNNs from accurately predicting sites that a user is viewing, even if the DNN is hardened by adversarial training. We show that Prism reduces the accuracy of defended fingerprinting models from over 98% to 0%. We also show that Prism can be implemented entirely on the server side, increasing deployability for users who run Tor on devices without GPUs.
总页数: 59 pages
相关文献
检索历史
应用推荐