Website fingerprinting is exploited to analyze encrypted traffic traces and infer the visited website. Existing website fingerprinting methods can achieve satisfying performance for the HTTP traffic visiting websites over TCP.… Click to show full abstract
Website fingerprinting is exploited to analyze encrypted traffic traces and infer the visited website. Existing website fingerprinting methods can achieve satisfying performance for the HTTP traffic visiting websites over TCP. Recently, a new protocol QUIC has been proposed, and HTTP-over-QUIC has been formalized as the next generation HTTP, named HTTP/3. Thus, it is necessary to classify HTTP/3 traces. However, since HTTP/3 is newly proposed and is being deployed, it is difficult to collect a large number of HTTP/3 traces. Intuitively, we can use sufficient TCP traces to improve the performance of the QUIC trace classifier. Unfortunately, the protocol discrepancy exists between TCP and QUIC traces, which undermines the generalization ability of the classifier. In this paper, for practical website fingerprinting of HTTP/3, we propose a Website-Aware Protocol Confusion Network (WAPCN), which exploits only a few QUIC traces to train a website classifier with the help of lots of available TCP traces. It consists of four main parts: a feature extractor, a website classifier, a protocol discriminator, and a website-aware adaptor. The feature extractor aims to extract trace representations from both TCP and QUIC traces. It cooperates with the website classifier to learn the discriminative representation for the website classification. The role of the protocol discriminator is to confuse protocols and guide the feature extractor to learn protocol-invariant representations. The website-aware adaptor can enhance protocol-invariant representations to be aware of the website classification boundary. Extensive experiments are conducted on various tasks to demonstrate the effectiveness of WAPCN.
               
Click one of the above tabs to view related content.