{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T14:52:42Z","timestamp":1776783162249,"version":"3.51.2"},"reference-count":32,"publisher":"Oxford University Press (OUP)","issue":"8","license":[{"start":{"date-parts":[[2024,5,4]],"date-time":"2024-05-04T00:00:00Z","timestamp":1714780800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62372105"],"award-info":[{"award-number":["62372105"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["2242023K30034"],"award-info":[{"award-number":["2242023K30034"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,8,11]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Website fingerprinting (WF) attacks on Tor enable a passive adversary to predict the encrypted web browsing activity of a victim by matching the eavesdropped traffic with pretrained classifiers. Nowadays, deep learning-based methods have led to significant achievements in the single-tab Tor WF attack. However, the practical implementation of these single-tab methods is challenging due to most real-world Tor traffic involving multiple tabs. Existing single-tab methods hardly identify multi-tab WF due to the overlapping areas of the traffic trace confusing the original features. In this paper, we propose a Trace Image-based Object Detection model named TIOD as a novel multi-tab attacking model. Specifically, we model the traffic overlap in Tor as the object overlap in object detection tasks from the computer vision field. Besides, we propose a special S-matrix scheme to convert a trace into an image: (i) Retaining the original features by keeping the direction and order of the cells and (ii) Bringing cells of the same page closer together in space. We then utilize a specially designed object detection model for trace images, WF R-CNN, to extract features and identify potential destination websites within multi-tab traces. Comparative analysis with other multi-tab attacks is conducted, and the empirical results consistently underscore the superior performance of the proposed trace image model across diverse datasets. In the two-tab setting, TIOD achieves the best accuracy with more than 85% on both the first and second tabs.<\/jats:p>","DOI":"10.1093\/comjnl\/bxae037","type":"journal-article","created":{"date-parts":[[2024,5,5]],"date-time":"2024-05-05T13:05:21Z","timestamp":1714914321000},"page":"2690-2701","source":"Crossref","is-referenced-by-count":3,"title":["Tor Trace in Images: A Novel Multi-Tab Website Fingerprinting Attack With Object Detection"],"prefix":"10.1093","volume":"67","author":[{"given":"Yifan","family":"Xu","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University , Nanjing 211189 , China"},{"name":"Engineering Research Center of Blockchain Application , Supervision, and Management, Southeast University, Ministry of Education, Nanjing 211189 , China"}]},{"given":"Liangmin","family":"Wang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University , Nanjing 211189 , China"},{"name":"Engineering Research Center of Blockchain Application , Supervision, and Management, Southeast University, Ministry of Education, Nanjing 211189 , China"}]},{"given":"Jie","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Southeast University , Nanjing 211189 , China"},{"name":"Engineering Research Center of Blockchain Application , Supervision, and Management, Southeast University, Ministry of Education, Nanjing 211189 , China"}]},{"given":"Qiang","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science and Communication Engineer , Jiangsu University, Zhenjiang 212013 , China"}]}],"member":"286","published-online":{"date-parts":[[2024,5,4]]},"reference":[{"key":"2024081612112123700_ref1","article-title":"Users - tor metrics","year":"2023"},{"key":"2024081612112123700_ref2","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1145\/2517840.2517851","article-title":"Improved website fingerprinting on tor","volume-title":"Proc. of the 12th ACM Workshop on Privacy in the Electronic Society","author":"Wang","year":"2013"},{"key":"2024081612112123700_ref3","first-page":"1187","article-title":"k-fingerprinting: a robust scalable website fingerprinting technique","volume-title":"25th USENIX Security Symposium (USENIX security 16)","author":"Hayes","year":"2016"},{"key":"2024081612112123700_ref4","first-page":"607","article-title":"Subverting website fingerprinting defenses with robust traffic representation","volume-title":"32nd USENIX Security Symposium (USENIX security 23)","author":"Shen","year":"2023"},{"key":"2024081612112123700_ref5","first-page":"1","volume-title":"Website fingerprinting at internet scale","author":"Panchenko","year":"2016"},{"key":"2024081612112123700_ref6","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1515\/popets-2016-0027","article-title":"On realistically attacking tor with website fingerprinting","volume":"2016","author":"Wang","year":"2016","journal-title":"Proc. on Privacy Enhancing Technologies"},{"key":"2024081612112123700_ref7","first-page":"753","article-title":"Online website fingerprinting: evaluating website fingerprinting attacks on tor in the real world","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Cherubin","year":"2022"},{"key":"2024081612112123700_ref8","first-page":"263","article-title":"A critical evaluation of website fingerprinting attacks","volume-title":"Proc. of the 2014 ACM SIGSAC Conf. on Computer and Communications Security","author":"Juarez","year":"2014"},{"key":"2024081612112123700_ref9","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3473343","article-title":"How do home computer users browse the web?","volume":"16","author":"Crichton","year":"2021","journal-title":"ACM Trans. Web"},{"key":"2024081612112123700_ref10","first-page":"561","article-title":"A characterization of online browsing behavior","volume-title":"Proc. of the 19th Int. Conf. on World Wide Web","author":"Kumar","year":"2010"},{"key":"2024081612112123700_ref11","first-page":"51","article-title":"Dobbs: towards a comprehensive dataset to study the browsing behavior of online users","volume-title":"2013 IEEE\/WIC\/ACM Int. Joint Conf. on Web Intelligence (WI) and Intelligent Agent Technologies (IAT)","author":"von der Weth","year":"2013"},{"key":"2024081612112123700_ref12","first-page":"248","article-title":"BAPM: block attention profiling model for multi-tab website fingerprinting attacks on tor","volume-title":"Annual Computer Security Applications Conf., virtual event","author":"Guan","year":"2021"},{"key":"2024081612112123700_ref13","doi-asserted-by":"crossref","first-page":"3656","DOI":"10.1109\/TDSC.2021.3104869","article-title":"An automated multi-tab website fingerprinting attack","volume":"19","author":"Yin","year":"2021","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"2024081612112123700_ref14","doi-asserted-by":"crossref","first-page":"327","DOI":"10.1145\/3274694.3274697","article-title":"A multi-tab website fingerprinting attack","volume-title":"Proc. of the 34th Annual Computer Security Applications Conference","author":"Xu","year":"2018"},{"key":"2024081612112123700_ref15","first-page":"234","article-title":"A novel website fingerprinting attack against multi-tab browsing behavior","volume-title":"2015 IEEE 19th Int. Conference on Computer Supported Cooperative Work in Design (CSCWD)","author":"Gu","year":"2015"},{"key":"2024081612112123700_ref16","first-page":"328","article-title":"Revisiting assumptions for website fingerprinting attacks","volume-title":"Proc. of the 2019 ACM Asia Conf. on Computer and Communications Security","author":"Cui","year":"2019"},{"key":"2024081612112123700_ref17","first-page":"143","article-title":"Effective attacks and provable defenses for website fingerprinting","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Wang","year":"2014"},{"key":"2024081612112123700_ref18","first-page":"1928","article-title":"Deep fingerprinting: undermining website fingerprinting defenses with deep learning","volume-title":"Proceedings of the 2018 ACM SIGSAC Conf. on Computer and Communications Security","author":"Sirinam","year":"2018"},{"key":"2024081612112123700_ref19","doi-asserted-by":"crossref","first-page":"1005","DOI":"10.1109\/SP46215.2023.10179464","article-title":"Robust multi-tab website fingerprinting attacks in the wild","volume-title":"2023 IEEE Symposium on Security and Privacy (SP)","author":"Deng","year":"2023"},{"key":"2024081612112123700_ref20","first-page":"580","article-title":"Rich feature hierarchies for accurate object detection and semantic segmentation","volume-title":"Proc. of the IEEE Conf. on Computer Vision and Pattern Recognition","author":"Girshick","year":"2014"},{"key":"2024081612112123700_ref21","first-page":"2961","article-title":"Mask r-cnn","volume-title":"Proc. of the IEEE Int. Conf. on Computer Vision","author":"He","year":"2017"},{"key":"2024081612112123700_ref22","first-page":"2117","article-title":"Feature pyramid networks for object detection","volume-title":"Proc. of the IEEE Conf. on Computer Vision and Pattern Recognition","author":"Lin","year":"2017"},{"key":"2024081612112123700_ref23","volume-title":"Traffic analysis of ssl encrypted web browsing","author":"Cheng","year":"1998"},{"key":"2024081612112123700_ref24","first-page":"31","article-title":"Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na\u00ef-bayes classifier","volume-title":"Proc. of the 2009 ACM Workshop on Cloud Computing Security","author":"Herrmann","year":"2009"},{"key":"2024081612112123700_ref25","first-page":"171","article-title":"Fingerprinting websites using traffic analysis","volume-title":"International Workshop on Privacy Enhancing Technologies","author":"Hintz","year":"2002"},{"key":"2024081612112123700_ref26","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1145\/2665943.2665950","article-title":"Glove: a bespoke website fingerprinting defense","volume-title":"Proc. of the 13th Workshop on Privacy in the Electronic Society","author":"Nithyanand","year":"2014"},{"key":"2024081612112123700_ref27","first-page":"1375","article-title":"walkie-talkie: an efficient defense against passive website fingerprinting attacks","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Wang","year":"2017"},{"key":"2024081612112123700_ref28","first-page":"1971","article-title":"TrafficSliver: fighting website fingerprinting attacks with traffic splitting","volume-title":"Proc. of the 2020 ACM SIGSAC Conf. on Computer and Communications Security","author":"De la Cadena","year":"2020"},{"key":"2024081612112123700_ref29","doi-asserted-by":"crossref","first-page":"1558","DOI":"10.1109\/SP46214.2022.9833722","article-title":"Surakav: generating realistic traces for a strong website fingerprinting defense","volume-title":"2022 IEEE Symposium on Security and Privacy (SP)","author":"Gong","year":"2022"},{"key":"2024081612112123700_ref30","first-page":"1","article-title":"Towards effective and efficient padding machines for Tor","author":"Pulls","year":"2020"},{"key":"2024081612112123700_ref31","first-page":"717","article-title":"Zero-delay lightweight defenses against website fingerprinting","volume-title":"29th USENIX security symposium (USENIX security 20)","author":"Gong","year":"2020"},{"key":"2024081612112123700_ref32","doi-asserted-by":"crossref","first-page":"1","DOI":"10.14722\/ndss.2018.23105","article-title":"Automated website fingerprinting through deep learning","volume-title":"Proc. 2018 Network and Distributed System Security Symposium","author":"Rimmer","year":"2018"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/8\/2690\/58796564\/bxae037.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/67\/8\/2690\/58796564\/bxae037.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T15:34:05Z","timestamp":1731771245000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/67\/8\/2690\/7664604"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5,4]]},"references-count":32,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2024,5,4]]},"published-print":{"date-parts":[[2024,8,11]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxae037","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2024,8]]},"published":{"date-parts":[[2024,5,4]]}}}