{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T07:35:58Z","timestamp":1777016158697,"version":"3.51.4"},"reference-count":40,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T00:00:00Z","timestamp":1776988800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T00:00:00Z","timestamp":1776988800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62476095"],"award-info":[{"award-number":["62476095"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Website fingerprinting attacks are critical for extracting website information and identifying illegal websites visited by users in anonymous networks such as Tor. However, existing attacks struggle to extract effective features from unmonitored websites due to the diversity. Although increasing unmonitored training data can improve effectiveness, it also increases attacker costs. To address this, we propose a novel website fingerprinting attack that leverages unsupervised Out-of-Distribution detection. We exclusively use monitored website data for model training, eliminating the need for extensive unmonitored samples. For feature extraction, we utilize a combination of Long Short-Term Memory and Convolutional Neural Networks for robust feature extraction of each monitored website. We also introduce a new loss function to maximize differentiation between features of various websites. Furthermore, we employ Singular Value Decomposition to effectively segregate monitored from unmonitored websites. It allows the model to focus on dominant components in the feature vectors, facilitating a clear distinction between monitored and unmonitored website traffic. The experimental results confirm that our method outperforms existing techniques without requiring unmonitored training data.<\/jats:p>","DOI":"10.1186\/s42400-025-00398-x","type":"journal-article","created":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T06:40:03Z","timestamp":1777012803000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A website fingerprinting attack with unsupervised out-of-distribution detection"],"prefix":"10.1186","volume":"9","author":[{"given":"Ying","family":"Gao","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0000-5708-9518","authenticated-orcid":false,"given":"Jiafeng","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Chong","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Siquan","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Leyu","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Chenglong","family":"Jiang","sequence":"additional","affiliation":[]},{"given":"Biao","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,4,24]]},"reference":[{"key":"398_CR1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109811","volume":"231","author":"R Attarian","year":"2023","unstructured":"Attarian R, Keshavarz-Haddad A (2023) Effective website fingerprinting attack based on the first packet direction only. Comput Netw 231:109811","journal-title":"Comput Netw"},{"key":"398_CR2","doi-asserted-by":"publisher","first-page":"74","DOI":"10.1016\/j.comcom.2019.09.008","volume":"148","author":"R Attarian","year":"2019","unstructured":"Attarian R, Abdi L, Hashemi S (2019) Adawfpa: adaptive online website fingerprinting attack for tor anonymous network: a stream-wise paradigm. Comput Commun 148:74\u201385","journal-title":"Comput Commun"},{"issue":"4","key":"398_CR3","doi-asserted-by":"publisher","first-page":"292","DOI":"10.2478\/POPETS-2019-0070","volume":"2019","author":"S Bhat","year":"2019","unstructured":"Bhat S, Lu D, Kwon A, Devadas S (2019) Var-cnn: a data-efficient website fingerprinting attack based on deep learning. Proc Priv Enhancing Technol 2019(4):292\u2013310. https:\/\/doi.org\/10.2478\/POPETS-2019-0070","journal-title":"Proc Priv Enhancing Technol"},{"key":"398_CR4","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-021-00093-7","volume":"4","author":"J Burgess","year":"2021","unstructured":"Burgess J, O\u2019Kane P, Sezer S, Carlin D (2021) Lstm rnn: detecting exploit kits using redirection chain sequences. Cybersecurity 4:1\u201315","journal-title":"Cybersecurity"},{"key":"398_CR5","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108298","volume":"198","author":"M Chen","year":"2021","unstructured":"Chen M, Wang Y, Xu H, Zhu X (2021) Few-shot website fingerprinting attack. Comput Netw 198:108298","journal-title":"Comput Netw"},{"key":"398_CR6","volume-title":"Traffic analysis of ssl encrypted web browsing","author":"H Cheng","year":"1998","unstructured":"Cheng H, Avnur R (1998) Traffic analysis of ssl encrypted web browsing. University of Berkeley, Project paper"},{"key":"398_CR7","doi-asserted-by":"crossref","unstructured":"Deng X, Yin Q, Liu Z, Zhao X, Li Q, Xu M, Xu K, Wu J (2023) Robust multi-tab website fingerprinting attacks in the wild. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1005\u20131022 . IEEE Computer Society","DOI":"10.1109\/SP46215.2023.10179464"},{"key":"398_CR8","first-page":"303","volume":"4","author":"R Dingledine","year":"2004","unstructured":"Dingledine R, Mathewson N, Syverson PF et al (2004) Tor: the second-generation onion router. USENIX Security Symposium 4:303\u2013320","journal-title":"USENIX Security Symposium"},{"issue":"6","key":"398_CR9","doi-asserted-by":"publisher","first-page":"1693","DOI":"10.1109\/TCSS.2021.3135586","volume":"9","author":"Y Gao","year":"2022","unstructured":"Gao Y, Chen J, Miao H, Song B, Lu Y, Pan W (2022) Self-learning spatial distribution-based intrusion detection for industrial cyber-physical systems. IEEE Transactions on Computational Social Systems 9(6):1693\u20131702. https:\/\/doi.org\/10.1109\/TCSS.2021.3135586","journal-title":"IEEE Transactions on Computational Social Systems"},{"issue":"6","key":"398_CR10","doi-asserted-by":"publisher","first-page":"1148","DOI":"10.26599\/TST.2023.9010062","volume":"28","author":"X Gu","year":"2023","unstructured":"Gu X, Song B, Lan W, Yang M (2023) An online website fingerprinting defense based on the non-targeted adversarial patch. Tsinghua Sci Technol 28(6):1148\u20131159","journal-title":"Tsinghua Sci Technol"},{"issue":"6","key":"398_CR11","doi-asserted-by":"publisher","first-page":"4039","DOI":"10.1109\/TDSC.2021.3117145","volume":"19","author":"B Gulmezoglu","year":"2021","unstructured":"Gulmezoglu B (2021) Xai-based microarchitectural side-channel analysis for website fingerprinting attacks and defenses. IEEE Trans Dependable Secure Comput 19(6):4039\u20134051","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"398_CR12","unstructured":"Hayes J, Danezis G (2016) k-fingerprinting: A robust scalable website fingerprinting technique. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 1187\u20131203"},{"key":"398_CR13","doi-asserted-by":"crossref","unstructured":"Hintz A (2002) Fingerprinting websites using traffic analysis. In: International Workshop on Privacy Enhancing Technologies, pp. 171\u2013178 . Springer","DOI":"10.1007\/3-540-36467-6_13"},{"key":"398_CR14","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1016\/j.comcom.2022.06.028","volume":"193","author":"X Hong","year":"2022","unstructured":"Hong X, Ma X, Li S, Qiu H, Liu B (2022) A website fingerprint defense technology with low delay and controllable bandwidth. Comput Commun 193:332\u2013345","journal-title":"Comput Commun"},{"key":"398_CR15","doi-asserted-by":"crossref","unstructured":"Hou C, Shi J, Cui M, Liu M, Yu J (2021) Universal website fingerprinting defense based on adversarial examples. In: 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 99\u2013106 . IEEE","DOI":"10.1109\/TrustCom53373.2021.00031"},{"key":"398_CR16","doi-asserted-by":"crossref","unstructured":"Hsu Y-C, Shen Y, Jin H, Kira Z (2020) Generalized odin: Detecting out-of-distribution image without learning from out-of-distribution data. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition (CVPR)","DOI":"10.1109\/CVPR42600.2020.01096"},{"issue":"1","key":"398_CR17","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1186\/s42400-024-00222-y","volume":"7","author":"B Huang","year":"2024","unstructured":"Huang B, Du Y (2024) Break-pad: effective padding machines for tor with break burst padding. Cybersecurity 7(1):28","journal-title":"Cybersecurity"},{"key":"398_CR18","doi-asserted-by":"crossref","unstructured":"Huang G, Ma C, Ding M, Qian Y, Ge C, Fang L, Liu Z (2023) Efficient and low overhead website fingerprinting attacks and defenses based on tcp\/ip traffic. In: Proceedings of the ACM Web Conference 2023, pp. 1991\u20131999","DOI":"10.1145\/3543507.3583200"},{"key":"398_CR19","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1016\/j.comcom.2016.05.019","volume":"96","author":"H Jahani","year":"2016","unstructured":"Jahani H, Jalili S (2016) A novel passive website fingerprinting attack on tor using fast fourier transform. Comput Commun 96:43\u201351","journal-title":"Comput Commun"},{"key":"398_CR20","doi-asserted-by":"crossref","unstructured":"Juarez M, Afroz S, Acar G, Diaz C, Greenstadt R (2014) A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 263\u2013274","DOI":"10.1145\/2660267.2660368"},{"key":"398_CR21","unstructured":"Lang H, Zheng Y, Li Y, Sun J, Huang F, Li Y (2024) A survey on out-of-distribution detection in NLP. Trans. Mach. Learn. Res. 2024"},{"key":"398_CR22","doi-asserted-by":"crossref","unstructured":"Li J, Chen P, He Z, Yu S, Liu S, Jia J (2023) Rethinking out-of-distribution (ood) detection: Masked image modeling is all you need. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 11578\u201311589","DOI":"10.1109\/CVPR52729.2023.01114"},{"key":"398_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-020-00050-w","volume":"3","author":"RA Maalem Lahcen","year":"2020","unstructured":"Maalem Lahcen RA, Caulkins B, Mohapatra R, Kumar M (2020) Review and insight on the behavioral aspects of cybersecurity. Cybersecurity 3:1\u201318","journal-title":"Cybersecurity"},{"key":"398_CR24","doi-asserted-by":"crossref","unstructured":"McGuan C, Yu C, Suh K (2024) Practical and lightweight defense against website fingerprinting. Computer Communications, 107976","DOI":"10.1016\/j.comcom.2024.107976"},{"key":"398_CR25","doi-asserted-by":"crossref","unstructured":"Panchenko A, Lanze F, Pennekamp J, Engel T, Zinnen A, Henze M, Wehrle K (2016) Website fingerprinting at internet scale. In: NDSS","DOI":"10.14722\/ndss.2016.23477"},{"key":"398_CR26","doi-asserted-by":"crossref","unstructured":"Panchenko A, Niessen L, Zinnen A, Engel T (2011) Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 103\u2013114","DOI":"10.1145\/2046556.2046570"},{"issue":"3","key":"398_CR27","doi-asserted-by":"publisher","first-page":"5","DOI":"10.2478\/POPETS-2020-0043","volume":"2020","author":"MS Rahman","year":"2020","unstructured":"Rahman MS, Sirinam P, Mathews N, Gangadhara KG, Wright M (2020) Tik-tok: the utility of packet timing in website fingerprinting attacks. Proc Priv Enhancing Technol 2020(3):5\u201324. https:\/\/doi.org\/10.2478\/POPETS-2020-0043","journal-title":"Proc Priv Enhancing Technol"},{"key":"398_CR28","doi-asserted-by":"crossref","unstructured":"Rimmer V, Preuveneers D, Juarez M, Van\u00a0Goethem T, Joosen W (2018) Automated website fingerprinting through deep learning. In: NDSS","DOI":"10.14722\/ndss.2018.23105"},{"key":"398_CR29","unstructured":"Shen M, Ji K, Gao Z, Li Q, Zhu L, Xu K (2023) Subverting website fingerprinting defenses with robust traffic representation. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 607\u2013624"},{"key":"398_CR30","doi-asserted-by":"crossref","unstructured":"Shen M, Ji K, Wu J, Li Q, Kong X, Xu K, Zhu L (2024) Real-time website fingerprinting defense via traffic cluster anonymization. In: 2024 IEEE Symposium on Security and Privacy (SP), pp. 263\u2013263 . IEEE Computer Society","DOI":"10.1109\/SP54263.2024.00247"},{"key":"398_CR31","doi-asserted-by":"crossref","unstructured":"Sirinam P, Imani M, Juarez M, Wright M (2018) Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928\u20131943","DOI":"10.1145\/3243734.3243768"},{"key":"398_CR32","doi-asserted-by":"crossref","unstructured":"Sirinam P, Mathews N, Rahman MS, Wright M (2019) Triplet fingerprinting: More practical and portable website fingerprinting with n-shot learning. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1131\u20131148","DOI":"10.1145\/3319535.3354217"},{"key":"398_CR33","doi-asserted-by":"crossref","unstructured":"Sun H, Huang Y, Han L, Long X, Liu H, Zhou C (2022) Neural-factor: Neural representation learning for website fingerprinting attack over tor anonymity. In: 2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 435\u2013440 . IEEE","DOI":"10.1109\/TrustCom56396.2022.00067"},{"key":"398_CR34","unstructured":"Sun Q, Simon DR, Wang Y-M, Russell W, Padmanabhan VN, Qiu L (2002) Statistical identification of encrypted web browsing traffic. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 19\u201330 . IEEE"},{"key":"398_CR35","doi-asserted-by":"crossref","unstructured":"Wang T (2020) High precision open-world website fingerprinting. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 152\u2013167 . IEEE","DOI":"10.1109\/SP40000.2020.00015"},{"key":"398_CR36","unstructured":"Wang T, Cai X, Nithyanand R, Johnson R, Goldberg I (2014) Effective attacks and provable defenses for website fingerprinting. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 143\u2013157"},{"key":"398_CR37","doi-asserted-by":"crossref","unstructured":"Wang M, Li Y, Wang X, Liu T, Shi J, Chen M (2020) 2ch-tcn: a website fingerprinting attack over tor using 2-channel temporal convolutional networks. In: 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1\u20137 . IEEE","DOI":"10.1109\/ISCC50000.2020.9219717"},{"key":"398_CR38","doi-asserted-by":"crossref","unstructured":"Wang Z, Li T, Yin M, Yuan X, Luo X, Li L (2024) Wf3a: A n-shot website fingerprinting with effective fusion feature attention. Computers & Security, 103796","DOI":"10.1016\/j.cose.2024.103796"},{"key":"398_CR39","doi-asserted-by":"crossref","unstructured":"Zaeemzadeh A, Bisagno N, Sambugaro Z, Conci N, Rahnavard N, Shah M (2021) Out-of-distribution detection using union of 1-dimensional subspaces. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 9452\u20139461","DOI":"10.1109\/CVPR46437.2021.00933"},{"key":"398_CR40","doi-asserted-by":"crossref","unstructured":"Zhang Y, Sun X, Qin X, Li C, Wang S, Xie Y (2021) Tripod: Use data augmentation to enhance website fingerprinting. In: 2021 IEEE Symposium on Computers and Communications (ISCC), pp. 1\u20137 . IEEE","DOI":"10.1109\/ISCC53001.2021.9631528"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00398-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00398-x","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00398-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T06:40:17Z","timestamp":1777012817000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00398-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,4,24]]},"references-count":40,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["398"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00398-x","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,4,24]]},"assertion":[{"value":"19 December 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 March 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 April 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"The authors declare that they have no known competition for financial interests or personal relationships that could have appeared to influence the work reported in this document.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"159"}}