{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:47:32Z","timestamp":1759092452304},"reference-count":30,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"4","license":[{"start":{"date-parts":[[2017,10,1]],"date-time":"2017-10-01T00:00:00Z","timestamp":1506816000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,10,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Website Fingerprinting (WF) attacks raise major concerns about users\u2019 privacy. They employ Machine Learning (ML) techniques to allow a local passive adversary to uncover the Web browsing behavior of a user, even if she browses through an encrypted tunnel (e.g. Tor, VPN). Numerous defenses have been proposed in the past; however, it is typically difficult to have formal guarantees on their security, which is most often evaluated empirically against state-of-the-art attacks. In this paper, we present a practical method to derive security bounds for any WF defense, where the bounds depend on a chosen feature set. This result derives from reducing WF attacks to an ML classification task, where we can determine the smallest achievable error (the Bayes error). Such error can be estimated in practice, and is a lower bound for a WF adversary, for any classification algorithm he may use. Our work has two main consequences: i) it allows determining the security of WF defenses, in a black-box manner, with respect to the state-of-the-art feature set and ii) it favors shifting the focus of future WF research to identifying optimal feature sets. The generality of this approach further suggests that the method could be used to define security bounds for other ML-based attacks.<\/jats:p>","DOI":"10.1515\/popets-2017-0046","type":"journal-article","created":{"date-parts":[[2017,10,17]],"date-time":"2017-10-17T10:01:46Z","timestamp":1508234506000},"page":"215-231","source":"Crossref","is-referenced-by-count":18,"title":["Bayes, not Na\u00efve: Security Bounds on Website Fingerprinting Defenses"],"prefix":"10.56553","volume":"2017","author":[{"given":"Giovanni","family":"Cherubin","sequence":"first","affiliation":[{"name":"Royal Holloway University of London , United Kingdom of Great Britain and Northern Ireland"}]}],"member":"35752","published-online":{"date-parts":[[2017,10,10]]},"reference":[{"key":"2021040805164812345_j_popets-2017-0046_ref_001_w2aab3b7c11b1b6b1ab1ab1Aa","doi-asserted-by":"crossref","unstructured":"[1] A. Antos, L. Devroye, and L. Gyorfi. Lower bounds for bayes error estimation. IEEE Transactions on Pattern Analysis and Machine Intelligence, 21(7):643\u2013645, 1999.10.1109\/34.777375","DOI":"10.1109\/34.777375"},{"key":"2021040805164812345_j_popets-2017-0046_ref_002_w2aab3b7c11b1b6b1ab1ab2Aa","doi-asserted-by":"crossref","unstructured":"[2] A. Back, U. M\u00f6ller, and A. Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. In Information Hiding, 4th International Workshop, IHW 2001, Pittsburgh, PA, USA, April 25-27, 2001, Proceedings, pages 245\u2013257, 2001.","DOI":"10.1007\/3-540-45496-9_18"},{"key":"2021040805164812345_j_popets-2017-0046_ref_003_w2aab3b7c11b1b6b1ab1ab3Aa","doi-asserted-by":"crossref","unstructured":"[3] C. Braun, K. Chatzikokolakis, and C. Palamidessi. Quantitative notions of leakage for one-try attacks. Electronic Notes in Theoretical Computer Science, 249:75\u201391, 2009.","DOI":"10.1016\/j.entcs.2009.07.085"},{"key":"2021040805164812345_j_popets-2017-0046_ref_004_w2aab3b7c11b1b6b1ab1ab4Aa","doi-asserted-by":"crossref","unstructured":"[4] X. Cai, R. Nithyanand, and R. Johnson. Cs-buflo: A congestion sensitive website fingerprinting defense. In Proceedings of the 13th Workshop on Privacy in the Electronic Society, WPES 2014, Scottsdale, AZ, USA, November 3, 2014, pages 121\u2013130, 2014.","DOI":"10.1145\/2665943.2665949"},{"key":"2021040805164812345_j_popets-2017-0046_ref_005_w2aab3b7c11b1b6b1ab1ab5Aa","doi-asserted-by":"crossref","unstructured":"[5] X. Cai, R. Nithyanand, T. Wang, R. Johnson, and I. Goldberg. A systematic approach to developing and evaluating website fingerprinting defenses. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 227\u2013238, 2014.","DOI":"10.1145\/2660267.2660362"},{"key":"2021040805164812345_j_popets-2017-0046_ref_006_w2aab3b7c11b1b6b1ab1ab6Aa","doi-asserted-by":"crossref","unstructured":"[6] X. Cai, X. C. Zhang, B. Joshi, and R. Johnson. Touching from a distance: website fingerprinting attacks and defenses. In the ACM Conference on Computer and Communications Security, CCS\u201912, Raleigh, NC, USA, October 16-18, 2012, pages 605\u2013616, 2012.","DOI":"10.1145\/2382196.2382260"},{"key":"2021040805164812345_j_popets-2017-0046_ref_007_w2aab3b7c11b1b6b1ab1ab7Aa","doi-asserted-by":"crossref","unstructured":"[7] G. Cherubin, J. Hayes, and M. Juarez. Website fingerprinting defenses at the application layer. Proceedings on Privacy Enhancing Technologies, 2:165\u2013182, 2017.","DOI":"10.1515\/popets-2017-0023"},{"key":"2021040805164812345_j_popets-2017-0046_ref_008_w2aab3b7c11b1b6b1ab1ab8Aa","doi-asserted-by":"crossref","unstructured":"[8] T. M. Cover and P. E. Hart. Nearest neighbor pattern classification. IEEE Transactions on Information Theory, 13(1):21\u201327, 1967.","DOI":"10.1109\/TIT.1967.1053964"},{"key":"2021040805164812345_j_popets-2017-0046_ref_009_w2aab3b7c11b1b6b1ab1ab9Aa","unstructured":"[9] P. A. Devijver and J. Kittler. Pattern recognition: A statistical approach. Prentice hall, 1982."},{"key":"2021040805164812345_j_popets-2017-0046_ref_010_w2aab3b7c11b1b6b1ab1ac10Aa","unstructured":"[10] R. O. Duda, P. E. Hart, and D. G. Stork. Pattern classification. John Wiley & Sons, 2012."},{"key":"2021040805164812345_j_popets-2017-0046_ref_011_w2aab3b7c11b1b6b1ab1ac11Aa","doi-asserted-by":"crossref","unstructured":"[11] K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. Peek-a-boo, I still see you: Why efficient traffic analysis countermeasures fail. In IEEE Symposium on Security and Privacy, SP 2012, 21-23 May 2012, San Francisco, California, USA, pages 332\u2013346, 2012.","DOI":"10.1109\/SP.2012.28"},{"key":"2021040805164812345_j_popets-2017-0046_ref_012_w2aab3b7c11b1b6b1ab1ac12Aa","unstructured":"[12] J. Hayes and G. Danezis. k-fingerprinting: A robust scalable website fingerprinting technique. In 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, August 10-12, 2016., pages 1187\u20131203, 2016."},{"key":"2021040805164812345_j_popets-2017-0046_ref_013_w2aab3b7c11b1b6b1ab1ac13Aa","doi-asserted-by":"crossref","unstructured":"[13] D. Herrmann, R. Wendolsky, and H. Federrath. Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na\u00efve-Bayes classifier. In Proceedings of the first ACM Cloud Computing Security Workshop, CCSW 2009, Chicago, IL, USA, November 13, 2009, pages 31\u201342, 2009.","DOI":"10.1145\/1655008.1655013"},{"key":"2021040805164812345_j_popets-2017-0046_ref_014_w2aab3b7c11b1b6b1ab1ac14Aa","doi-asserted-by":"crossref","unstructured":"[14] M. Ju\u00e1rez, S. Afroz, G. Acar, C. D\u00edaz, and R. Greenstadt. A critical evaluation of website fingerprinting attacks. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3-7, 2014, pages 263\u2013274, 2014.","DOI":"10.1145\/2660267.2660368"},{"key":"2021040805164812345_j_popets-2017-0046_ref_015_w2aab3b7c11b1b6b1ab1ac15Aa","doi-asserted-by":"crossref","unstructured":"[15] M. Juarez, M. Imani, M. Perry, C. Diaz, and M. Wright. Toward an efficient website fingerprinting defense. In European Symposium on Research in Computer Security, pages 27\u201346. Springer, 2016.","DOI":"10.1007\/978-3-319-45744-4_2"},{"key":"2021040805164812345_j_popets-2017-0046_ref_016_w2aab3b7c11b1b6b1ab1ac16Aa","unstructured":"[16] A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas. Circuit fingerprinting attacks: Passive deanonymization of tor hidden services. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015., pages 287\u2013302, 2015."},{"key":"2021040805164812345_j_popets-2017-0046_ref_017_w2aab3b7c11b1b6b1ab1ac17Aa","doi-asserted-by":"crossref","unstructured":"[17] M. Liberatore and B. N. Levine. Inferring the source of encrypted HTTP connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, Ioctober 30 - November 3, 2006, pages 255\u2013263, 2006.","DOI":"10.1145\/1180405.1180437"},{"key":"2021040805164812345_j_popets-2017-0046_ref_018_w2aab3b7c11b1b6b1ab1ac18Aa","unstructured":"[18] X. Luo, P. Zhou, E. W. W. Chan, W. Lee, R. K. C. Chang, and R. Perdisci. HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, 6th February - 9th February 2011, 2011."},{"key":"2021040805164812345_j_popets-2017-0046_ref_019_w2aab3b7c11b1b6b1ab1ac19Aa","doi-asserted-by":"crossref","unstructured":"[19] A. Panchenko, F. Lanze, A. Zinnen, M. Henze, J. Pennekamp, K. Wehrle, and T. Engel. Website fingerprinting at internet scale. In Proceedings of the 23rd Internet Society (ISOC) Network and Distributed System Security Symposium (NDSS 2016), 2016.","DOI":"10.14722\/ndss.2016.23477"},{"key":"2021040805164812345_j_popets-2017-0046_ref_020_w2aab3b7c11b1b6b1ab1ac20Aa","doi-asserted-by":"crossref","unstructured":"[20] A. Panchenko, L. Niessen, A. Zinnen, and T. Engel. Website fingerprinting in onion routing based anonymization networks. In Proceedings of the 10th annual ACM workshop on Privacy in the electronic society, WPES 2011, Chicago, IL, USA, October 17, 2011, pages 103\u2013114, 2011.","DOI":"10.1145\/2046556.2046570"},{"key":"2021040805164812345_j_popets-2017-0046_ref_021_w2aab3b7c11b1b6b1ab1ac21Aa","unstructured":"[21] M. Perry. Experimental Defense for Website Traffic Fingerprinting. Tor project Blog. \u201chttps:\/\/blog.torproject.org\/blog\/experimental-defense-website-traffic-fingerprinting\u201d, 2011. (accessed: October 10, 2013)."},{"key":"2021040805164812345_j_popets-2017-0046_ref_022_w2aab3b7c11b1b6b1ab1ac22Aa","unstructured":"[22] T. Pulls. Adaptive padding early (APE). http:\/\/www.cs.kau.se\/pulls\/hot\/thebasketcase-ape\/, 2016."},{"key":"2021040805164812345_j_popets-2017-0046_ref_023_w2aab3b7c11b1b6b1ab1ac23Aa","doi-asserted-by":"crossref","unstructured":"[23] V. Shmatikov and M.-H. Wang. Timing analysis in low-latency mix networks: Attacks and defenses. In European Symposium on Research in Computer Security, pages 18\u201333. Springer, 2006.","DOI":"10.1007\/11863908_2"},{"key":"2021040805164812345_j_popets-2017-0046_ref_024_w2aab3b7c11b1b6b1ab1ac24Aa","doi-asserted-by":"crossref","unstructured":"[24] C. J. Stone. Consistent nonparametric regression. The annals of statistics, pages 595\u2013620, 1977.10.1214\/aos\/1176343886","DOI":"10.1214\/aos\/1176343886"},{"key":"2021040805164812345_j_popets-2017-0046_ref_025_w2aab3b7c11b1b6b1ab1ac25Aa","doi-asserted-by":"crossref","unstructured":"[25] K. Tumer and J. Ghosh. Estimating the Bayes error rate through classifier combining. In 13th International Conference on Pattern Recognition, ICPR 1996, Vienna, Austria, 25-19 August, 1996, pages 695\u2013699, 1996.","DOI":"10.1109\/ICPR.1996.546912"},{"key":"2021040805164812345_j_popets-2017-0046_ref_026_w2aab3b7c11b1b6b1ab1ac26Aa","unstructured":"[26] T. Wang, X. Cai, R. Nithyanand, R. Johnson, and I. Goldberg. Effective attacks and provable defenses for website fingerprinting. In Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, August 20-22, 2014., pages 143\u2013157, 2014."},{"key":"2021040805164812345_j_popets-2017-0046_ref_027_w2aab3b7c11b1b6b1ab1ac27Aa","doi-asserted-by":"crossref","unstructured":"[27] T. Wang and I. Goldberg. Improved website fingerprinting on tor. In Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pages 201\u2013212. ACM, 2013.","DOI":"10.1145\/2517840.2517851"},{"key":"2021040805164812345_j_popets-2017-0046_ref_028_w2aab3b7c11b1b6b1ab1ac28Aa","unstructured":"[28] T. Wang and I. Goldberg. Walkie-talkie: An effective and efficient defense against website fingerprinting. Technical report, University of Waterloo, 2015."},{"key":"2021040805164812345_j_popets-2017-0046_ref_029_w2aab3b7c11b1b6b1ab1ac29Aa","unstructured":"[29] C. V. Wright, L. Ballard, F. Monrose, and G. M. Masson. Language identification of encrypted voip traffic: Alejandra y roberto or alice and bob? In Proceedings of the 16th USENIX Security Symposium, Boston, MA, USA, August 6-10, 2007, 2007."},{"key":"2021040805164812345_j_popets-2017-0046_ref_030_w2aab3b7c11b1b6b1ab1ac30Aa","unstructured":"[30] C. V. Wright, S. E. Coull, and F. Monrose. Traffic morphing: An efficient defense against statistical traffic analysis. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, San Diego, California, USA, 8th February - 11th February 2009, 2009."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/content.sciendo.com\/view\/journals\/popets\/2017\/4\/article-p215.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.sciendo.com\/article\/10.1515\/popets-2017-0046","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:29:54Z","timestamp":1658334594000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2017\/popets-2017-0046.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,1]]},"references-count":30,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,10,10]]},"published-print":{"date-parts":[[2017,10,1]]}},"alternative-id":["10.1515\/popets-2017-0046"],"URL":"https:\/\/doi.org\/10.1515\/popets-2017-0046","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,10,1]]}}}