Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation

Yitan Huang; Wei Qiao; Ding Wang; Meng Shen; Di Zhao; Linxu Li; Susu Cui; Bo Jiang; Zhigang Lu; Baoxu Liu

doi:10.1145/3774904.3792410

Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation

Yitan Huang^*
, Wei Qiao
, Ding Wang
, Meng Shen
, Di Zhao
, Linxu Li
, Susu Cui^*
, Bo Jiang
, Zhigang Lu
, Baoxu Liu

^*Corresponding author for this work

CAS - Institute of Information Engineering
Beijing Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

While Tor's strong anonymity shields users' privacy, it also enables malicious activities, motivating attacks that bypass its protections. Website Fingerprinting (WF) has emerged as a primary threat in this domain. However, existing WF methods struggle with realistic multi-tab browsing scenarios, often relying on prior knowledge of the number of open tabs and lacking robustness against network noise and defenses. To address these challenges, we propose Forge, a robust WF attack framework inspired by the classic cocktail party problem. Specifically, Forge reframes multi-tab WF as a task of Blind Source Separation(BSS), decomposing mixed traffic into individual signals without requiring a predefined number of concurrent tabs. A robust website identifier then classifies separated components using a dual-domain attention mechanism across time and frequency, allowing Forge to effectively resist WF defenses and network noise. We evaluate our model on a comprehensive collection of datasets covering open-world, defense-enabled, and dynamic scenarios. The results demonstrate that Forge can improve Mean Average Precision by 78.6% over the state-of-the-art average in the challenging multi-tab open-world scenario.

Original language	English
Title of host publication	WWW 2026 - Proceedings of the ACM Web Conference 2026
Publisher	Association for Computing Machinery, Inc
Pages	3018-3029
Number of pages	12
ISBN (Electronic)	9798400723070
DOIs	https://doi.org/10.1145/3774904.3792410
Publication status	Published - 12 Apr 2026
Externally published	Yes
Event	35th ACM Web Conference, WWW 2026 - Dubai, United Arab Emirates Duration: 29 Jun 2026 → 3 Jul 2026

Publication series

Name	WWW 2026 - Proceedings of the ACM Web Conference 2026

Conference

Conference	35th ACM Web Conference, WWW 2026
Country/Territory	United Arab Emirates
City	Dubai
Period	29/06/26 → 3/07/26

Keywords

multi-tab attack
privacy
tor
website fingerprinting

Access to Document

10.1145/3774904.3792410

Cite this

Huang, Y., Qiao, W., Wang, D., Shen, M., Zhao, D., Li, L., Cui, S., Jiang, B., Lu, Z., & Liu, B. (2026). Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation. In WWW 2026 - Proceedings of the ACM Web Conference 2026 (pp. 3018-3029). (WWW 2026 - Proceedings of the ACM Web Conference 2026). Association for Computing Machinery, Inc. https://doi.org/10.1145/3774904.3792410

@inproceedings{9c51866a2ac54581a405d474eb03308e,

title = "Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation",

abstract = "While Tor's strong anonymity shields users' privacy, it also enables malicious activities, motivating attacks that bypass its protections. Website Fingerprinting (WF) has emerged as a primary threat in this domain. However, existing WF methods struggle with realistic multi-tab browsing scenarios, often relying on prior knowledge of the number of open tabs and lacking robustness against network noise and defenses. To address these challenges, we propose Forge, a robust WF attack framework inspired by the classic cocktail party problem. Specifically, Forge reframes multi-tab WF as a task of Blind Source Separation(BSS), decomposing mixed traffic into individual signals without requiring a predefined number of concurrent tabs. A robust website identifier then classifies separated components using a dual-domain attention mechanism across time and frequency, allowing Forge to effectively resist WF defenses and network noise. We evaluate our model on a comprehensive collection of datasets covering open-world, defense-enabled, and dynamic scenarios. The results demonstrate that Forge can improve Mean Average Precision by 78.6\% over the state-of-the-art average in the challenging multi-tab open-world scenario.",

keywords = "multi-tab attack, privacy, tor, website fingerprinting",

author = "Yitan Huang and Wei Qiao and Ding Wang and Meng Shen and Di Zhao and Linxu Li and Susu Cui and Bo Jiang and Zhigang Lu and Baoxu Liu",

note = "Publisher Copyright: {\textcopyright} 2026 Owner/Author.; 35th ACM Web Conference, WWW 2026 ; Conference date: 29-06-2026 Through 03-07-2026",

year = "2026",

month = apr,

day = "12",

doi = "10.1145/3774904.3792410",

language = "English",

series = "WWW 2026 - Proceedings of the ACM Web Conference 2026",

publisher = "Association for Computing Machinery, Inc",

pages = "3018--3029",

booktitle = "WWW 2026 - Proceedings of the ACM Web Conference 2026",

}

Huang, Y, Qiao, W, Wang, D, Shen, M, Zhao, D, Li, L, Cui, S, Jiang, B, Lu, Z & Liu, B 2026, Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation. in WWW 2026 - Proceedings of the ACM Web Conference 2026. WWW 2026 - Proceedings of the ACM Web Conference 2026, Association for Computing Machinery, Inc, pp. 3018-3029, 35th ACM Web Conference, WWW 2026, Dubai, United Arab Emirates, 29/06/26. https://doi.org/10.1145/3774904.3792410

Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation. / Huang, Yitan; Qiao, Wei; Wang, Ding et al.
WWW 2026 - Proceedings of the ACM Web Conference 2026. Association for Computing Machinery, Inc, 2026. p. 3018-3029 (WWW 2026 - Proceedings of the ACM Web Conference 2026).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Forge

T2 - 35th ACM Web Conference, WWW 2026

AU - Huang, Yitan

AU - Qiao, Wei

AU - Wang, Ding

AU - Shen, Meng

AU - Zhao, Di

AU - Li, Linxu

AU - Cui, Susu

AU - Jiang, Bo

AU - Lu, Zhigang

AU - Liu, Baoxu

PY - 2026/4/12

Y1 - 2026/4/12

N2 - While Tor's strong anonymity shields users' privacy, it also enables malicious activities, motivating attacks that bypass its protections. Website Fingerprinting (WF) has emerged as a primary threat in this domain. However, existing WF methods struggle with realistic multi-tab browsing scenarios, often relying on prior knowledge of the number of open tabs and lacking robustness against network noise and defenses. To address these challenges, we propose Forge, a robust WF attack framework inspired by the classic cocktail party problem. Specifically, Forge reframes multi-tab WF as a task of Blind Source Separation(BSS), decomposing mixed traffic into individual signals without requiring a predefined number of concurrent tabs. A robust website identifier then classifies separated components using a dual-domain attention mechanism across time and frequency, allowing Forge to effectively resist WF defenses and network noise. We evaluate our model on a comprehensive collection of datasets covering open-world, defense-enabled, and dynamic scenarios. The results demonstrate that Forge can improve Mean Average Precision by 78.6% over the state-of-the-art average in the challenging multi-tab open-world scenario.

AB - While Tor's strong anonymity shields users' privacy, it also enables malicious activities, motivating attacks that bypass its protections. Website Fingerprinting (WF) has emerged as a primary threat in this domain. However, existing WF methods struggle with realistic multi-tab browsing scenarios, often relying on prior knowledge of the number of open tabs and lacking robustness against network noise and defenses. To address these challenges, we propose Forge, a robust WF attack framework inspired by the classic cocktail party problem. Specifically, Forge reframes multi-tab WF as a task of Blind Source Separation(BSS), decomposing mixed traffic into individual signals without requiring a predefined number of concurrent tabs. A robust website identifier then classifies separated components using a dual-domain attention mechanism across time and frequency, allowing Forge to effectively resist WF defenses and network noise. We evaluate our model on a comprehensive collection of datasets covering open-world, defense-enabled, and dynamic scenarios. The results demonstrate that Forge can improve Mean Average Precision by 78.6% over the state-of-the-art average in the challenging multi-tab open-world scenario.

KW - multi-tab attack

KW - privacy

KW - tor

KW - website fingerprinting

UR - https://www.scopus.com/pages/publications/105038596977

U2 - 10.1145/3774904.3792410

DO - 10.1145/3774904.3792410

M3 - Conference contribution

AN - SCOPUS:105038596977

T3 - WWW 2026 - Proceedings of the ACM Web Conference 2026

SP - 3018

EP - 3029

BT - WWW 2026 - Proceedings of the ACM Web Conference 2026

PB - Association for Computing Machinery, Inc

Y2 - 29 June 2026 through 3 July 2026

ER -

Forge: A Robust Multi-tab Website Fingerprinting Attack via Blind Source Separation

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this