TY - GEN
T1 - Swallow
T2 - 32nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2025
AU - Shen, Meng
AU - Wu, Jinhe
AU - Ai, Junyu
AU - Li, Qi
AU - Ren, Chenchen
AU - Xu, Ke
AU - Zhu, Liehuang
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/11/22
Y1 - 2025/11/22
N2 - Website fingerprinting (WF) attacks on Tor networks can analyze traffic patterns to identify the websites Tor users are visiting, and thus pose a significant threat to user privacy. In a real-world environment, Tor users face diverse network conditions and can also employ WF defenses, raising new challenges to launch WF attacks. The state-of-the-art (SOTA) WF attacks either rely on a strong assumption that WF classifiers are trained and deployed under the same network condition, or suffer from significant performance degradation against WF defenses. In this paper, we propose Swallow, a transfer-robust WF attack that can quickly transfer to new network conditions while maintaining robustness against various WF defenses. Specifically, we propose a novel trace representation named Consistent Interaction Feature (CIF), which aligns traffic distributions across different network conditions to capture consistent features. Then we design three data augmentation algorithms to simulate potential variations under various network conditions. We extensively evaluate Swallow using ten datasets, including both self-collected and public datasets. The closed- and open-world evaluation results demonstrate that Swallow significantly outperforms the SOTA attacks. In particular, with only 5 labeled instances per website for model fine-tuning, Swallow achieves an average improvement in accuracy of 17.50% over the SOTA WF attacks.
AB - Website fingerprinting (WF) attacks on Tor networks can analyze traffic patterns to identify the websites Tor users are visiting, and thus pose a significant threat to user privacy. In a real-world environment, Tor users face diverse network conditions and can also employ WF defenses, raising new challenges to launch WF attacks. The state-of-the-art (SOTA) WF attacks either rely on a strong assumption that WF classifiers are trained and deployed under the same network condition, or suffer from significant performance degradation against WF defenses. In this paper, we propose Swallow, a transfer-robust WF attack that can quickly transfer to new network conditions while maintaining robustness against various WF defenses. Specifically, we propose a novel trace representation named Consistent Interaction Feature (CIF), which aligns traffic distributions across different network conditions to capture consistent features. Then we design three data augmentation algorithms to simulate potential variations under various network conditions. We extensively evaluate Swallow using ten datasets, including both self-collected and public datasets. The closed- and open-world evaluation results demonstrate that Swallow significantly outperforms the SOTA attacks. In particular, with only 5 labeled instances per website for model fine-tuning, Swallow achieves an average improvement in accuracy of 17.50% over the SOTA WF attacks.
KW - data augmentation
KW - privacy
KW - Tor
KW - website fingerprinting
UR - https://www.scopus.com/pages/publications/105023888604
U2 - 10.1145/3719027.3744795
DO - 10.1145/3719027.3744795
M3 - Conference contribution
AN - SCOPUS:105023888604
T3 - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
SP - 1574
EP - 1588
BT - CCS 2025 - Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
Y2 - 13 October 2025 through 17 October 2025
ER -