Abstract

Website fingerprinting attacks on Tor pose an security issue in anonymity privacy, in which attackers can identify websites visited by victims through passively capturing and analyzing encrypted packet traces. Although related works have been studied over a long period, most of them focus on single-tab packet traces which only contain one page tab’s data. However, users often open multiple page tabs successively when browsing the web, and multi-tab packet traces generated will corrupt common single-tab attacks. Existing multi-tab attacks still depend on an elaborate feature engineering, besides, they fail to exploit the overlapping area which contains the mixed data of two adjacent page tabs, thus suffering from the information lost or confusion. In this paper, we propose a Block Attention Profiling Model named BAPM as a new multi-tab attacking model. Specifically, BAPM fully utilizes the whole multi-tab packet trace including the overlapping area to avoid information lost. It generates a tab-aware representation from direction sequences and performs the block division to separate mixed page tabs as clearly as possible, thus relieving the information confusion. Then the attention-based profiling is used to group blocks belonging to the same page tab and finally multiple websites are simultaneously identified under a global view. We compare BAPM with state of the art multi-tab attacks, and BAPM outperforms comparison methods even with larger overlapping area. The effectiveness of model design is also validated through ablation, sensitivity and generalization analysis.