Adversarially Enhanced Traffic Obfuscation

Abstract

As the Internet becomes increasingly crucial to distributing information, Internet censorship has become more pervasive and advanced. A common way to circumvent Internet censorship is Tor, a network that provides anonymity by routing traffic through various servers around the world before it reaches its destination. However, adversaries are capable of identifying and censoring access to Tor due to identifying features in its traffic. Meek, a traffic obfuscation method, protects Tor users from censorship by hiding Tor traffic inside an HTTPS connection to a permitted host. This approach provides a defense against censors using basic deep packet inspection (DPI), but machine learning attacks using side-channel information against Meek pose a significant threat to its ability to obfuscate traffic. In this thesis, we develop a method to 1. efficiently gather reproducible packet captures from both normal HTTPS and Meek traffic, 2. aggregate statistical signatures from these packet captures, and 3. train a generative adversarial network (GAN) to minimally modify statistical signatures in a way that hinders classification. Our GAN successfully decreases the efficacy of trained classifiers, increasing their mean false positive rate (FPR) from 0.183 to 0.834 and decreasing their mean area under the precision-recall curve (PR-AUC) from 0.990 to 0.414.