RegulaTor: A Straightforward Website Fingerprinting Defense. (arXiv:2012.06609v2 [cs.CR] UPDATED)

Website Fingerprinting (WF) attacks are used by local passive attackers to
determine the destination of encrypted internet traffic by comparing the
sequences of packets sent to and received by the user to a previously recorded
data set. As a result, WF attacks are of particular concern to
privacy-enhancing technologies such as Tor. In response, a variety of WF
defenses have been developed, though they tend to incur high bandwidth and
latency overhead or require additional infrastructure, thus making them
difficult to implement in practice. Some lighter-weight defenses have been
presented as well; still, they attain only moderate effectiveness against
recently published WF attacks. In this paper, we aim to present a realistic and
novel defense, RegulaTor, which takes advantage of common patterns in web
browsing traffic to reduce both defense overhead and the accuracy of current WF
attacks. In the closed-world setting, RegulaTor reduces the accuracy of the
state-of-the-art attack, Tik-Tok, against comparable defenses from 66% to
25.4%. To achieve this performance, it requires limited added latency and a
bandwidth overhead 39.1% less than the leading moderate-overhead defense. In
the open-world setting, RegulaTor limits a precision-tuned Tik-Tok attack to an
F-score of .135, compared to .625 for the best comparable defense.