Website fingerprinting (WF) attack stands opposite against privacy protection in using the Internet, even when the content details are encrypted, such as Tor networks. Whilst existing difficulty in the preparation of many training samples, we study a more realistic problem — few-shot website fingerprinting attack where only a few training samples per website are available. We introduce a novel Transfer Learning Fingerprinting Attack (TLFA) that can transfer knowledge from the labeled training data of websites disjoint and independent to the target websites. Specifically, TLFA trains a stronger embedding model with the training data collected from non-target websites, which is then leveraged in a task-agnostic manner with a task-specific classifier model fine-tuned on a small set of labeled training data from target websites. We conduct expensive experiments to validate the superiority of our TLFA over the state-of-the-art methods in both closed-world and open-world attacking scenarios, at the absence and presence of strong defense.

网站指纹 (WF) 攻击与使用 Internet 时的隐私保护背道而驰，即使内容详细信息已加密，例如 Tor 网络。虽然在准备许多训练样本方面存在困难，但我们研究了一个更现实的问题——少样本网站指纹攻击，其中每个网站只有几个训练样本可用。我们介绍了一种新颖的迁移学习指纹攻击(TLFA) 可以将知识从不相交且独立的网站的标记训练数据转移到目标网站。具体来说，TLFA 使用从非目标网站收集的训练数据训练更强的嵌入模型，然后以与任务无关的方式利用特定任务的分类器模型对来自目标网站的一小组标记训练数据进行微调. 我们进行了昂贵的实验，以验证我们的 TLFA 在封闭世界和开放世界攻击场景中相对于最先进方法的优越性，在缺乏和存在强大防御的情况下。