Tor is a widely used low-latency anonymous communication network that can hide the IP addresses and communication content of both parties when users conduct network activities.However,attackers who use website fingerprinting attacks can deduce the real destination website that the user visits by eavesdropping on the encrypted network traffic between the Tor user and the web server,endangering the privacy of the user.Classical website fingerprinting defense models do not perform well against the latest website fingerprinting attack models;efficient website fingerprinting models are either based on unreasonable assumptions or incur high overhead.This paper conducts research on the above problems.First,a website fingerprinting defense model MSP based on multisample padding is proposed.This model uses WGAN to generate traffic sequences,and guides the data packet filling of real traffic according to multiple traffic sequence characteristics,so as to realize website fingerprint defense.In addition,this paper also proposes a website fingerprint defense model MSP++,and explores the feasibility of disguising the loading status of web pages to resist website fingerprint attacks on the basis of MSP.The experimental results show that MSP can reduce the accuracy of the attack model by 71%,which reduces the delay overhead by 27%compared with the latest defense model;while MSP++can reduce the accuracy of the attack model by 90%,compared with the latest defense model.A strong defense model reduces the latency overhead by 78%.Second,in order to protect the privacy of Tor users and avoid unnecessary bandwidth and delay overhead,an MSP-based website fingerprint defense system WFDS is designed and implemented.WFDS has designed five functional modules with MSP as the core,namely traffic processing module,traffic collection module,performance estimation module,status synchronization module and visualization module,and divides the system into client and server according to the topology of Tor.Placed at the client and the bridge respectively,when the user sends traffic,the traffic between the client and the entry node is processed according to the parameter configuration to resist website fingerprinting attacks. |