Adversarial ML Pluggable Transport

Summary

Maintaining the privacy of sensitive user data is critical with more data being sent of the internet now than ever. With this in mind, we created a pluggable transport for The Onion Router (Tor), using adversarial machine learning, to improve the security of Tor user anonymity. We created a convolutional neural network (CNN) using Keras and TensorFlow to differentiate between Tor and non-Tor traffic flows to attack analogous invasive black box systems. Using our CNN, we applied the fast gradient sign method (FGSM) found in the Cleverhans library to find the tensor to add to each packet to have the greatest shift in the classifier output.

Accomplishments that we're proud of

Although we did not implement a demonstrable pluggable transport, we were able to make substantial progress on our neural net model architecture and software to parse packet data. We learned much about software commonly used for traffic analysis.

Challenges we ran into

Extracting payload from packets
Obtaining packet data for training in a timely manner

What we learned

Enhancing our understanding of neural networks and implementation with Keras - TensorFlow
Packet analysis

What's next for our project

Run model training and create weights file
Write script to generate adversarial examples
Write script to encode/send packet data and recover packet data with Tor Python interface (Stem)
Test before/after true positive and false positive rate

Once we obtain results, we seek to improve our model architecture, create larger and more representative datasets to train on, and use a more sophisticated attack than FGS would also be avenues for future work. We hope to eventually pursue the application of adversarial ML to the integrity of Tor in academic research in the future.