DeTorrent: An Adversarial Padding-only Traffic Analysis Defense

An attacker who generates 10 defended copies of each training trace (re-sampling noise each time) improves Tik-Tok accuracy against DeTorrent from 31.9% to 48.2%, demonstrating that dataset augmentation with multiple defended samples is a practical countermeasure against randomized padding defenses including DeTorrent and FRONT.

§6.4 detection website-fingerprintml-classifier generic

Against the state-of-the-art DeepCoFFEA flow-correlation attacker, FC-DeTorrent reduces the true positive rate at a 10^-5 false positive rate to approximately 0.12 — less than half that of the next-best defense Decaf (TPR ≈ 0.29) — while using 97.3% bandwidth overhead, without delaying any real traffic packets.

§4.2, §6, Table 5 evaluation flow-correlationml-classifier generic

DeTorrent exhibits strong diminishing returns in the bandwidth-performance tradeoff: increasing the dummy-download budget from N=1,000 to N=3,000 reduces Tik-Tok accuracy by ~19.1 percentage points, while a further increase from N=5,000 to N=7,000 yields only an additional 4.9-point reduction (accuracy floor near 20.8% at ~210% overhead). At the lowest tested budget (~40% overhead) Tik-Tok accuracy is still only 52.8%.

§6.2, Figure 6 evaluation website-fingerprinttraffic-shape generic

DeTorrent is implemented as a Tor pluggable transport on top of the WFPadTools/Obfsproxy framework and deployed against live Tor traffic; a modest VPS with 4 GB RAM and 2 vCPUs running at under 50% CPU utilization can defend five simultaneous connections in real time with no GPU required. Performance drops only 0.7% when the generator is trained on one dataset partition and tested on another.

§5.4 deployment website-fingerprinttraffic-shape generic

DeTorrent reduces closed-world Tik-Tok attack accuracy from 93.4% to 31.9% on the BE dataset — 10.5 percentage points better than the next-best padding-only defense (FRONT at 42.4%) — and reduces Deep Fingerprinting accuracy from 94.3% to 30.0%, at a bandwidth overhead of 98.9%. On the larger DF dataset, Tik-Tok accuracy falls from 97.7% to 79.5%.

§6.1, Table 4 evaluation website-fingerprintml-classifier generic