With the advancement of deep learning, encrypted traffic classification (ETC) methods based on byte-level features have been widely adopted in various network scenarios. However, such techniques also pose a growing threat to user privacy. As a defense mechanism, adversarial packet generation offers a promising way to obfuscate traffic and protect communication security. Nevertheless, existing works often suffer from high perturbation generation costs, irrecoverability of original packets, and limited generalizability, making them unsuitable for real-world deployment. To address these issues, we propose PacketMorph, a recoverable adversarial packet generation method designed for the black-box setting. PacketMorph leverages the SHapley Additive exPlanations (SHAP) interpretability method to identify class-specific discriminative byte positions and constructs universal, class-level perturbation vectors accordingly. These perturbations are injected into the original packet payload via bitwise XOR operations, ensuring no disruption to packet structure or protocol compliance. To support end-to-end recoverability, PacketMorph synchronously updates protocol checksums and incorporates a perturbation removal mechanism, enabling accurate restoration of the original content on the receiver side. Extensive experiments on four real-world encrypted traffic datasets and four mainstream ETC methods demonstrate that PacketMorph achieves a defense success rate (DSR) exceeding 70%. Moreover, it introduces zero bandwidth overhead, highlighting its strong practicality and deployment potential.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PacketMorph: Generation of Recoverable Adversarial Packets Against Encrypted Traffic Classification via Class-Wise Universal Perturbation

  • Yuanyuan Xu,
  • Yuwei Xu,
  • Yunpeng Bai,
  • Jie Cao,
  • Kehui Song,
  • Guang Cheng

摘要

With the advancement of deep learning, encrypted traffic classification (ETC) methods based on byte-level features have been widely adopted in various network scenarios. However, such techniques also pose a growing threat to user privacy. As a defense mechanism, adversarial packet generation offers a promising way to obfuscate traffic and protect communication security. Nevertheless, existing works often suffer from high perturbation generation costs, irrecoverability of original packets, and limited generalizability, making them unsuitable for real-world deployment. To address these issues, we propose PacketMorph, a recoverable adversarial packet generation method designed for the black-box setting. PacketMorph leverages the SHapley Additive exPlanations (SHAP) interpretability method to identify class-specific discriminative byte positions and constructs universal, class-level perturbation vectors accordingly. These perturbations are injected into the original packet payload via bitwise XOR operations, ensuring no disruption to packet structure or protocol compliance. To support end-to-end recoverability, PacketMorph synchronously updates protocol checksums and incorporates a perturbation removal mechanism, enabling accurate restoration of the original content on the receiver side. Extensive experiments on four real-world encrypted traffic datasets and four mainstream ETC methods demonstrate that PacketMorph achieves a defense success rate (DSR) exceeding 70%. Moreover, it introduces zero bandwidth overhead, highlighting its strong practicality and deployment potential.