Cease at the Ultimate Goodness: Towards Efficient Website Fingerprinting Defense via Iterative Mutual Information Minimization
Rong Wang
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Malware & RE
Rong Wang presents **Frugal**, the first website fingerprinting defense framework that uses **mutual information minimization** as an explicit optimization objective rather than focusing on deceiving specific attack classifiers. Website fingerprinting attacks on Tor can achieve over **98% accuracy** using deep learning models that exploit traffic patterns. Existing defenses either inject massive amounts of dummy traffic (feature suppression, like FRONT, with high bandwidth overhead) or morph traffic to deceive specific classifiers (fusion-based, like Mockingbird, which fails against unknown or retrained attackers). Frugal takes a **data-centric approach**: instead of deceiving classifiers, it fundamentally eliminates identifiable patterns from the traffic itself. Using a reinforcement learning loop with a mutual information estimator as the reward function, Frugal achieves the **lowest attack success rate (ASR)** at any given bandwidth overhead compared to all prior methods, maintains robustness against adversarial retraining, and supports real-time online deployment.
AI review
A principled WF defense that replaces classifier evasion with mutual information minimization as the optimization objective. The DFE technique providing robustness against adversarial retraining addresses the main weakness of morphing-based defenses. The injection pattern matrix enabling real-time deployment without live ML inference is a practical engineering contribution. Clean work that advances the defensive side of the WF arms race.