Nate Mathews - PhD Candidate in Cybersecurity and Machine Learning
I am a PhD candidate at the Rochester Institute of Technology, where I am advised by Dr. Matthew Wright. My research lies at the intersection of cybersecurity, privacy, and machine learning, with a focus on applying advanced AI techniques to network traffic analysis, website fingerprinting, and flow correlation attacks. My work explores both offensive and defensive strategies to address privacy vulnerabilities in modern anonymity networks like Tor.
In addition to website fingerprinting and traffic correlation, I have extensive experience in areas such as adversarial machine learning, intrusion detection, and data-driven privacy defenses. I have applied neural networks, including transformers and generative models, to problems like stepping-stone intrusion detection, voice command fingerprinting, and traffic analysis targetting the Tor anonymity network. By leveraging deep learning techniques, my research aims to improve both the effectiveness and robustness of traffic analysis tools in real-world scenarios.
🚀 Featured Projects
My most recent projects highlight cutting-edge work in website fingerprinting attacks and traffic correlation:
Note: Code Repositories are research-quality and may contain any number of bugs, and may exist at various stages of deprecation. Consider yourself warned!
| Featured Projects | Code Releases | |
|---|---|---|
| Lasebreak | Main Repo | |
| Defense SoK | Main Repo | |
| ESPRESSO | Main Repo | |
| SSID | Attack Simulator | Correlation Methods |
SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses
This project provides a comprehensive evaluation of recent website fingerprinting defenses using advanced deep learning-based attacks. It includes benchmark results and discussion for real-world deployability within the Tor framework. These results were published in ACM Conference on Security & Privacy (S&P) in 2023.
Laserbeak: Evolving Website Fingerprinting Attacks with Attention
Laserbeak is a cutting-edge website fingerprinting attack that uses transformer-based attention mechanisms and multi-channel feature representations, outperforming previous methods against defended traffic in the Tor network. This material has been accepted for publication in the IEEE Transactions for Information Forensics and Security (TIFS) in 2024.
ESPRESSO ☕: Enhanced Flow Correlation with Transformers
ESPRESSO is an improvement over DeepCoFFEA, leveraging transformer networks for more accurate and efficient traffic flow correlation attacks. This project demonstrates the application of modern neural networks to critical anonymity-breaking techniques in the Tor network. Preliminary results from this project were presented as poster at Asia-Pacific Workshop on Networking (APNET) in 2024.
Stepping-Stone Intrusion Detection (SSID) by Correlating Flows
The SSID project focuses on detecting pivoting attacks by analyzing stepping-stone intrusions. This project builds upon the previous DeepCoFFEA framework, extending its capabilities for a new class of network security challenges. Preliminary results from this project were presented as a poster at USENIX Security in 2024.
Overview of Additional Projects
The following is a review of materials (e.g., code) produced by myself and collaborators on the various traffic analysis problems we have examined.
🌐 Website Fingerprinting Projects
Users of privacy enhancing tools (PETs), such as VPNs and the Tor anonymity network, can be deanonimized using an attack known as Website Fingerprinting (WF). A WF attacks works by training a classification model to predict the website visited by the user.
| Project | Code Releases | ||
|---|---|---|---|
| DeepFingerprinting Attack | Original Release | Updated Version | |
| TripletFingerprinting Attack | Main Repo | ||
| TikTok Attack | Main Repo | WeFDE Information Leakage | WT Prototype Codes |
| GanDALF Attack | Main Repo | ||
| Mockingbird WF Defense | Mockingbird Release | Pluggable Transport | |
| YouTube Fingerprinting | Data Collection Tool |
🔗 Traffic Correlation Projects
The Tor anonymity network is additionally uniquely vulnerable to a powerful traffic analysis called end-to-end flow correlation attacks, which deanonymizes users by linking flows both entering and leaving the Tor network.
| Project | Code Releases |
|---|---|
| DeepCoFFEA (DCF) | GitHub Repository |
| DCF Data Collector | GitHub Repository |
| ESPRESSO | GitHub Repository |
🎙️ Voice Command Fingerprinting Projects
The information leaked by traffic meta-data can be impactful outside the PETs topic. In smart home environments, traffic meta-data can be used to identify command utilization using Voice Command Fingerprinting (VCF) attacks, which operate very similar to WF attacks.
| Project | Code Releases |
|---|---|
| SHAME Attack | GitHub Repository |
| WhisperVoiceTrace Attack | GitHub Repository |
| Data Collector | GitHub Repository |
Through my research and collaborations, I have contributed extensively to understanding and mitigating privacy threats in networked environments. My projects aim to provide actionable insights into real-world traffic analysis challenges, and my open-source repositories support ongoing research in the field.
Feel free to explore my GitHub profile for more projects, tools, and ongoing work in cybersecurity and machine learning.