Maybenot: A Framework for Traffic Analysis Defenses

In light of the increasing ubiquity of end-to-end encryption and the use of technologies such as Tor and VPNs, analyzing communications metadata-traffic analysis-is a last resort for network adversaries. Traffic analysis attacks are more effective thanks to improvements in deep learning, raising the importance of deploying defenses. This paper introduces Maybenot, a framework for traffic analysis defenses. Maybenot is an evolution and generalization of the Tor Circuit Padding Framework by Perry and Kadianakis, designed to support a wide range of protocols and use cases. Defenses are probabilistic state machines that trigger padding and blocking actions based on events. A lightweight simulator enables rapid development and testing of defenses. In addition to describing the Maybenot framework, machines, and simulator, we implement and thoroughly evaluate the state-of-the-art website fingerprinting defenses FRONT and RegulaTor as Maybenot machines. Our evaluation identifies challenges associated with state machine-based frameworks as well as possible enhancements that will further improve Maybenot's support for effective defenses moving forward.