【Abstract】The act of website fingerprinting, which involves monitoring traffic features to infer private user information, has attracted much attention in the research community recently. While previous studies primarily focused on classifying fingerprint information using clean traffic data, it remains a challenging task to apply fingerprinting to noisy traffic data or evade defensive measures. This work aims to address the challenges associated with website fingerprinting attacks and defense strategies in the presence of noise. Specifically, we introduce two novel attack methods: filter-assisted attack and augmentation-assisted attack. The first attack method leverages packet size distribution to effectively filter out noise, while the second one trains a classification model by incorporating artificial noise. Compared with the traditional website fingerprinting attacks, these proposed attack methods demonstrate superior resilience to noise and exceptional evasion capabilities against defensive measures (e.g., random packet defense, Walkie-Talkie, WTF-PAD, etc.). In parallel, we propose a list-assisted defense strategy that strikes a balance between defense performance and network overhead. This defense mechanism offers effective protection against website fingerprinting attacks while minimizing the impact on network performance. In our experiments, we employ a comprehensive dataset encompassing TCP/IP traffic with packet size information collected from three prominent web browsers, as well as Tor cell traffic without packet size information obtained from a Tor browser. We thoroughly evaluate our proposed methods in both closed-world and open-world scenarios. Our experimental results shed valuable insights into the influence of noise and the efficacy of different attack and defense approaches on website fingerprinting.