Cited By
View all- Amich AEshete BYegneswaran VHoang NCalandrino JTroncoso C(2023)DeResistorProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620384(2617-2633)Online publication date: 9-Aug-2023
Adversarial Detection of Censorship Measurements
November 2022
Pages 139 - 143
Abstract
The arms race between Internet freedom technologists and censoring regimes has catalyzed the deployment of more sophisticated censoring techniques and directed significant research emphasis toward the development of automated tools for censorship measurement and evasion. We highlight Geneva as one of the recent advances in this area. By training a genetic algorithm such as Geneva inside a censored region, we can automatically find novel packet-manipulation-based censorship evasion strategies. In this paper, we explore the resilience of Geneva in the face of censors that actively detect and react to Geneva's measurements. Specifically, we develop machine learning (ML)-based classifiers and leverage a popular hypothesis-testing algorithm that can be deployed at the censor to detect Geneva clients within two to seven flows, i.e., far before Geneva finds any working evasion strategy. We further use public packet-capture traces to show that Geneva flows can be easily distinguished from normal flows and other malicious flows (e.g., network forensics, malware). Finally, we discuss some potential research directions to mitigate Geneva's detection.
References
[1]
X. Xu, Z. M. Mao, and J. A. Halderman, "Internet censorship in china: Where does the filtering occur?" in PAM, 2011.
[2]
Z. Nabi, "The anatomy of web censorship in pakistan," in 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI 13). Washington, D.C.: USENIX Association, Aug. 2013. [Online]. Available: https://www.usenix.org/conference/foci13/workshop-program/presentation/nabi
[3]
T. K. Yadav, A. Sinha, D. Gosain, P. K. Sharma, and S. Chakravarty, "Where the light gets in: Analyzing web censorship mechanisms in india," in Proceedings of the Internet Measurement Conference 2018, ser. IMC '18. New York, NY, USA: Association for Computing Machinery, 2018, p. 252--264. [Online]. Available: https://doi.org/10.1145/3278532.3278555
[4]
S. Khattak, M. Javed, P. D. Anderson, and V. Paxson, "Towards illuminating a censorship monitor's model to facilitate evasion," in 3rd USENIX Workshop on Free and Open Communications on the Internet (FOCI 13). Washington, D.C.: USENIX Association, Aug. 2013. [Online]. Available: https://www.usenix.org/conference/foci13/workshop-program/presentation/khattak
[5]
F. Li, A. Razaghpanah, A. M. Kakhki, A. A. Niaki, D. Choffnes, P. Gill, and A. Mislove, "Liberate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently," in Proceedings of the 2017 Internet Measurement Conference, ser. IMC '17. New York, NY, USA: Association for Computing Machinery, 2017, p. 128--141. [Online]. Available: https: //doi.org/10.1145/3131365.3131376
[6]
Z. Wang, Y. Cao, Z. Qian, C. Song, and S. V. Krishnamurthy, "Your state is not mine: A closer look at evading stateful internet censorship," in Proceedings of the 2017 Internet Measurement Conference, ser. IMC '17. New York, NY, USA: Association for Computing Machinery, 2017, p. 114--127. [Online]. Available: https://doi.org/10.1145/3131365.3131374
[7]
"Signal. 2017. egypt keeps trying to block signal, inadvertently blocking all of google, and having to stop as a result. we'll also expand domain fronts." 2017.
[8]
. Available: https://twitter.com/signalapp/status/817062093094604800
[9]
"Moxie marlinspike. 2017. doodles, stickers, and censorship circumvention for signal android." 2017. [Online]. Available: https://signal.org/blog/doodlesstickers- censorship/
[10]
K. Bock, G. Hughey, X. Qiang, and D. Levin, "Geneva: Evolving Censorship Evasion," 2019.
[11]
J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, "Fast portscan detection using sequential hypothesis testing," in IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, 2004, pp. 211--225.
[12]
P. Winter and S. Lindskog, "How the Great Firewall of China is blocking Tor," in Free and Open Communications on the Internet. USENIX, 2012.
Index Terms
- Adversarial Detection of Censorship Measurements
Recommendations
Malware Detection in Adversarial Settings: Exploiting Feature Evolutions and Confusions in Android Apps
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceExisting techniques on adversarial malware generation employ feature mutations based on feature vectors extracted from malware. However, most (if not all) of these techniques suffer from a common limitation: feasibility of these attacks is unknown. The ...
Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Malware still constitutes a major threat in the cybersecurity landscape, also due to the widespread use of infection vectors such as documents. These infection vectors hide embedded malicious code to the victim users, facilitating the use of social ...
Comments
Information & Contributors
Information
Published In
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Short-paper
Funding Sources
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 106 of 355 submissions, 30%
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 130Total Downloads
- Downloads (Last 12 months)55
- Downloads (Last 6 weeks)7
Other Metrics
Citations
Cited By
View all- Amich AEshete BYegneswaran VHoang NCalandrino JTroncoso C(2023)DeResistorProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620384(2617-2633)Online publication date: 9-Aug-2023
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in