[anti-censorship-team] Paper identifying snowflake traffic
David Fifield
david at bamsoftware.com
Mon Jan 9 19:45:50 UTC 2023
On Sat, Jan 07, 2023 at 10:13:25AM -0500, Kevin Bock wrote:
> My apologies if everyone is already aware of this: I wanted to share a new
> paper I came across this morning out of China this past week that suggests
> low-cost identification methods for snowflake traffic. One of their detection
> mechanisms is by identifying the STUN DNS lookups, so I thought it was relevant
> to this discussion, but they also propose using other features of the DTLS
> handshake for identification.
Thanks, I was not aware of this.
> I'm a little surprised this was published, but better to know now than have to
> reverse engineer later I suppose.
It's not so unusual—there's more of this kind of thing in the open
literature than one might expect. The corresponding author Cheng Guang
(程光) of Southeast University is also one of the inventors on a patent
for V2Ray identification using entropy features:
https://patents.google.com/patent/CN113301041
His publication history has a lot of research in this line:
https://dblp.org/pid/99/4812-1.html
And he has regular old IEEE, ACM, and other profiles:
https://ieeexplore.ieee.org/author/37653483600
https://dl.acm.org/profile/81423595524
https://kns.cnki.net/kcms/detail/knetsearch.aspx?sfield=au&code=000042021274
More information about the anti-censorship-team
mailing list