2023-brown-augmenting

Augmenting Rule-based DNS Censorship Detection at Scale with Machine Learning

Jacob Brown, Xi Jiang, Van Tran, Arjun Nitin Bhagoji, Nguyen Phong Hoang, Nick Feamster, Prateek Mittal, Vinod Yegneswaran · Knowledge Discovery And Data Mining · 2023

canonical link →

Tags

censors: generic
techniques: dns-poisoning ml-classifier

findings extracted from this paper

DNS censorship complexity varies sharply by country: Iran injects static forged IPs exclusively from 10.0.0.0/8 and Turkmenistan uses only 127.0.0.1, making detection trivial, while China's constant fake-IP churn across ASes demands dynamic ML approaches; models trained without country-specific ASN features still perform well, enabling transfer to countries where GFWatch-equivalent infrastructure does not exist.

§5 detection dns-poisoningml-classifier cnirtm
By mapping ML-predicted censored probes back to their DNS response IPs, the authors discovered 748 forged IP addresses used by China's GFW as DNS blocking signatures that OONI's heuristics missed; supervised and unsupervised models also identified several ISP-specific injected IPs absent from even GFWatch's comprehensive signature list, demonstrating that static signature lists substantially undercount active GFW DNS censorship.

§4.2, Table 4 evaluation dns-poisoningml-classifiermeasurement-platform cn
OONI and Satellite (Censored Planet) agree on roughly 75% of tested Chinese domains as uncensored, but DNS anomaly agreement is poor: each platform flags fewer than 0.5% of domains as anomalous in any given biweekly window, and the two platforms frequently disagree on which domains are censored because China's GFW uses dynamic fake-IP injection that defeats static rule-based heuristics.

§2.2, Figure 1 evaluation dns-poisoningmeasurement-platform cn
XGBoost supervised models trained on DNS probe features achieve TPRs of 100% (Satellite) and 99.8% (OONI) at FPRs of 0.0% and 0.2% respectively when using platform-native anomaly labels; cross-source training with GFWatch labels applied to the same records yields 99.4% TPR for Satellite and 86.7% TPR for OONI, with SHAP analysis confirming that ASN and organization name of the returned DNS response IPs are the dominant predictive signal.

§4.1, Table 2 evaluation dns-poisoningml-classifiermeasurement-platform cn
Unsupervised one-class SVM models trained only on clean (uncensored) records detect GFW DNS censorship with 99.1% TPR at 17.4% FPR on Satellite data; over half of apparent false negatives are truly uncensored probes where the GFW transiently failed to inject a forged response, confirming that GFW DNS injection is not perfectly consistent at the individual probe level.

§4.1, Table 3 evaluation dns-poisoningml-classifier cn