2025-pereira-extended

Extended Abstract: Traffic Shaping for Network Protocols: A Modular and Developer-Friendly Framework

Hugo Santos Pereira, Afonso Vilalonga, Kevin Gallagher, Henrique Domingos · Free and Open Communications on the Internet · 2025

canonical link →

Tags

censors: generic
techniques: throttling

findings extracted from this paper

Censorship classifiers and traffic analysis attacks consistently exploit the initial seconds of a proxy connection, where packet-size, inter-arrival-time, and burst features are maximally discriminative. Cited work demonstrates that website fingerprinting classifiers trained solely on the first few seconds of Tor traffic achieve high accuracy, and real-world GFW detection of fully-encrypted protocols also targets early-connection bytes.

§1 detection traffic-shapewebsite-fingerprintml-classifierdpifully-encrypted-detect cngeneric
The framework confines active traffic shaping to the first N seconds of a connection (N is a user-defined parameter, e.g., N=10), after which normal unmodified traffic resumes. The authors hypothesize that this design keeps per-session throughput and latency overhead negligible, since the shaping window is a small fraction of total connection time; N can be extended to the full session if the censor is believed capable of classifying beyond early traffic.

§2.3, §3 defense traffic-shape generic
The framework's GAN-based schedule generator trains on short session windows (e.g., the first 10 seconds) of real browsing traffic from the Tranco Top 1000 sites, learning joint distributions of packet sizes, inter-arrival times, and burst patterns to produce realistic synthetic schedules. This repurposes GAN architectures previously used for traffic analysis (e.g., GANDaLF) as a defense-side cover-traffic generator.

§2.2 defense traffic-shapewebsite-fingerprintml-classifier generic
The proposed framework operates as a transparent shim between application and network layers, enforcing a configurable schedule over packet size, timing, and burst patterns. The shaping logic is transport-agnostic — applicable across TCP, UDP, QUIC, and TLS — and activates only after the underlying protocol handshake completes, making it reusable across heterogeneous circumvention stacks.

§2.1 defense traffic-shapedpi generic
The framework is designed for adoption into existing censorship-resistant systems in the same manner as uTLS — as a drop-in Go library requiring minimal code changes. Primary integration targets are Tor pluggable transports and WireGuard-based VPNs that currently lack built-in traffic obfuscation. Predefined hand-crafted schedules are provided alongside GAN-generated ones to enable developer stress-testing without model inference.

§2.3 defense dpitraffic-shape generic