Efficacy of Full-Packet Encryption in Mitigating Protocol Detection for Evasive Virtual Private Networks

TL;DR

This paper evaluates the effectiveness of full-packet encryption in evasive VPNs against machine learning-based detection, revealing that while resistant to some current censorship techniques, they remain vulnerable to packet-based identification.

Contribution

It demonstrates that full-packet encryption alone is insufficient for evading detection by advanced machine learning models, highlighting the need for additional obfuscation methods.

Findings

ACC protocol survives some ML models compared to random noise

ACC is detectable with minimal collateral damage using ML models

Evasive VPNs are vulnerable to packet-based protocol identification

Abstract

Full-packet encryption is a technique used by modern evasive Virtual Private Networks (VPNs) to avoid protocol-based flagging from censorship models by disguising their traffic as random noise on the network. Traditional methods for censoring full-packet-encryption based VPN protocols requires assuming a substantial amount of collateral damage, as other non-VPN network traffic that appears random will be blocked. I tested several machine learning-based classification models against the Aggressive Circumvention of Censorship (ACC) protocol, a fully-encrypted evasive VPN protocol which merges strategies from a wide variety of currently in-use evasive VPN protocols. My testing found that while ACC was able to survive our models when compared to random noise, it was easily detectable with minimal collateral damage using several different machine learning models when within a stream of regular network traffic. While resistant to the current techniques deployed by nation-state censors, the ACC protocol and other evasive protocols are potentially subject to packet-based protocol identification utilizing similar classification models.