Covertness Analysis of Snowflake Proxy Request

IF 2 3区计算机科学 Q3 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS Computer Supported Cooperative Work-The Journal of Collaborative Computing Pub Date : 2023-05-24 DOI:10.1109/CSCWD57460.2023.10152736

Yibo Xie, Gaopeng Gou, G. Xiong, Zhuguo Li, Mingxin Cui

{"title":"Covertness Analysis of Snowflake Proxy Request","authors":"Yibo Xie, Gaopeng Gou, G. Xiong, Zhuguo Li, Mingxin Cui","doi":"10.1109/CSCWD57460.2023.10152736","DOIUrl":null,"url":null,"abstract":"Snowflake is a special proxy system against IP-based network blocking. As its IP addresses refresh frequently, faster than IP blacklist’s update, users can exploit it to access blocked websites. To block snowflake, existing methods focus on detecting snowflake proxies. But they are susceptible to various factors, for example, proxy’s location and version. In the paper, we propose a new manner to block snowflake. We observe that to adapt fast IP changes, users need to request latest proxies from proxy database before using snowflake. Thus, adversaries can block snowflake by detecting proxy request instead of proxy itself. To verify our method, we analyse covertness of snowflake proxy requests, that has been protected by imitating normal web requests. After comparing with typical web requests, we find the imitation is vulnerable in packet size, direction, time and network speed, such as, the latency time is higher than normal obviously. Using the four vulnerabilities, we train machine learning algorithm to detect snowflake proxy requests in reality. Experimental results demonstrate that proxy request can be detected accurately across different versions at the beginning of connection. In conclusion, our work paves a new way to block snowflake.","PeriodicalId":51008,"journal":{"name":"Computer Supported Cooperative Work-The Journal of Collaborative Computing","volume":"21 1","pages":"1802-1807"},"PeriodicalIF":2.0000,"publicationDate":"2023-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Supported Cooperative Work-The Journal of Collaborative Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/CSCWD57460.2023.10152736","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Snowflake is a special proxy system against IP-based network blocking. As its IP addresses refresh frequently, faster than IP blacklist’s update, users can exploit it to access blocked websites. To block snowflake, existing methods focus on detecting snowflake proxies. But they are susceptible to various factors, for example, proxy’s location and version. In the paper, we propose a new manner to block snowflake. We observe that to adapt fast IP changes, users need to request latest proxies from proxy database before using snowflake. Thus, adversaries can block snowflake by detecting proxy request instead of proxy itself. To verify our method, we analyse covertness of snowflake proxy requests, that has been protected by imitating normal web requests. After comparing with typical web requests, we find the imitation is vulnerable in packet size, direction, time and network speed, such as, the latency time is higher than normal obviously. Using the four vulnerabilities, we train machine learning algorithm to detect snowflake proxy requests in reality. Experimental results demonstrate that proxy request can be detected accurately across different versions at the beginning of connection. In conclusion, our work paves a new way to block snowflake.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

雪花代理请求的隐蔽性分析

雪花是一个特殊的代理系统，针对基于ip的网络阻塞。由于其IP地址更新频繁，比IP黑名单的更新速度快，用户可以利用它访问被屏蔽的网站。为了阻止雪花，现有的方法主要是检测雪花代理。但它们容易受到各种因素的影响，例如代理的位置和版本。本文提出了一种新的雪花遮挡方法。我们观察到，为了适应快速的IP变化，用户在使用snowflake之前需要从代理数据库中请求最新的代理。因此，攻击者可以通过检测代理请求而不是代理本身来阻止雪花。为了验证我们的方法，我们分析了雪花代理请求的隐蔽性，该请求通过模仿正常的web请求来保护。通过与典型的web请求进行比较，我们发现模仿在数据包大小、方向、时间和网络速度等方面存在漏洞，延迟时间明显高于正常请求。利用这四个漏洞，我们训练机器学习算法在现实中检测雪花代理请求。实验结果表明，在连接开始时可以准确地检测到不同版本的代理请求。总之，我们的工作为雪花的阻挡开辟了一条新的途径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Supported Cooperative Work-The Journal of Collaborative Computing COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS-

CiteScore

6.40

自引率

4.20%

发文量

审稿时长

>12 weeks

期刊介绍： Computer Supported Cooperative Work (CSCW): The Journal of Collaborative Computing and Work Practices is devoted to innovative research in computer-supported cooperative work (CSCW). It provides an interdisciplinary and international forum for the debate and exchange of ideas concerning theoretical, practical, technical, and social issues in CSCW. The CSCW Journal arose in response to the growing interest in the design, implementation and use of technical systems (including computing, information, and communications technologies) which support people working cooperatively, and its scope remains to encompass the multifarious aspects of research within CSCW and related areas. The CSCW Journal focuses on research oriented towards the development of collaborative computing technologies on the basis of studies of actual cooperative work practices (where ‘work’ is used in the wider sense). That is, it welcomes in particular submissions that (a) report on findings from ethnographic or similar kinds of in-depth fieldwork of work practices with a view to their technological implications, (b) report on empirical evaluations of the use of extant or novel technical solutions under real-world conditions, and/or (c) develop technical or conceptual frameworks for practice-oriented computing research based on previous fieldwork and evaluations.