Efficacy of Full-Packet Encryption in Mitigating Protocol Detection for Evasive Virtual Private Networks
Amy Iris Parker
TL;DR
The paper addresses the detectability of full-packet encrypted VPNs, specifically ACC, under censorship models by evaluating eight machine-learning classifiers on ACC packets against random and network traffic. The approach combines real packet collection, ACC-encrypted sample generation, random packet creation, and systematic ML evaluation using metrics including $F_1$ and collateral damage $C$ to assess practicality. Key findings show that ACC is indistinguishable from random data in isolation but becomes detectable within ordinary network traffic, with C4.5 achieving near-perfect detection and negligible collateral damage, while other models vary in performance and overhead. This work highlights potential practical implications for censorship infrastructure and points to future work on other FPE protocols and masquerading strategies, with measurable thresholds guiding deployment decisions, such as $F_1>0.95$ and $C<0.01$ for effectiveness.
Abstract
Full-packet encryption is a technique used by modern evasive Virtual Private Networks (VPNs) to avoid protocol-based flagging from censorship models by disguising their traffic as random noise on the network. Traditional methods for censoring full-packet-encryption based VPN protocols requires assuming a substantial amount of collateral damage, as other non-VPN network traffic that appears random will be blocked. I tested several machine learning-based classification models against the Aggressive Circumvention of Censorship (ACC) protocol, a fully-encrypted evasive VPN protocol which merges strategies from a wide variety of currently in-use evasive VPN protocols. My testing found that while ACC was able to survive our models when compared to random noise, it was easily detectable with minimal collateral damage using several different machine learning models when within a stream of regular network traffic. While resistant to the current techniques deployed by nation-state censors, the ACC protocol and other evasive protocols are potentially subject to packet-based protocol identification utilizing similar classification models.