Towards illuminating a censorship monitor’s model to facilitate evasion

3rd USENIX Workshop on Free and Open Communications on the Internet, FOCI 2013, co-located with USENIX Security 2013

Volumn , Issue , 2013, Pages

  Khattak, Sheharbano ^c   Javed, Mobin ^a   Anderson, Philip D ^c   Paxson, Vern ^a,b  

^a UNIVERSITY OF CALIFORNIA   (United States)

^b INTERNATIONAL COMPUTER SCIENCE INSTITUTE   (United States)

^c NONE

Author keywords

[No Author keywords available]

Indexed keywords

HTTP;

ANALYSIS MODELS; NETWORK ACTIVITIES; NETWORK INTRUSION DETECTION SYSTEMS; ON THE FLIES; REASSEMBLY; S MODELS; STATE MANAGEMENT;

INTRUSION DETECTION;

EID: 85084163945     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. sniffjoke. http://www.delirandom.net/sniffjoke/.
2. HTTP URL/keyword detection in depth. http://gfwrev.blogspot.jp/2010/03/http-url.html, 2010.
3. Scholar Zhang: Intrusion detection evasion and black box mechanism research of the Great Firewall of China. https://code.google.com/p/scholarzhang/, 2010.
4. west-chamber-season-2. https://code.google.com/p/west-chamber-season2/, 2010.
5. west-chamber-season-3. https://github.com/liruqi/west-chamber-season-3/, 2011.
6. D. Anderson. Splinternet Behind the Great Firewall of China. Queue, 10(11):40:40–40:49, Nov. 2012.
7. P. Biondi. Scapy. http://www.secdev.org/projects/scapy/.
8. R. Clayton, S. J. Murdoch, and R. N. M. Watson. Ignoring the Great Firewall of China. In G. Danezis and P. Golle, editors, Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006), pages 20–35, Cambridge, UK, June 2006. Springer.
9. J. R. Crandall, D. Zinn, M. Byrd, E. Barr, and R. East. Conceptdoppler: a weather tracker for Internet censorship. In Proceedings of the 14th ACM conference on Computer and communications security, CCS’07, pages 352–365, New York, NY, USA, 2007. ACM.
10. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee. RFC 2616: Hypertext Transfer Protocol – HTTP/1.1, 1999.
11. M. Handley, V. Paxson, and C. Kreibich. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-end Protocol Semantics. In Proceedings of the 10th conference on USENIX Security Symposium - Volume 10, SSYM’01, pages 9–9, Berkeley, CA, USA, 2001. USENIX Association.
12. L. Juan, C. Kreibich, C.-H. Lin, and V. Paxson. A tool for offline and live testing of evasion resilience in network intrusion detection systems. In Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA’08, pages 267–278, Berlin, Heidelberg, 2008. Springer-Verlag.
13. J. C. Park and J. R. Crandall. Empirical Study of a National-Scale Distributed Intrusion Detection System: Backbone-Level Filtering of HTML Responses in China. In Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems, ICDCS’10, pages 315–326, Washington, DC, USA, 2010. IEEE Computer Society.
14. J. Postel. RFC 793: Transmission Control Protocol, Sept. 1981.
15. T. H. Ptacek and T. N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. Technical report, Secure Networks, Inc., Suite 330, 1201 5th Street S.W, Calgary, Alberta, Canada, T2R-0Y6, 1998.
16. D. Roelker. HTTP IDS Evasion Revisited. Technical report, Aug. 2003.
17. U. Shankar and V. Paxson. Active Mapping: Resisting NIDS Evasion without Altering Traffic. In Proceedings of the 2003 IEEE Symposium on Security and Privacy, SP’03, pages 44–, Washington, DC, USA, 2003. IEEE Computer Society.
18. D. Song. fragroute. http://www.monkey.org/~dugsong/fragroute/.
19. M. Vutukuru, H. Balakrishnan, and V. Paxson. Efficient and Robust TCP Stream Normalization. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, SP’08, pages 96–110, Washington, DC, USA, 2008. IEEE Computer Society.
20. N. Weaver, R. Sommer, and V. Paxson. Detecting Forged TCP Reset Packets. In NDSS, 2009.
21. P. Winter. brdgrd. https://git.torproject.org/brdgrd.git.
22. P. Winter and S. Lindskog. How the Great Firewall of China is blocking Tor. In Proceedings of the USENIX Workshop on Free and Open Communications on the Internet (FOCI 2012), August 2012.
23. X. Xu, Z. M. Mao, and J. A. Halderman. Internet censorship in China: where does the filtering occur? In Proceedings of the 12th international conference on Passive and active measurement, PAM’11, pages 133–142, Berlin, Heidelberg, 2011. Springer-Verlag.