Together may be better: A novel framework and high-consistency feature for proxy traffic analysis

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-09-09 DOI:10.1016/j.comnet.2025.111672

Yuantu Luo , Jun Tao , Linxiao Yu , Yuehao Zhu

{"title":"Together may be better: A novel framework and high-consistency feature for proxy traffic analysis","authors":"Yuantu Luo , Jun Tao , Linxiao Yu , Yuehao Zhu","doi":"10.1016/j.comnet.2025.111672","DOIUrl":null,"url":null,"abstract":"<div><div>Encrypted and proxy-based traffic has been critical in ensuring communication security but also pose significant challenges for traffic analysis, such as obscured traffic patterns, the inability to correlate pre- and post-proxy flows, and the increased complexity of analyzing encapsulated data. To address these challenges and enable comprehensive proxy traffic analysis, this paper proposes <em>TrafficTracer</em>, a novel proxy traffic capturing framework designed to overcome limitations in existing methods, such as port-missing issues and the inability to correlate pre- and post-proxy traffic. By modifying the open-source proxy application Clash, <em>TrafficTracer</em> extracts inner connection information, enabling complete traffic flow tracing. Furthermore, building on the whole-procedure proxy traffic captured by <em>TrafficTracer</em>, we design Flow Reversals (FR), a robust feature capturing the consistency of traffic flow characteristics before and after proxy encapsulation. Experimental evaluations demonstrate that <em>TrafficTracer</em> significantly enhances raw packet capture efficiency and alleviates port-missing issues. Moreover, FR exhibits strong proxy feature invariability and temporal consistency, outperforming traditional features in maintaining pre- and post-proxy traffic correlations. These results indicate that leveraging <em>TrafficTracer</em> and FR can effectively facilitate the analysis of the entire proxy traffic procedure and hold promise for traffic analysis performance improvement.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"272 ","pages":"Article 111672"},"PeriodicalIF":4.6000,"publicationDate":"2025-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625006395","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Encrypted and proxy-based traffic has been critical in ensuring communication security but also pose significant challenges for traffic analysis, such as obscured traffic patterns, the inability to correlate pre- and post-proxy flows, and the increased complexity of analyzing encapsulated data. To address these challenges and enable comprehensive proxy traffic analysis, this paper proposes TrafficTracer, a novel proxy traffic capturing framework designed to overcome limitations in existing methods, such as port-missing issues and the inability to correlate pre- and post-proxy traffic. By modifying the open-source proxy application Clash, TrafficTracer extracts inner connection information, enabling complete traffic flow tracing. Furthermore, building on the whole-procedure proxy traffic captured by TrafficTracer, we design Flow Reversals (FR), a robust feature capturing the consistency of traffic flow characteristics before and after proxy encapsulation. Experimental evaluations demonstrate that TrafficTracer significantly enhances raw packet capture efficiency and alleviates port-missing issues. Moreover, FR exhibits strong proxy feature invariability and temporal consistency, outperforming traditional features in maintaining pre- and post-proxy traffic correlations. These results indicate that leveraging TrafficTracer and FR can effectively facilitate the analysis of the entire proxy traffic procedure and hold promise for traffic analysis performance improvement.

查看原文本刊更多论文

合在一起可能会更好：为代理流量分析提供一个新颖的框架和高一致性特性

加密和基于代理的流量在确保通信安全方面至关重要，但也对流量分析提出了重大挑战，例如模糊的流量模式，无法关联代理前和代理后的流量，以及分析封装数据的复杂性增加。为了应对这些挑战并实现全面的代理流量分析，本文提出了TrafficTracer，这是一种新的代理流量捕获框架，旨在克服现有方法中的局限性，例如端口缺失问题和无法关联代理前后流量。TrafficTracer通过修改开源代理程序Clash，提取内部连接信息，实现完整的流量跟踪。此外，基于TrafficTracer捕获的整个过程代理流量，我们设计了Flow Reversals (FR)，这是一种捕获代理封装前后流量特征一致性的鲁棒特征。实验评估表明，TrafficTracer显著提高了原始数据包捕获效率，缓解了端口丢失问题。此外，FR表现出较强的代理特征不变性和时间一致性，在保持代理前后流量相关性方面优于传统特征。这些结果表明，利用TrafficTracer和FR可以有效地促进对整个代理流量过程的分析，并有望提高流量分析的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.