CovertMark

Understanding the behaviours of state internet censorship.

CovertMark is a deep packet inspection (DPI) framework for evaluating and benchmarking the effectiveness of protocol-obfuscation proxies circumventing state internet censorships. CovertMark performs automated passive analysis on captured proxy traffic to determine the likelihood and practicality of accurate traffic protocol classification, which would in turn allow state censors to block such traffic.

CovertMark is effective on all TCP-based proxy protocols, including currently deployed Tor pluggable transports and tunnelling proxies such as shadowsocks.

In other words: like StirMark, but for obfuscated network traffic rather than image steganography.

For Proxy Developers

To evaluate the quality of your proxy protocol's traffic obfuscation, CovertMark is easy to use. You only need to capture your protocol's traffic, with realistic negative traffic traces provided.

User's Guide »

For DPI Researchers

It is simple to integrate your traffic analysis techniques into CovertMark, which takes care of most house-keeping tasks, allowing you to focus on your analysis strategy.

Strategy Implementation Guide »

Realistic Traffic Traces

Real web browsing traffic generated by human volunteers under experimental conditions are available, both clean (negative) traces and through a pluggable transport or a proxy.

Download Available Traces »