DeltaShaper embeds covert TCP/IP data into Skype's encrypted video stream using a virtual camera interface, treating Skype as a black box rather than mimicking its protocol. This approach provides active-attack resistance by design: any in-path perturbation affects covert and legitimate streams identically, because real Skype software processes both. The system achieves a goodput of 2.56 Kbps (with Reed-Solomon ECC) or 3.12 Kbps (without ECC) at optimal encoding parameters (320x240 area, 8x8 cell size, 6 bits/cell, 1 fps), with RTT of approximately 3 seconds.

Packet-length frequency distributions reliably distinguish regular Skype calls from irregular streams using Earth Mover's Distance (EMD): regular streams consistently produce EMD < 0.1 against a reference stream, while irregular streams range from 0.025 to 0.25. At the breakeven threshold ∆I = 0.066, an EMD classifier achieves 83% accuracy (equal sensitivity and specificity). An aggressive policy (∆A) blocks 95% of legitimate calls to catch all irregular streams; a conservative policy (∆C = 0.11) passes 80% of irregular streams to avoid false positives.

§6.1, Figure 7 detection

Encoding parameters must be jointly tuned to remain unobservable: only specific combinations stay below the intermediate blocking threshold ∆I. Valid configurations at 1 fps include (160x120, 4x4) and (320x240, 8x8) areas/cell sizes; increasing frame rate above 1 fps pushes EMD above ∆ for all multi-bit encodings. As bits per cell increase, video compression introduces more decoding errors — error rates become unacceptable above 6 bits/cell for the (320x240, 8x8) configuration, yielding the candidate encoding: 320x240 area, 8x8 cells, 6 bits/cell, 1 fps.

§6.2, §6.3, Figures 9–12 evaluation

Across eight combinations of traffic features (packet length, bi-gram packet length, inter-packet time, bi-gram inter-packet time) and two similarity metrics (EMD, KS), adversarial classification accuracy against DeltaShaper streams ranges from 72–90% in unperturbed conditions. Bi-gram inter-packet times with EMD achieves 88% accuracy, matching packet-length/EMD, but requires roughly 10x the computation (~64s vs ~6s). Bandwidth throttling to 300 Kbps degrades classifier accuracy from 88% to 75%, but also drops Skype frame rate from 30 to 5 FPS, creating collateral damage that limits censor deployment of throttling as a detection aid.

§6.4, §6.5, Table 3 detection

FreeWave, the VoIP-based predecessor, was vulnerable to passive traffic analysis because its covert Skype streams exhibited packet-size distributions different from legitimate calls, enabling detection with high probability. DeltaShaper's video-based approach with EMD-constrained encoding addresses this specific failure mode, but at a severe throughput cost: FreeWave achieves 18.75 Kbps vs DeltaShaper's 2.56–3.12 Kbps goodput. Competing systems benchmark: CovertCast ~168 Kbps (no unobservability constraints), Castle 3.48 Kbps, SkypeLine 0.064 Kbps, Rook 0.024–0.04 Kbps.

§6.3, §2 evaluation

Internal Geedge documents confirm active contracts to deploy GFW-derived censorship and surveillance infrastructure in Myanmar, Pakistan, Ethiopia, Kazakhstan, and at least one additional unidentified country under the Belt and Road framework, in addition to domestic deployments in Xinjiang, Jiangsu, and Fujian. The exported product (the Tiangou Secure Gateway / TSG line) is not a stripped-down export variant — leaked TSG documentation shows DPI, active-probing, ML classifiers, and granular per-region traffic control rules that mirror the domestic GFW capability set.

2025-geedge-mesa-leak §5, §6 dpiactive-probingml-classifiersni-blockingdns-poisoningfully-encrypted-detecttraffic-shape

InterSecLab's 76-page analysis of the Geedge/MESA leak (based on nine months of indexing and translating >100,000 documents) characterizes the Tiangou Secure Gateway (TSG) product line as a commercially deployable detection stack that combines deep packet inspection, real-time mobile subscriber monitoring, active probing, ML-based traffic classifiers, and granular per-region rule sets. TSG is not a research prototype — leaked documentation includes deployment timelines and client government interactions for Kazakhstan, Ethiopia, Pakistan, Myanmar, and one unnamed country, with censorship rules explicitly tailored to each region.

2025-interseclab-internet-coup §3–§5 (InterSecLab report) dpiactive-probingml-classifiersni-blockingip-blockingtraffic-shapefully-encrypted-detect

Justice for Myanmar documents that Geedge Networks supplied Myanmar's military junta with GFW-derived surveillance and censorship infrastructure under Belt and Road frameworks following the February 2021 coup. The deployed system (Tiangou Secure Gateway / TSG) incorporates the same DPI, active-probing, and ML-classifier capabilities as the domestic Chinese GFW, giving Myanmar one of the most technically capable censorship systems in Southeast Asia.

2025-jfm-silk-road-surveillance §3, §5 dpisni-blockingip-blockingtraffic-shapeml-classifieractive-probing

The paper proposes modeling HCS undetectability as a simulation-based cryptographic distinguishability problem: if traces produced by the real-world HCS channel are computationally indistinguishable from ideal-world application-channel traces (T_HCS ∼ T_simulator), the HCS achieves provable security against any adversary — passive or active. The simulation paradigm is parametric in adversary capability, meaning a single proof covers the full spectrum from passive SNI monitoring to active DPI.

2025-pereira-position §1, §2 dpitraffic-shapeactive-probing

The system targets a threat model where the censor performs passive DPI to fingerprint and block the client-to-TURN-proxy channel, and also conducts active enumeration attacks to discover and block proxy endpoints. The paper explicitly notes that traffic splitting may introduce distinct fingerprints of its own that require empirical evaluation — acknowledging that multi-path approaches are not fingerprint-free.

2025-vilalonga-extended §3.1 Threat Model dpiactive-probingtraffic-shape

Relying on third-party email providers to verify users was demonstrated by Ling et al. to leave Tor's BridgeDB vulnerable to censors capable of creating multiple accounts, enabling bridge enumeration via sock-puppet attacks at scale. Active and passive detection techniques — including traffic flow analysis, DPI, website fingerprinting, and active probing — have been demonstrated in prior work to reveal Tor bridges, making Tor inaccessible for the majority of users in some regions.

2023-tulloch-lox §2.2.1 active-probingdpitraffic-shapewebsite-fingerprintip-blocking