Protocol mimicry that replicates only statistical or syntactic traffic properties is insufficient for unobservability: Houmansadr et al. (2013) showed SkypeMorph was trivially detectable by the absence of Skype control channels, missing login-server communication, and failure to replicate implementation-specific bugs present in real Skype—demonstrating that full behavioral replication, not just traffic shaping, is required to withstand scrutiny.
From 2023-jia-voiceover — Voiceover: Censorship-Circumventing Protocol Tunnels with Generative Modeling
· §2
· 2023
· Free and Open Communications on the Internet
Implications
Route circumvention traffic through actual instances of the target application rather than reimplementing its traffic patterns from scratch, to avoid behavioral fingerprinting at the control-plane and metadata layers.
When auditing a mimicry-based transport, explicitly test for control-plane mismatches (login servers, keepalives, error behavior, known bugs) in addition to payload and timing statistics.