The zig-zag traffic analysis attack (confirmed supported in Geedge TSG leak) rapidly enumerates all static proxy pools. With ζ_watch ∈ {4, 6} steps and a best-quality classifier (ρ_TP=0.99, ρ_FP=0.001), almost total proxy enumeration and user blockage occurs well before step 300. Even ζ_watch=2 leaves ~50% of users blocked. Collateral damage is high across all settings when ζ_watch ≥ 4: eventually ~50% of innocent servers are also blocked. However, Snowflake-style ephemeral proxies resist zig-zag effectively: reachability remains above 95% after 360 steps because churn prevents the censor from expanding its known proxy set beyond agents' direct assignments.

Simulations extending the ENEM19 game-theory framework show that ephemeral proxy schemes (modeled on Snowflake/Lantern) effectively neutralize both the "optimal" and "aggressive" censors from the original framework. In overprovisioned settings (proxies arriving at 250/step vs. 200 clients/step), even the null censor scenario outperforms either censor in equal-arrival settings. Over 90% of waiting users receive a proxy within 1 time step. The critical variable is not censor sophistication but proxy arrival rate relative to client demand—high proxy churn combined with high arrival rate defeats both enumeration strategies tested.

§4, Fig 1, Fig 2, Table 1 evaluation

The host-profiling censor (passive traffic analysis: count connections per server, block those exceeding a threshold τ within a window w) blocks essentially all circumvention user traffic within 30 time steps for all classifier qualities tested (ρ_TP ∈ {0.9, 0.95, 0.99}), while causing far less collateral damage than zig-zag (never exceeding ~30% innocent server blocking). Snowflake resists this attack well: with w=3, τ=3, over 94.48% of users receive a proxy within 2 steps even with worst-classifier rules, and final unblocked server rates are 91.24–99.04%. The host profiling approach is feasible for passive censors who cannot enumerate the distribution channel.

§5.2, Table 2, Table 3 detection

Multi-censor simulations show that single-censor-optimized distribution strategies perform suboptimally in realistic multi-region deployments. When two networks have different censor strategies (e.g., one optimal, one zig-zag), the distributor cannot detect that a proxy is blocked until all censors have blocked it; this leaves clients without reachable proxies despite the proxy appearing "available" from the distributor's view. The authors conclude that "single-censor evaluation does not accurately predict more realistic deployment performance." A zig-zag censor in one region with 0.25 weight caused 44.4% collateral damage while reducing proxy lifetime to a median of 4 steps.

§6, Table 4 evaluation

A three-stage detection pipeline exploiting the "dual-role" behavioral fingerprint of single-IP circumvention relays achieved 23.2% recall (96/414 ground-truth relays) with a 0.18% false-positive rate against 97,651 benign TLS servers, for an overall accuracy of 99.5%. The ground-truth set covered OpenVPN, WireGuard, and SOCKS relays identified in a 17 TB single-day backbone trace (WIDE Project, April 9, 2025).

2026-almutairi-server §3.4, Table 1 traffic-shapedpiflow-correlation

Per-flow RTTdiff detection rates are only ~20% because the majority of proxy flows connect to CDN-cached content (Cloudflare, Google, Fastly) that sits within 5ms of the proxy, suppressing the discrepancy. However, aggregating across flows per website visit yields detection rates exceeding 70%—and from the abstract, approximately 80% of top-5K domains generate at least one detectable flow—with half of those detections made within the first 60 packets. This means an adversary can reliably expose client and proxy IPs after just a few website visits.

2025-xue-discriminative §VI-C-2, Table II traffic-shapeflow-correlation

IMAP/SSL traffic on port 993 constitutes less than 1% of total ISP traffic but accounts for nearly one third of all false positives in the RTTdiff exploit, because IMAP's non-RESTful multi-connection pattern violates the request-response correlation assumption. The overall per-flow FPR is bounded at 0.6–0.7% (on par with GFW's estimated FPR against fully-encrypted proxies), but implementing a pre-filter to whitelist IMAP traffic reduces the FPR by approximately one third, making the fingerprint substantially more precise.

2025-xue-discriminative §VI-C-3, Table III traffic-shapeflow-correlation

Cross-layer RTT discrepancy (RTTdiff) is a protocol-agnostic fingerprint that exploits an inherent architectural property of all proxy setups: transport-layer sessions terminate at the proxy while application-layer sessions remain end-to-end. Evaluation across 10 proxy protocols—including VMess, Shadowsocks, VLESS, Trojan, XTLS-Vision, and obfs4-wrapped SOCKS—shows near-identical detection rates for all except obfs4, confirming the fingerprint is not tied to any specific obfuscation scheme. At FPR=0.01, per-website detection rates exceed 70% across all tested client and proxy location combinations.

2025-xue-discriminative §I, §VI-C traffic-shapeflow-correlation

PushProxy decouples upstream (XOR-obfuscated UDP) from downstream (FCM push notifications), implementing triangular routing that prevents per-flow traffic analysis: a network adversary with limited visibility cannot correlate upload and download flows since they use different transport protocols and paths. Median TTFB was 572ms versus 492ms (Shadowsocks) and 508ms (OpenVPN), while performance remained stable during Chinese peak hours (20:00–02:00 GMT+8) when Shadowsocks download times increased from 3s to over 100s.

2023-xue-use §4, §5.2, Figure 7–8 flow-correlationtraffic-shape

CRON restricts multi-hop covert circuits (N≥1 relays) to delay-tolerant traffic only, because establishing multiple simultaneous WebRTC video calls is 'highly atypical in normal user profiles' and would trigger S1 behavioral anomaly detection. Real-time interactive tunneling is limited to direct circuits (N=0) within pre-existing calls, and active mode introduces only bounded variability in call times and frequency to stay within plausible user-profile ranges.

2020-barradas-towards §4.1 traffic-shapeflow-correlation