Iran made an AI-integrated Internet censorship tool with help of China and Russia

[APT-ZERO]

An Iranian Mag had a conversation with an Unknown Technology Expert from Iran (Maybe an ArvanCloud specialist?)
He said: 'We made an advanced AI-integrated tool against anti-censorship protocols, we know that it's not easy to do it, but we have help of China and Russia. Currently our anti-anti-censorship tool it is even better than China's GFW! that's why anti-censorship protocols that are working in China can't work in Iran! But it's not all of it, We are still making more method and algorithms to detect even more anti-censorship protocols and we also monitor all of the data that is going through them, because government is very interested in them'
https://web.archive.org/web/20240314114412/https://gadgetnews.net/840268/it-is-getting-harder-to-pass-internet-filtering-in-iran/

[gaukas]

I am an AI agnostic but when I took a class about ML I heard there's an important principle that if you can't do something with pencil and paper (doing it really slow is allowed) then you can't expect your AI being able to do it better than you.

Perhaps deep learning has more or less challenged this statement with its simplified feature engineering process, but still, if there IS a difference between circumvention traffic and other traffic, then it simply means there's room for improvement for circumvention tools 😄

[APT-ZERO]

Already there is known algorithms to detect proxy traffics :
https://usenix.org/conference/usenixsecurity24/presentation/xue
But they have more than 20% false positive
AI can help them to find more sharp algorithms to reduce false positives
proxy known patterns + active probe / host analyzing = detecting proxies with 0% false detection rate

[gaukas]

Indeed there is, and actually the one by Xue is not really the first efficient attempt in classifying proxy traffic with machine learning methods.

The one by Xue focuses on TLS-over-TLS detection which is currently still a very controversial topic in the community, since RPRX has shown with Trojan-Killer that machine learning factor is not really needed to detect such pattern. Much earlier, researchers from an institute in China (I forgot which) have published a paper indicating Shadowsocks traffic can be classified using random forest algorithms with good accuracy as well.

But still, none of these results indicates censors are already using ML or ML is production-ready (in terms of cost, latency, accuracy, etc.). And most likely the design flaws targeted by ML can be patched even without introducing ML into circumvention tool.

[zsui2354]

确实有，实际上 Xue 的那次并不是第一次用机器学习方法对代理流量进行分类的有效尝试。

Xue 的文章专注于 TLS-over-TLS 检测，这在社区中目前仍然是一个非常有争议的话题，因为 RPRX 已经通过 Trojan-Killer 表明，检测这种模式并不真正需要机器学习因素。很久以前，中国一家研究所的研究人员（我忘了是哪个）发表了一篇论文，表明 Shadowsocks 流量也可以使用随机森林算法进行分类，并且精度很高。

但是，这些结果都没有表明审查员已经在使用 ML 或 ML 已准备好生产（在成本、延迟、准确性等方面）。最有可能的是，即使不将ML引入规避工具，也可以修补ML所针对的设计缺陷。

I think you're talking about this article

https://github.com/OpenDocCN/flygon-sec-wiki/blob/master/docs/%E5%9F%BA%E4%BA%8E%E9%9A%8F%E6%9C%BA%E6%A3%AE%E6%9E%97%E7%9A%84Shadowsocks%E6%B5%81%E9%87%8F%E6%A3%80%E6%B5%8B.md