Adversary Lab is a service that analyzes captured network traffic to extract statistical properties.
Adversary Lab is a publicly available and open source resource for the worldwide community of Internet freedom tool developers. The purpose of this tool is to test network traffic to determine its blockability before it is deployed in the field, helping application developers to create applications which are more resistant to network filtering attacks. In particular, applications which use or provide network traffic obfuscation mechanisms can be tested before they are deployed. Adversary Lab has been used to analyze the network traffic patterns of many popular Internet freedom tools and network traffic obfuscation techniques.
Adversary Lab uses machine learning to analyze captured network traffic, extracting statistical properties and synthesizing filtering rules. The result of the analysis is a report on which properties of the analyzed traffic can be most effectively used to block the target application. This report can be used by tool developers to eliminate these blockable properties from their network traffic, either by modifying the application’s network protocol or by utilizing one of the network traffic obfuscation layers, such as Operator’s Shapeshifter library, an open source implementation of the Pluggable Transports specification.
Through funding from the OTF, Adversary Lab continues to evolve to analyze more sophisticated attacks. In recent updates, support for SSL-specific attacks such as SNI matching have been added. Additionally, Adversary Lab’s detection of identifiable byte sequences in network protocols has been greatly optimized to run orders of magnitude faster. This allows for a wider variety of byte sequences to be extracted from the captured network traffic.