Ultrasurf Traffic Classification: Detection and Prevention


Anti-censorship applications are becoming increasingly popular mean to circumvent Internet censorship, whether imposed by governments seeking to control the flow of information available to their citizens, or by parental figures wishing to shield their “parishioners” from the dangers of the Internet, or in organizations trying to restrict the Internet usage within their networking territory. Numerous applications are readily accessible for the average user to aid-in bypassing Internet censorship. Several technologies and techniques are associated with the formation of these applications, whereas, each of these applications deploys its unique mechanism to circumvent Internet censorship. Using anti-censorship applications in the work environment can have a negative impact on the network, leading to excessive degradation in the bandwidth, immense consumption of the Internet data usage capacity and possibly open the door for security breaches. Triumphing the war on anti-censorship applications has become more difficult to achieve at the network level due to the rapid updates and the adopted new technologies to circumvent censorship. In this study, a comprehensive overview on Internet censorship and anti-censorship applications is provided by analyzing Ultrasurf behavior, classifying its traffic patterns and proposing a behavioral-based solution that is capable of detecting and preventing the Ultrasurf traffic at the network level.

Share and Cite:

Al-Qura’n, R. , Hadi, A. , Atoum, J. and Al-Zewairi, M. (2015) Ultrasurf Traffic Classification: Detection and Prevention. International Journal of Communications, Network and System Sciences, 8, 304-311. doi: 10.4236/ijcns.2015.88030.

Conflicts of Interest

The authors declare no conflicts of interest.


[1] (2015) Tor Project: Anonymity Online. [Online]. https://www.torproject.org/
[2] (2015) Ultrasurf—Free Proxy-Based Internet Privacy and Security Tools. [Online].
[3] (2015) GPass. Softonic. [Online]. http://gpass.en.softonic.com/
[4] (2015) Garden Networks for Information Freedom. [Online]. http://gardennetworks.org/products
[5] (2014) Fire Phoenix Secure Browser. Vionika.
[6] (2007) Global Internet Freedom Consortium. Defeat Internet Censorship: Overview of Advanced Technologies and Products.
[7] Leberknight, C.S., Chiang, M. and Wong, F.M.F. (2012) A Taxonomy of Censors and Anti-Censors Part II: Anti-Censorship Technologies. International Journal of E-Politics, 3, 20-35.
[8] Appelbaum, J. (2012) Technical Analysis of the Ultrasurf Proxying Software. The Tor Project, Technical Report.
[9] (2015) The netfilter.org “iptables” Project. [Online]. http://www.netfilter.org/projects/iptables/
[10] Rovniagin, D. and Wool, A. (2011) The Geometric Efficient Matching Algorithm for Firewalls. IEEE Transactions on Dependable and Secure Computing, 8, 147-159.
[11] Houmansadr, A., Nguyen, G.T., Caesar, M. and Borisov, N. (2011) Cirripede: Circumvention Infrastructure Using Router Redirection with Plausible Deniability. Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, 17-21 October 2011, 187-200.
[12] Wang, Q., Gong, X., Nguyen, G.T., Houmansadr, A. and Borisov, N. (2012) Censorspoofer: Asymmetric Communication Using Ip Spoofing for Censorship-Resistant Web Browsing. Proceedings of the 2012 ACM Conference on Computer and Communications Security, New York, 16-18 October 2012, 121-132.http://dx.doi.org/10.1145/2382196.2382212
[13] Houmansadr, A., Brubaker, C. and Shmatikov, V. (2013) The Parrot Is Dead: Observing Unobservable Network Communications. Proceedings of the 2013 IEEE Symposium on Security and Privacy, Berkeley, 19-22 May 2013, 65-79. http://dx.doi.org/10.1109/sp.2013.14
[14] Geddes, J., Schuchard, M. and Hopper, N. (2013) Cover Your ACKs: Pitfalls of Covert Channel Censorship Circumvention. Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, 4-8 November 2013, 361-372.
[15] Weinberg, Z., Wang, J., Yegneswaran, V., Briesemeister, L., Cheung, S., Wang, F. and Boneh, D. (2012) StegoTorus: A Camouflage Proxy for the Tor Anonymity System. Proceedings of the 2012 ACM Conference on Computer and Communications Security, New York, 16-18 October 2012, 109-120. http://dx.doi.org/10.1145/2382196.2382211
[16] Burnett, S. and Feamster, N. (2013) Making Sense of Internet Censorship: A New Frontier for Internet Measurement. ACM SIGCOMM Computer Communication Review, 43, 84-89.
[17] Jones, B., Lee, T.-W., Feamster, N. and Gill, P. (2014) Automated Detection and Fingerprinting of Censorship Block Pages. Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, 3-7 November 2014, 299-304.
[18] Anderson, D. (2012) Splinternet behind the Great Firewall of China. Queue, 10, 40.
[19] Khattak, S., Javed, M., Khayam, S.A., Uzmi, Z.A. and Paxson, V. (2014) A Look at the Consequences of Internet Censorship Through an ISP Lens. Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, 5-7 November 2014, 271-284.
[20] (2015) OpSyria: When the Internet Does Not Let Citizens down. Reflets.
[21] Chaabane, A., Chen, T., Cunche, M., De Cristofaro, E., Friedman, A. and Kaafar, M.A. (2014) Censorship in the Wild: Analyzing Internet Filtering in Syria. Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, 5-7 November 2014, 285-298.
[22] (2010) Brita, Digital Weapons Help Dissidents Punch Holes in China’s Great Firewall, WIRED.
[23] Callanan, C., Dries-Ziekenheiner, H., Escudero-Pascual, A., and Guerra, R. (2014) Leaping over the Firewall: A Review of Censorship Circumvention Tools.
[24] (2012) Tor’s Critique of Ultrasurf: A Reply from the Ultrasurf Developers. Ultrareach Internet Corp.
[25] Osman, B., Abas, A. and Harmoni, K. (2011) Strategy to Block Traffic Create By Anti-Censorship Software in LAN for Small and Medium Organisation. Proceedings of the 3rd International Conference on Computing and Informatics (ICOCI), Bandung, 8-9 June 2011, 358-365.
[26] (2015) Squid: Optimising Web Delivery. http://www.squid-cache.org/
[27] (2015) The Netfilter.org “Libnetfilter_Queue” Project.

Copyright © 2023 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.