SSAPPIDENTIFY: A robust system identifies application over Shadowsocks’s traffic

As an effective tool for penetrating firewalls and bypassing supervision and censorship, Shadowsocks is widely used, and there are also illegal network activists. If there is a traffic identification system that can identify applications over Shadowsocks, it can greatly facilitate the supervision, traceability, and evidence collection of cybercrime activities. In this paper, we propose an application over Shadowsocks’s traffic identification system, which adds the sliding window JS divergence feature on the basis of the traditional statistics and distribution based on traffic packet length and timestamp. This feature can effectively reduce the impact on smart phone differences without reducing the accuracy of the same individual device application traffic recognition, while maintaining the characteristics of the application as much as possible, thereby greatly improve our traffic recognition the robustness of the system. Experimental results show that our system can achieve an accuracy of 94.5% on the same smart phone. On the data sets collected by different smart phones, our work has achieved an accuracy of 80.4%, which has certain practicality.