Swiftpack.co - Package - OperatorFoundation/AdversaryLab

The Operator Foundation

Operator makes useable tools to help people around the world with censorship, security, and privacy.

Adversary Lab

Adversary Lab is a service that analyzes captured network traffic to extract statistical properties. Using this analysis, filtering rules can be synthesized to block sampled traffic.

The purpose of Adversary Lab is to give researchers and developers studying network filtering a way to understand how easy it is to block different protocols. If you have an application that uses a custom protocol, Adversary Lab will demonstrate how a rule can be synthesized to systematically block all traffic using that protocol. Similarly, if you have a network filtering circumvention tool, then Adversary Lab can synthesize a rule to block your tool. This analysis can also be used to study tools that specifically attempt to defeat networking filtering, such as Pluggable Transports.

Adversary Lab analysis works by training a classifier on two observed data sets, the "allow" set and the "block" set. For instance, a simulated adversary could allow HTTP, but block HTTPS. By training the system with HTTP and HTTPS data, it will generate a rule that distinguishes these two classes of traffic based on properties observed in the traffic.

Getting Started

Prerequisites

Swift 4.0, included in Xcode 9

Install and run Redis.

You can install it with Homebrew

brew install redis
brew services start redis

Or refer to the Redis documentation to install it manually.

Installing

Check out the project from Github

git clone https://github.com/OperatorFoundation/AdversaryLab
cd AdversaryLab

Install the Swift Package used by the graphical interface

cd AdversaryLabSwiftPackage
swift package update
swift package generate-xcodeproj
cd ..

Open the graphical interface project in code

open AdversaryLabSwift.xcodeproj

Deployment

Open the Xcode project and click the Run button to run the Adversary Lab graphical interface. Make sure Redis is already running, as Adversary Lab will not start Redis for you.

To add network traffic to Adversary Lab for analysis, you need the AdversaryLabClient command line tool. For the installation instructions to install and use the command line tool.

Built With

  • Auburn - An idiomatic Swift library for using Redis
  • RedShot - Lightweight Redis client for Swift
  • Datable - Swift convenience functions to convert between various different types and Data
  • Redis - A fast database with support for data structures

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests.

Versioning

SemVer is used for versioning. For the versions available, see the tags on this repository.

Authors

License

This project is licensed under the GPLv3 License - see the LICENSE.md file for details

Acknowledgments

AdversaryLab is based on Dr. Brandon Wiley's dissertation work, "Circumventing Network Filtering with Polymorphic Protocol Shapeshifting".

Github

link
Stars: 3
Help us keep the lights on

Dependencies

Used By

Total: 0

Releases

1.1.0 - Apr 27, 2018

1.0.0 - Mar 26, 2018

  • Uses a Redis database instead of custom data storage
  • Much higher performance
  • Added a graphical user interface for processing packets and viewing results

New analysis features:

  • More complex byte sequence analysis
  • Packet lengths
  • Packet timing
  • Entropy
  • TLS Common Name analysis