Detection of Tor network obfuscated traffic using Bidirectional Generative Adversarial Network

Censorship systems face significant challenges in detecting anonymity-preserving traffic due to advanced obfuscation techniques employed by Tor pluggable transports like Obfs4 and Snowflake. Conventional detection approaches exhibit diminished effectiveness in operational environments where obfuscated traffic constitutes a minute fraction of overall network communications. We present a Cost-Sensitive Bidirectional Generative Adversarial Network (CS-BiGAN) that addresses these challenges through enhanced feature representation learning and classification resilience under extreme class imbalance. Our methodology incorporates a custom dataset collection framework capturing representative traffic patterns from multiple obfuscation protocols, coupled with a cost-sensitive learning mechanism to mitigate class disparity effects. Comprehensive evaluation demonstrates that CS-BiGAN achieves 98.25% accuracy under balanced conditions, with protocol-specific F1-scores of 99.29% for Obfs4 and 97.16% for Snowflake. The model's distinguishing characteristic is the sustained performance under severe base rate imbalances (1000:1:1:1) that reflect real-world network conditions, maintaining F1-scores exceeding 90.80% for minority classes on average. This performance substantially surpasses existing approaches, establishing practical applicability in operational environments. Our findings offer insights relevant to both censorship system deployment and the advancement of robust obfuscation methodologies designed to circumvent detection mechanisms.