VPN Traffic Identification Based on Tunneling Protocol Characteristics

2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET) Pub Date : 2022-08-19 DOI:10.1109/CCET55412.2022.9906397

Yu Li, Fei Wang, Shuhui Chen

{"title":"VPN Traffic Identification Based on Tunneling Protocol Characteristics","authors":"Yu Li, Fei Wang, Shuhui Chen","doi":"10.1109/CCET55412.2022.9906397","DOIUrl":null,"url":null,"abstract":"Virtual Private Network (VPN) provides a secure, encrypted, and anonymous communication between remote networks. More and more people are inclined to use, with the raising network security and privacy protection awareness. However, VPNs are also widely abused by malicious pursuers, and thereby distinguishing VPN traffic for father judgment is of the utmost importance for network supervision. In this paper, we focus on the characteristics of VPN tunneling protocols, and then extract four categories of traffic features, including two novel entropy features, for VPN traffic identification. Feature evaluation upon real-world VPN traffic demonstrates, that all these features can notably embody differences between VPN and Non-VPN traffic, and the entropy features work still well even when applications traffic is mixed. Finally, the proposed VPN traffic identification method achieves the accuracy of 99.02% and 95.32% respectively on self-gathered and public VPN datasets, remarkably higher than the existing research.","PeriodicalId":329327,"journal":{"name":"2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCET55412.2022.9906397","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Virtual Private Network (VPN) provides a secure, encrypted, and anonymous communication between remote networks. More and more people are inclined to use, with the raising network security and privacy protection awareness. However, VPNs are also widely abused by malicious pursuers, and thereby distinguishing VPN traffic for father judgment is of the utmost importance for network supervision. In this paper, we focus on the characteristics of VPN tunneling protocols, and then extract four categories of traffic features, including two novel entropy features, for VPN traffic identification. Feature evaluation upon real-world VPN traffic demonstrates, that all these features can notably embody differences between VPN and Non-VPN traffic, and the entropy features work still well even when applications traffic is mixed. Finally, the proposed VPN traffic identification method achieves the accuracy of 99.02% and 95.32% respectively on self-gathered and public VPN datasets, remarkably higher than the existing research.

查看原文本刊更多论文

基于隧道协议特征的VPN流量识别

VPN (Virtual Private Network)提供远程网络间安全、加密、匿名的通信。随着网络安全和隐私保护意识的提高，越来越多的人倾向于使用。然而，VPN也被恶意跟踪者广泛滥用，因此区分VPN流量进行判断对于网络监管至关重要。本文重点研究了VPN隧道协议的特点，提取了四类流量特征，其中包括两种新的熵特征，用于VPN流量识别。对真实VPN流量的特征评估表明，所有这些特征都可以明显地体现VPN和非VPN流量之间的差异，即使在应用流量混合的情况下，熵特征仍然可以很好地工作。最后，本文提出的VPN流量识别方法在自采集和公共VPN数据集上的准确率分别达到99.02%和95.32%，显著高于已有研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE 5th International Conference on Computer and Communication Engineering Technology (CCET)

自引率

0.00%

发文量