A comprehensive machine learning-based approach for virtual private network traffic detection, classification and hiding

Virtual private networks (VPNs) are often used today for remote access to corporate networks or to access information resources limited to specific IP ranges or specific geolocations. Reliable detection and classification of normal or encrypted VPN traffic is a non-trivial task that has not yet been reliably solved. In our research, we created a large dataset containing samples of network traffic of different VPN protocols. We used the dataset to build nine machine learning (ML) models and compared their efficiency. Our best ML models can detect VPN network traffic with very high accuracy, subsequently classify the type of VPN protocol, and evaluate the content of traffic transported via the encrypted VPN protocols. To validate the robustness of our models, we invented and applied various VPN traffic detection obfuscation methods whose usage may interfere with network traffic identification and classification. Such methods can also be used to design and implement more secure next-generation VPN protocols that will be potentially not detectable by methods based on ML models.