Background:
Every organization generally uses a VPN service individually to leather the actual
communication. Such communication is actually not allowed by organization monitoring
network. But these institutes are not in a position to spend huge amount of funds on secure
sockets layer to monitor traffic over their computer networks.
Objective:
Our work suggests simple technique to block or detect annoying VPN clients inside the
network activities. This method does not requires the network to decrypt or even decode any
network communication.
Method:
The proposed solution selects two machine learning techniques Feature Tree and K-means as
classifiction techniques which work on time related features. First, the DNS mapping with the
ordinary characteristic of the transmission control protocol / internet protocol computer
network stack is identified and it is not to be considered as a normal traiffic flow if the
domain name information is not available. The process also examines non-standard
utilization of hyper text transfer protocol security and also conceal such communication from
hyper text transfer protocol security dependent filters in firewall to detect as anomaly in
largely.
Results:
we define the trafic flow as normal trafic flow and VPN traffic flow. These two flows are characterized by taking two machine learning techniques Feature Tree and K-means. We
have executed each experment 4 times. As a result, eight types of regular traffics and eight
types of VPN traffics were represented.
Conclusion:
Once trafic flow is identified, it is classified and studied by machine learning techniques.
Using time related features, the traffic flow is defined as normal flow or VPN traffic flow.