SafeSearch: Obfuscated VPN Server using Raspberry Pi for Secure Network

Virtual Private Network (VPN) is a private network that uses public network to tunnel the connection from the users’ end to the VPN server. VPN allows users to create a secure connection to another network over the public Internet. VPNs can be used to shield users’ browsing activity and encrypts data transmitted over the network to prevent sniffing attack. Nowadays, users can either pay a premium price for a good VPN service or risk their privacy using free browser-based VPN. Thus, SafeSearch is developed to address these issues in mind. With SafeSearch, users will not need to fork out a lot of money for premium VPN subscription services or expose themselves to targeted advertising when utilising free browser-based VPN. In this study, open VPN protocol was used to create the VPN server on a microcomputer called Raspberry Pi. The software used was mostly open-source except for the VPN client. Obfuscation technique was used to hide VPN traffic by disguising it as just another normal Internet traffic against Deep Packet Inspection when passing through firewall. After the VPN server was established, tests were carried out to evaluate the functionality and reliability of the VPN server in “real-world” environment. The tests conducted were network restriction penetration assessment, network performance and user acceptance test. Penetration assessment result showed that SafeSearch is capable of bypassing web filtering and deep packet inspection. Network performance during SafeSearch connection has slight latency and bandwidth decline, although it is not overly affected. The outcome of the user acceptance test was positive as the majority of participants of the study were confident that SafeSearch can secure their connection and protect their privacy when browsing the web. To conclude, both objectives of this project were fully achieved and the scope of study was followed thoroughly.

Performance Analysis of Machine Learning and Pattern Matching Techniques for Deep Packet Inspection in Firewalls

Malware is essentially one of the major security issues that have the potential to break the computer operations instantly. Majority of the internet attacks are caused by malwares that are being distributed through HTTP over the Internet. A Firewall is essential to prevent such internet attacks for enhancing the security measures. The most efficient method to prevent Intrusion in the network is Deep Packet Inspection (DPI), which is presently implemented in advanced firewalls. This research work intends to detect and prevent the intrusion in the network using a hybrid method with DPI, Pattern Matching (PM), and Machine Learning (ML) techniques. In this present work, a hybrid method which involves the functionalities of both DPI and ML is used for classification and identification of attacks. Here, DPI is done by Boyer-Moore-Horspool (BMHP) pattern matching algorithm and ten ML algorithms such as Support Vector Machines (SVM), Linear-SVM (L-SVM), K-Nearest Neighbors (KNN), Multi-Layer Perceptron (MLP), Decision Tree (DT), Random Forest (RF), AdaBoost (Ada), Gaussian Naive Bayes (GaNB) and Bernouli Naive Bayes (BeNB) are employed for classification. Subsequently, the proposed work is evaluated in a sequential and parallel manner and it is customized for identifying the fuzzy, impersonation and Denial of Service (DoS)-based attacks. The proposed system is analyzed in different dimensions such as performance of ML methods and role of DPI in attack identification including the pattern matching efficiency. From the investigation, it is identified that BMHP algorithm has the least time and memory consumed values about 0.0028 sec and 125.4 Mib respectively. Similarly, SVM has the accuracy of 99.91% with the least time and memory consumed values about 18.185 sec and 303.5 MiB respectively.

Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning

In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.

The transformation of network neutrality in Canada

"Telecommunications technology has dramatically transformed an individual's ability to access information. Internet surfers are often unaware of the ways in which their Internet services are being managed, and even fewer are familiar with the term Internet neutrality. As a growing trend, more Internet Service Providers (ISPs) in Canada are intervening with the infrastructure of the Internet by utilizing traffic management practices, such as bandwidth 'throttling'1, which hinder a user's ability to quickly access certain types of content online. Internet traffic management practices (ITMP) are a means for ISPs to control their 'congested'2 networks, with the aim of optimizing or improving their network's performance, or they can often aid in increasing usable bandwidth (Lithgow, 2011). Traffic management practices ultimately allow one kind of 'packet'3 to be delayed over another; for example, ISPs often use a program called Deep Packet Inspection (DPI), which is a program that can identify forms of traffic online, meaning it can target specific applications. Since ITMPs can target specific 'packets' online, smaller interest groups, and businesses became increasingly concerned that network neutrality policy principles, such as 'common-carriage'4 was not being enforced by the CRTC. This paper will identify the main concerns of utilizing ITMP on broadband networks, and will illustrate that ITMP can and should be connected to the discussion regarding network neutrality in Canada" -- From the introduction, page 1.