Utilization of Neural Networks to Identify VPN over TLS Traffic

Since the early 2000s, the field of network traffic classification has tended to attract researchers from different areas. In most cases, the methods under consideration included the most recent technological advances. But the network-related technological stack is developing rapidly, presenting researchers with new upcoming challenges. In recent years, the adoption of Virtual Private Network (VPN) services has been growing significantly, driven by a variety of factors, including concerns about security and anonymity. Badly managed VPN access is a concern in a corporate world because of introducing possibilities to overcome policy restrictions. This highlights the importance of detecting VPN traffic, especially the traffic masked by software means, specifically utilising the Transport Layer Security mechanism (TLS), which presents challenges in terms of encryption and obscurity. The use of neural networks for this purpose may be a new way of working towards solving the problem stated. This paper investigates the use of neural networks to detect VPN traffic over TLS, addressing a crucial need for an accurate identification because of growing concerns about bypassing content restrictions and maintaining network security. The accuracy is of utmost importance in this task due to security and business demands. This research aims at analysing existing solutions to the specific task of detecting VPN traffic in network flow, specifically VPN over TLS. The study consists of three main parts: collecting data, performing feature engineering and testing different machine learning models for the task at hand. Thus, the main outcome of the work will be presented in two major parts, the dataset that may later be used in similar research and analysis of performance of some of the existing machine learning solutions in appliance to the specific problem.