![]() This issue raised a lot of security concerns which are constantly managed by different security services. The stack was implemented without the consideration of security of information being transferred in the communication. To enable the communication between the computers, TCP/IP stack was implemented. The proposed system is lightweight enough to keep minimal overhead, both in network and resource utilization and requires no specialized hardware. Out of total 729 connections made by different users, 329 connections were classified as legitimate activity, marking 400 remaining connections as VPN-based connections. We analyzed the activity of five users, using some sort of VPN service in their Internet activity, inside the network. We worked on top five freely available VPN services and analyzed their traffic patterns the results show successful detection of the VPN activity performed by the user. This helps in verifying legitimate connection and flags the VPN-based traffic. Once traffic is classified, the connection based on the server’s IP, TCP port connected, domain name, and server name inside the HTTPS connection is analyzed. Network traffic is analyzed and classified using DNS (Domain Name System) packets and HTTPS- (Hypertext Transfer Protocol Secure-) based traffic. The proposed system analyzes the communication between user and the server to analyze and extract features from network, transport, and application layer which are not encrypted and classify the incoming traffic as malicious, i.e., VPN traffic or standard traffic. In this paper, we have proposed a novel approach to detect VPN activity inside the network. These services may be the source of new virus or worm injected inside the network or a gateway to facilitate information leakage. Any VPN service may be used by users to bypass the filters or signatures applied on network security devices. The user inside the network with malicious intent or to hide his activity from the network security administration of the organization may use VPN services. Every Internet activity is then performed under the established SSL tunnel. A virtual private network (VPN) is a service which hides real traffic by creating SSL-protected channel between the user and server. ![]() Recent and powerful next-generation firewalls have Secure Sockets Layer (SSL) inspection feature which are expensive and may not be suitable for every organizations. ![]() Simple network intrusion detection system (NIDS) and firewalls generally have no feature to inspect HTTPS or encrypted traffic, so they rely on unencrypted traffic to manage the encrypted payload of the network. Depending on the size of organization, these devices may differ in their capabilities. Nowadays, organizations use network firewalls and/or intrusion detection and prevention systems (IDPS) to analyze the network traffic to detect and protect against attacks and vulnerabilities. HTTPS provides end-to-end encryption between the user and service. In recent times, secure communication protocols over web such as HTTPS (Hypertext Transfer Protocol Secure) are being widely used instead of plain web communication protocols like HTTP (Hypertext Transfer Protocol).
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |