Abstract
With the increasing attention on communication security, Virtual private network(VPN) technology is widely used to meet different security requirements. VPN traffic detection and classification have become an increasingly important and practical task in network security management. Although a lot of efforts have been made for VPN detection, existing methods mostly extract or learn features from the raw traffic manually. Manual-designed features are often complicated, costly, and time-consuming. And, handling the raw traffic throughout the communication process may lead to the compromise of user privacy. In this paper, we apply bidirectional LSTM network with attention mechanism to the VPN traffic detection problem and propose a model named NetFlow Sequence Attention Network (NSA-Net). The NSA-Net model learns representative features from the NetFlow sequences rather than the raw traffic to ensure the user privacy. Moreover, we adopt the attention mechanism, which can automatically focus on the information that has a decisive effect on detection. We verify our NSA-Net model on the NetFlow data generated from the public ISCXVPN2016 traffic dataset. And the experiment results indicate that our model can detect VPN from non-VPN traffic accurately, and achieve about 98.7% TPR. Furthermore, we analyze the performance of our model in the presence of sampling and our model still achieves over 90% TPR and Accuracy at low sampling rates.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Harmening, J.T.: Virtual private networks. In: Vacca, J.R. (ed.) Computer and Information Security Handbook, pp. 843–856. Morgan Kaufmann, Burlington (2017)
Lotfollahi, M., Siavoshani, M.J., et al.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2020). https://doi.org/10.1007/s00500-019-04030-2
Zain ul Abideen, M., Saleem, S., Ejaz, M.: VPN traffic detection in SSL-protected channel. Secur. Commun. Netw. 2019(5), 1–17 (2019)
Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., et al.: Characterization of encrypted and vpn traffic using time-related. In: ICISSP, pp. 407–414 (2016)
Bagui, S., Fang, X., et al.: Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features. J. Cyber Secur. Technol. 1(2), 108–126 (2017)
Wang,W., Zhu, M., Wang, J., et al.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)
Miller, S., Curran, K., Lunney, T.: Multilayer perceptron neural network for detection of encrypted VPN network traffic. In: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, pp. 1–8. IEEE (2018)
Guo, L., Wu, Q., Liu, S., et al.: Deep learning-based real-time VPN encrypted traffic identification methods. J. Real-Time Image Proc. 17(1), 103–114 (2020). https://doi.org/10.1007/s11554-019-00930-6
Claise, B.: Cisco systems neflow services export version 9 (2004)
Zhou, P., Shi, W., Tian, J., et al.: Attention-based bidirectional long short-term memory networks for relation classification. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, pp. 207–212 (2016)
Hofstede, R., Hendriks, L., Sperotto, A., et al.: SSH compromise detection using NetFlow/IPFIX. ACM SIGCOMM Comput. Commun. Rev. 44(5), 20–26 (2014)
Schatzmann, D., Mühlbauer, W., Spyropoulos, T., et al.: Digging into HTTPS: flow-based classification of webmail traffic. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 322-327 (2010)
Manzoor, J., Drago, I., Sadre, R.: How HTTP/2 is changing Web traffic and how to detect it. In: 2017 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–9. IEEE (2017)
Lv, B., Yu, X., Xu, G., et al.: Network traffic monitoring system based on big data technology. In: Proceedings of the International Conference on Big Data and Computing 2018, pp. 27–32 (2018)
Liu, X., Tang, Z., Yang, B.: Predicting network attacks with CNN by constructing images from NetFlow Data. In: BigDataSecurity, pp. 61–66. IEEE (2019)
Yang, C.T., Liu, J.C., Kristiani, E., et al.: NetFlow monitoring and cyberattack detection using deep learning with Ceph. IEEE Access 8, 7842–7850 (2020)
Mnih, V., Heess, N., Graves A.: Recurrent models of visual attention. In: Advances in Neural Information Processing Systems, pp. 2204–2212 (2014)
Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. Comput. Sci. arXiv preprint arXiv:1409.0473 (2014)
Chorowski, J., Bahdanau, D., Serdyuk, D., et al.: Attention-based models for speech recognition. Comput. Sci. 10(4), 429–439 (2015)
Luong, M.T., Pham, H., Manning, C.D.: Effective approaches to attention-based neural machine translation. Comput. Sci. arXiv preprint arXiv:1508.04025 (2015)
Softflowd. http://www.mindrot.org/projects/softflowd/
Nfdump. http://nfdump.sourceforge.net/
Abadi, M., Agarwal, A., et al.: Tensor-flow: large-scale machine learning on heterogeneous distributed systems, arXiv preprint arXiv:1603.04467 (2016)
Chollet, F., et al.: Keras (2017). https://github.com/fchollet/keras
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR, vol. abs/1412.6980 (2014)
Acknowledgments
This work is supported by The National Key Research and Development Program of China (No. 2020YFE0200500 and No.2016QY05X1000) and The Key research and Development Program for Guangdong Province under grant No. 2019B010137003 and The National Key Research and Development Program of China (No. 2018YFB1800200). Zhen Li is the corresponding author.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Fu, P. et al. (2020). NSA-Net: A NetFlow Sequence Attention Network for Virtual Private Network Traffic Detection. In: Huang, Z., Beek, W., Wang, H., Zhou, R., Zhang, Y. (eds) Web Information Systems Engineering – WISE 2020. WISE 2020. Lecture Notes in Computer Science(), vol 12342. Springer, Cham. https://doi.org/10.1007/978-3-030-62005-9_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-62005-9_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62004-2
Online ISBN: 978-3-030-62005-9
eBook Packages: Computer ScienceComputer Science (R0)