Skip to main content
SpringerLink
Log in

NSA-Net: A NetFlow Sequence Attention Network for Virtual Private Network Traffic Detection

  • Conference paper
  • First Online:
Web Information Systems Engineering – WISE 2020 (WISE 2020)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12342))

Included in the following conference series:

Abstract

With the increasing attention on communication security, Virtual private network(VPN) technology is widely used to meet different security requirements. VPN traffic detection and classification have become an increasingly important and practical task in network security management. Although a lot of efforts have been made for VPN detection, existing methods mostly extract or learn features from the raw traffic manually. Manual-designed features are often complicated, costly, and time-consuming. And, handling the raw traffic throughout the communication process may lead to the compromise of user privacy. In this paper, we apply bidirectional LSTM network with attention mechanism to the VPN traffic detection problem and propose a model named NetFlow Sequence Attention Network (NSA-Net). The NSA-Net model learns representative features from the NetFlow sequences rather than the raw traffic to ensure the user privacy. Moreover, we adopt the attention mechanism, which can automatically focus on the information that has a decisive effect on detection. We verify our NSA-Net model on the NetFlow data generated from the public ISCXVPN2016 traffic dataset. And the experiment results indicate that our model can detect VPN from non-VPN traffic accurately, and achieve about 98.7% TPR. Furthermore, we analyze the performance of our model in the presence of sampling and our model still achieves over 90% TPR and Accuracy at low sampling rates.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Harmening, J.T.: Virtual private networks. In: Vacca, J.R. (ed.) Computer and Information Security Handbook, pp. 843–856. Morgan Kaufmann, Burlington (2017)

    Chapter  Google Scholar 

  2. Lotfollahi, M., Siavoshani, M.J., et al.: Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput. 24(3), 1999–2012 (2020). https://doi.org/10.1007/s00500-019-04030-2

    Article  Google Scholar 

  3. Zain ul Abideen, M., Saleem, S., Ejaz, M.: VPN traffic detection in SSL-protected channel. Secur. Commun. Netw. 2019(5), 1–17 (2019)

    Google Scholar 

  4. Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., et al.: Characterization of encrypted and vpn traffic using time-related. In: ICISSP, pp. 407–414 (2016)

    Google Scholar 

  5. Bagui, S., Fang, X., et al.: Comparison of machine-learning algorithms for classification of VPN network traffic flow using time-related features. J. Cyber Secur. Technol. 1(2), 108–126 (2017)

    Article  Google Scholar 

  6. Wang,W., Zhu, M., Wang, J., et al.: End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In: 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 43–48. IEEE (2017)

    Google Scholar 

  7. Miller, S., Curran, K., Lunney, T.: Multilayer perceptron neural network for detection of encrypted VPN network traffic. In: 2018 International Conference On Cyber Situational Awareness, Data Analytics And Assessment, pp. 1–8. IEEE (2018)

    Google Scholar 

  8. Guo, L., Wu, Q., Liu, S., et al.: Deep learning-based real-time VPN encrypted traffic identification methods. J. Real-Time Image Proc. 17(1), 103–114 (2020). https://doi.org/10.1007/s11554-019-00930-6

    Article  Google Scholar 

  9. Claise, B.: Cisco systems neflow services export version 9 (2004)

    Google Scholar 

  10. Zhou, P., Shi, W., Tian, J., et al.: Attention-based bidirectional long short-term memory networks for relation classification. In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics, pp. 207–212 (2016)

    Google Scholar 

  11. Hofstede, R., Hendriks, L., Sperotto, A., et al.: SSH compromise detection using NetFlow/IPFIX. ACM SIGCOMM Comput. Commun. Rev. 44(5), 20–26 (2014)

    Article  Google Scholar 

  12. Schatzmann, D., Mühlbauer, W., Spyropoulos, T., et al.: Digging into HTTPS: flow-based classification of webmail traffic. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement, pp. 322-327 (2010)

    Google Scholar 

  13. Manzoor, J., Drago, I., Sadre, R.: How HTTP/2 is changing Web traffic and how to detect it. In: 2017 Network Traffic Measurement and Analysis Conference (TMA), pp. 1–9. IEEE (2017)

    Google Scholar 

  14. Lv, B., Yu, X., Xu, G., et al.: Network traffic monitoring system based on big data technology. In: Proceedings of the International Conference on Big Data and Computing 2018, pp. 27–32 (2018)

    Google Scholar 

  15. Liu, X., Tang, Z., Yang, B.: Predicting network attacks with CNN by constructing images from NetFlow Data. In: BigDataSecurity, pp. 61–66. IEEE (2019)

    Google Scholar 

  16. Yang, C.T., Liu, J.C., Kristiani, E., et al.: NetFlow monitoring and cyberattack detection using deep learning with Ceph. IEEE Access 8, 7842–7850 (2020)

    Article  Google Scholar 

  17. Mnih, V., Heess, N., Graves A.: Recurrent models of visual attention. In: Advances in Neural Information Processing Systems, pp. 2204–2212 (2014)

    Google Scholar 

  18. Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. Comput. Sci. arXiv preprint arXiv:1409.0473 (2014)

  19. Chorowski, J., Bahdanau, D., Serdyuk, D., et al.: Attention-based models for speech recognition. Comput. Sci. 10(4), 429–439 (2015)

    Google Scholar 

  20. Luong, M.T., Pham, H., Manning, C.D.: Effective approaches to attention-based neural machine translation. Comput. Sci. arXiv preprint arXiv:1508.04025 (2015)

  21. Softflowd. http://www.mindrot.org/projects/softflowd/

  22. Nfdump. http://nfdump.sourceforge.net/

  23. Abadi, M., Agarwal, A., et al.: Tensor-flow: large-scale machine learning on heterogeneous distributed systems, arXiv preprint arXiv:1603.04467 (2016)

  24. Chollet, F., et al.: Keras (2017). https://github.com/fchollet/keras

  25. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR, vol. abs/1412.6980 (2014)

    Google Scholar 

Download references

Acknowledgments

This work is supported by The National Key Research and Development Program of China (No. 2020YFE0200500 and No.2016QY05X1000) and The Key research and Development Program for Guangdong Province under grant No. 2019B010137003 and The National Key Research and Development Program of China (No. 2018YFB1800200). Zhen Li is the corresponding author.

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Peipei Fu, Chang Liu, Qingya Yang, Zhenzhen Li, Gaopeng Gou, Gang Xiong & Zhen Li

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Peipei Fu, Chang Liu, Qingya Yang, Zhenzhen Li, Gaopeng Gou, Gang Xiong & Zhen Li

Authors
  1. Peipei Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Qingya Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhenzhen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Gaopeng Gou
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Gang Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Zhen Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhen Li .

Editor information

Editors and Affiliations

  1. VU Amsterdam, Amsterdam, The Netherlands

    Zhisheng Huang

  2. VU Amsterdam, Amsterdam, The Netherlands

    Wouter Beek

  3. Victoria University, Melbourne, VIC, Australia

    Hua Wang

  4. Swinburne University of Technology, Hawthorn, VIC, Australia

    Rui Zhou

  5. Victoria University, Melbourne, VIC, Australia

    Yanchun Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fu, P. et al. (2020). NSA-Net: A NetFlow Sequence Attention Network for Virtual Private Network Traffic Detection. In: Huang, Z., Beek, W., Wang, H., Zhou, R., Zhang, Y. (eds) Web Information Systems Engineering – WISE 2020. WISE 2020. Lecture Notes in Computer Science(), vol 12342. Springer, Cham. https://doi.org/10.1007/978-3-030-62005-9_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62005-9_31

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62004-2

  • Online ISBN: 978-3-030-62005-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation