VoIP Traffic Detection in Tunneled and Anonymous Networks Using Deep Learning

Islam, Faiz Ul; Liu, Guangjie; Zhai, Jiangtao; Liu, Weiwei

doi:10.1109/access.2021.3073967

Cited by 22 publications

(11 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The accuracy rate reached 98% in the test on the ISCX-VPN-2016 [19] dataset. To analyze VoIP traffic in tunneled and anonymous networks, the captured raw traffic is preprocessed based on the feature engineering of FSTFs [20], and then a hybrid deep learning model (MLP, 1D-CNN, and LSTM) is used for classification, which can classify traffic data into four categories: VPN VoIP, VPN Non-VoIP, TOR VoIP, and TOR Non-VoIP, and the classification accuracy can exceed 94%. In addition, experiments in work [21] show that the attention mechanism [22] can help the deep learning model focus on the more critical information in encrypted traffic and ignore the noise that is meaningless to the detection task, which can further improve the detection effect of the model.…”

Section: Deep Learning Based Detection Methodsmentioning

confidence: 99%

Dark-Forest: Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm

Xin¹,

Zhang²,

Wang³

et al. 2023

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

The dark web is a shadow area hidden in the depths of the Internet, which is difficult to access through common search engines. Because of its anonymity, the dark web has gradually become a hotbed for a variety of cyber-crimes. Although some research based on machine learning or deep learning has been shown to be effective in the task of analyzing dark web traffic in recent years, there are still pain points such as low accuracy, insufficient real-time performance, and limited application scenarios. Aiming at the difficulties faced by the existing automated dark web traffic analysis methods, a novel method named Dark-Forest to analyze the behavior of dark web traffic is proposed. In this method, firstly, particle swarm optimization algorithm is used to filter the redundant features of dark web traffic data, which can effectively shorten the training and inference time of the model to meet the realtime requirements of dark web detection task. Then, the selected features of traffic are analyzed and classified using the DeepForest model as a backbone classifier. The comparison experiment with the current mainstream methods shows that Dark-Forest takes into account the advantages of statistical machine learning and deep learning, and achieves an accuracy rate of 87.84%. This method not only outperforms baseline methods such as Random Forest, MLP, CNN, and the original DeepForest in both large-scale and small-scale dataset based learning tasks, but also can detect normal network traffic, tunnel network traffic and anonymous network traffic, which may close the gap between different network traffic analysis tasks. Thus, it has a wider application scenario and higher practical value.

show abstract

Section: Deep Learning Based Detection Methodsmentioning

confidence: 99%

Dark-Forest: Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm

Xin¹,

Zhang²,

Wang³

et al. 2023

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

show abstract

“…Port‐based and deep packet inspection‐based techniques were employed to classify the network traffic in the past. However, these methods are invalidated due to the emergence of obfuscation techniques such as the usage of random ports and payload encryption [13]. Therefore, researchers introduced statistical‐based classification techniques to fulfil the requirement of network security for intelligent identification of different network applications and protocols.…”

Section: Related Workmentioning

confidence: 99%

“…The widely used, traditional inspection methods are mainly categorised into two sections; such as deep packet-based [4][5][6][7] and port-based [8,9]. These early detection procedures failed to recognise the network traffic accurately due to the implementation of the encryption protocols, such as Secure Sockets layer (SSL) and Transport Security Layer (TLS) and the usage of non-standard ports [10][11][12][13]. Machine learning techniques overcome the failure of payload-based classification and port-based classification techniques.…”

Section: Introductionmentioning

confidence: 99%

A deep learning‐based framework to identify and characterise heterogeneous secure network traffic

Islam

Liu

et al. 2022

IET Information Security

Self Cite

View full text Add to dashboard Cite

The evergrowing diversity of encrypted and anonymous network traffic makes network management more formidable to manage the network traffic. An intelligent system is essential to analyse and identify network traffic accurately. Network management needs such techniques to improve the Quality of Service and ensure the flow of secure network traffic. However, due to the usage of non-standard ports and encryption of data payloads, the classical port-based and payload-based classification techniques fail to classify the secured network traffic. To solve the above-mentioned problems, this paper proposed an effective deep learning-based framework employed with flow-time-based features to predict heterogeneous secure network traffic best. The state-of-the-art machine learning strategies (C4.5, random forest, and K-nearest neighbour) are investigated for comparison. The proposed 1D-CNN model achieved higher accuracy in classifying the heterogeneous secure network traffic. In the next step, the proposed deep learning model characterises the major categories (virtual private network traffic, the onion router network traffic, and plain encrypted network traffic) into several application types. The experimental results show the effectiveness and feasibility of the proposed deep learning framework, which yields improved predictive power compared to the state-of-the-art machine learning techniques employed for secure network traffic analysis.

show abstract

“…These countries have enforced laws making VPN use on phones illegal, accompanied by severe fines and potential imprisonment. Such measures underscore the increasing focus on VPN usage globally, particularly when they are employed to circumvent geo-restrictions and access blocked content, raising significant issues regarding cybersecurity and national security [1][2][3].…”

Section: Introductionmentioning

confidence: 99%

Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive Framework

Alqahtany,

Syed

2024

Applied Sciences

View full text Add to dashboard Cite

In an era marked by technological advancement, the rising reliance on Virtual Private Networks (VPNs) necessitates sophisticated forensic analysis techniques to investigate VPN traffic, especially in mobile environments. This research introduces an innovative approach utilizing Convolutional Neural Networks (CNNs) and Graph Neural Networks (GNNs) for classifying VPN traffic, aiding forensic investigators in precisely identifying applications or websites accessed via VPN connections. By leveraging the combined strengths of CNNs and GNNs, our method provides an effective solution for discerning user activities during VPN sessions. Further extending this framework, we incorporate blockchain technology to meticulously record all mobile VPN transactions, ensuring a tamper-proof and transparent ledger that significantly bolsters the integrity and admissibility of forensic evidence in legal scenarios. A specific use-case demonstrates this methodology in mobile forensics, where our integrated approach not only accurately classifies data traffic but also securely logs transactional details on the blockchain, offering an unprecedented level of detail and reliability in forensic investigations. Extensive real-world VPN dataset experiments validate our approach, highlighting its potential to achieve high accuracy and offering invaluable insights for both technological and legal domains in the context of mobile VPN usage.

show abstract

VoIP Traffic Detection in Tunneled and Anonymous Networks Using Deep Learning

Cited by 22 publications

References 62 publications

Dark-Forest: Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm

Dark-Forest: Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm

A deep learning‐based framework to identify and characterise heterogeneous secure network traffic

Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive Framework

Contact Info

Product

Resources

About