Background: Every organization generally uses a VPN service individually to bypass the
filters that hide the actual communication. Such communication filtration is not allowed by the organizational
monitoring network. But these institutes are not in a position to spend a considerable amount of
funds on a secure sockets layer to monitor traffic flow over their computer networks.
Objective: Our work suggests a simple technique to block or detect annoying VPN clients inside the
network activities. This method does not require the network to decrypt or even decode any network
Methods: The proposed solution selects two machine learning techniques Feature Tree and K-means as
classification techniques that work on time-related features. First, the DNS mapping with the ordinary
characteristic of the transmission control protocol / Internet protocol computer the network stack is
identified, and it is not to be considered as a regular traffic flow if the domain name information is not
available. The process not only examines non-standard utilization of hypertext transfer protocol security
but also conceals such communication from hypertext transfer protocol security dependent filters in the
firewall to detect as an anomaly in large.
Results: We define the traffic flow as normal traffic flow and VPN traffic flow. These two flows are
characterized by taking two machine learning techniques, Feature Tree and K-means. We executed each
experiment 4 times. As a result, eight types of regular traffics and eight types of VPN traffics were represented.
Conclusion: Once the traffic flow is identified, it is classified and studied by machine learning techniques.
Using time-related features, the traffic flow is defined as normal flow or VPN traffic flow.