Background: Every organization generally uses a VPN service individually to bypass the filters that hide the actual communication. Such communication filtration is not allowed by the organizational monitoring network. But these institutes are not in a position to spend a considerable amount of funds on a secure sockets layer to monitor traffic flow over their computer networks.
Objective: Our work suggests a simple technique to block or detect annoying VPN clients inside the network activities. This method does not require the network to decrypt or even decode any network communication.
Methods: The proposed solution selects two machine learning techniques Feature Tree and K-means as classification techniques that work on time-related features. First, the DNS mapping with the ordinary characteristic of the transmission control protocol / Internet protocol computer the network stack is identified, and it is not to be considered as a regular traffic flow if the domain name information is not available. The process not only examines non-standard utilization of hypertext transfer protocol security but also conceals such communication from hypertext transfer protocol security dependent filters in the firewall to detect as an anomaly in large.
Results: We define the traffic flow as normal traffic flow and VPN traffic flow. These two flows are characterized by taking two machine learning techniques, Feature Tree and K-means. We executed each experiment 4 times. As a result, eight types of regular traffics and eight types of VPN traffics were represented.
Conclusion: Once the traffic flow is identified, it is classified and studied by machine learning techniques. Using time-related features, the traffic flow is defined as normal flow or VPN traffic flow.