{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T23:18:26Z","timestamp":1769555906325,"version":"3.49.0"},"reference-count":50,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020,7,1]]},"abstract":"<p>The detection of unauthorized users can be problematic for techniques that are available at present if the nefarious actors are using identity hiding tools such as anonymising proxies or virtual private networks (VPNs). This work presents computational models to address the limitations currently experienced in detecting VPN traffic. A model to detect usage of VPNs was developed using a multi-layered perceptron neural network that was trained using flow statistics data found in the transmission control protocol (TCP) header of captured network packets. Validation testing showed that the presented models are capable of classifying network traffic in a binary manner as direct (originating directly from a user's own device) or indirect (makes use of identity and location hiding features of VPNs) with high degrees of accuracy. The experiments conducted to classify OpenVPN usage found that the neural network was able to correctly identify the VPN traffic with an overall accuracy of 93.71%. The further work done to classify Stunnel OpenVPN usage found that the Neural Network was able to correctly identify VPN traffic with an overall accuracy of 97.82% accuracy when using 10-fold cross validation. This final experiment also provided an observation of 3 different validation techniques and the different accuracy results obtained. These results demonstrate a significant advancement in the detection of unauthorised user access with evidence showing that there could be further advances for research in this field particularly in the application of business security where the detection of VPN usage is important to an organization.<\/p>","DOI":"10.4018\/ijwnbt.2020070104","type":"journal-article","created":{"date-parts":[[2020,6,26]],"date-time":"2020-06-26T12:54:02Z","timestamp":1593176042000},"page":"60-80","source":"Crossref","is-referenced-by-count":21,"title":["Detection of Virtual Private Network Traffic Using Machine Learning"],"prefix":"10.4018","volume":"9","author":[{"given":"Shane","family":"Miller","sequence":"first","affiliation":[{"name":"Ulster University, Derry, UK"}]},{"given":"Kevin","family":"Curran","sequence":"additional","affiliation":[{"name":"Ulster University, Derry, UK"}]},{"given":"Tom","family":"Lunney","sequence":"additional","affiliation":[{"name":"Ulster University, Derry, UK"}]}],"member":"2432","reference":[{"key":"IJWNBT.2020070104-0","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2018.04.025"},{"key":"IJWNBT.2020070104-1","unstructured":"Arndt, D. (2011). NetMate-flowcalc. Retrieved from https:\/\/dan.arndt.ca\/projects\/netmate-flowcalc\/"},{"key":"IJWNBT.2020070104-2","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC.2019.8766609"},{"key":"IJWNBT.2020070104-3","unstructured":"Cisco. (2018). Encrypted Traffic Analytics. Retrieved from https:\/\/www.cisco.com\/c\/dam\/en\/us\/solutions\/collateral\/enterprise-networks\/enterprise-network-security\/nb-09-encrytd-traf-anlytcs-wp-cte-en.pdf"},{"key":"IJWNBT.2020070104-4","doi-asserted-by":"publisher","DOI":"10.1109\/TITS.2019.2950416"},{"key":"IJWNBT.2020070104-5","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2012.6135854"},{"key":"IJWNBT.2020070104-6","doi-asserted-by":"publisher","DOI":"10.1109\/IWCMC.2014.6906427"},{"key":"IJWNBT.2020070104-7","unstructured":"Farinacci, D. (1994). Generic Routing Encapsulation over IPv4 networks\u2019, RFC1702, pp. 1\u20134. Retrieved from https:\/\/tools.ietf.org\/html\/rfc1702"},{"key":"IJWNBT.2020070104-8","doi-asserted-by":"publisher","DOI":"10.1016\/j.inffus.2018.08.002"},{"key":"IJWNBT.2020070104-9","author":"E.Frank","year":"2016","journal-title":"The WEKA Workbench Online Appendix for \u201cData Mining: Practical Machine Learning Tools and Techniques\u201d Morgan Kaufmann"},{"key":"IJWNBT.2020070104-10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2008.08.003"},{"key":"IJWNBT.2020070104-11","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-5225-0193-0"},{"key":"IJWNBT.2020070104-12","unstructured":"Ghosh, A. K., Schwartzbard, A., & Schatz, M. (1999). Learning Program Behavior Profiles for Intrusion Detection. In Proceedings of theWorkshop on Intrusion Detection and Network Monitoring. Academic Press."},{"key":"IJWNBT.2020070104-13","unstructured":"Hawkes-Robinson, W. (2002). SANS Institute - Microsoft PPTP VPN Vulnerabilities - Exploits in Action\u2019. SANS Institute. Retrieved from https:\/\/www.researchgate.net\/publication\/235927650_SANS_Institute_-_Microsoft_PPTP_VPN_Vulnerabilities_-_Exploits_in_Action"},{"key":"IJWNBT.2020070104-14","unstructured":"Hunt, T. (2016, July 1). Observations and thoughts on the LinkedIn data breach. troyhunt.com. Retrieved from https:\/\/www.troyhunt.com\/observations-and-thoughts-on-the-linkedin-data-breach\/"},{"key":"IJWNBT.2020070104-15","doi-asserted-by":"publisher","DOI":"10.1016\/j.ejor.2017.07.027"},{"key":"IJWNBT.2020070104-16","doi-asserted-by":"publisher","DOI":"10.1109\/ISCISC.2015.7387907"},{"key":"IJWNBT.2020070104-17","unstructured":"Kent, S. and K. Seo. (n.d.). Security Architecture for the Internet Protocol RFC 4301."},{"key":"IJWNBT.2020070104-18","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-006-0002-5"},{"key":"IJWNBT.2020070104-19","doi-asserted-by":"publisher","DOI":"10.1080\/01422419908228843"},{"key":"IJWNBT.2020070104-20","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1145\/3098822.3098842","article-title":"The quic transport protocol: Design and internet-scale deployment.","author":"A.Langley","year":"2017","journal-title":"Proceedings of the Conference of the ACM Special Interest Group on Data Communication"},{"key":"IJWNBT.2020070104-21","doi-asserted-by":"publisher","DOI":"10.1109\/WOCN.2016.7759880"},{"key":"IJWNBT.2020070104-22","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2015.01.009"},{"key":"IJWNBT.2020070104-23","doi-asserted-by":"publisher","DOI":"10.1145\/1835449.1835513"},{"key":"IJWNBT.2020070104-24","doi-asserted-by":"publisher","DOI":"10.4018\/IJDCF.2018040105"},{"key":"IJWNBT.2020070104-25","unstructured":"Microsoft. (2012). Microsoft Security Advisory 2743314 | Microsoft Docs, Microsoft Security Advisory. Retrieved from https:\/\/docs.microsoft.com\/en-us\/security-updates\/SecurityAdvisories\/2012\/2743314"},{"key":"IJWNBT.2020070104-26","doi-asserted-by":"publisher","DOI":"10.20533\/ijisr.2042.4639.2015.0061"},{"key":"IJWNBT.2020070104-27","doi-asserted-by":"publisher","DOI":"10.1109\/ISSC.2016.7528443"},{"key":"IJWNBT.2020070104-28","doi-asserted-by":"crossref","unstructured":"Miller, S., Curran, K., & Lunney, T. (2018). Multilayer Perceptron Neural Network for Detection of Encrypted VPN Network Traffic. In Proceedings of the IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA 2018). IEEE Press.","DOI":"10.1109\/CyberSA.2018.8551395"},{"key":"IJWNBT.2020070104-29","unstructured":"Miller, S., Curran, K., & Lunney, T. (2018). Detection of Anonymising Proxies using Machine Learning', Special issue on Machine Learning for Cyber Security. Journal of Information Science."},{"key":"IJWNBT.2020070104-30","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2018.8422401"},{"key":"IJWNBT.2020070104-31","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2005.06.002"},{"key":"IJWNBT.2020070104-32","unstructured":"Pagliery, J. (2014, December 24). What caused Sony hack: What we know now. CNN. Retrieved from http:\/\/money.cnn.com\/2014\/12\/24\/technology\/security\/sony-hack-facts\/"},{"key":"IJWNBT.2020070104-33","unstructured":"Peterson, A. (2014, December 18). The Sony Pictures hack, explained. The Washington Post. Retrieved from https:\/\/www.washingtonpost.com\/news\/the-switch\/wp\/2014\/12\/18\/the-sony-pictures-hack-explained\/"},{"key":"IJWNBT.2020070104-34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67262-5_7"},{"key":"IJWNBT.2020070104-35","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3070"},{"key":"IJWNBT.2020070104-36","doi-asserted-by":"publisher","DOI":"10.1017\/S0269888900007724"},{"key":"IJWNBT.2020070104-37","doi-asserted-by":"publisher","DOI":"10.1147\/rd.33.0210"},{"key":"IJWNBT.2020070104-38","unstructured":"Schmidt, J. (2012). A death blow for PPTP - The H Security: News and Features. H-online. Retrieved from http:\/\/www.h-online.com\/security\/features\/A-death-blow-for-PPTP-1716768.html"},{"key":"IJWNBT.2020070104-39","doi-asserted-by":"publisher","DOI":"10.1145\/288090.288119"},{"key":"IJWNBT.2020070104-40","doi-asserted-by":"publisher","DOI":"10.1145\/2829988.2787502"},{"key":"IJWNBT.2020070104-41","unstructured":"Simpson, W. (1996). PPP CHAP. Network Working Group. Retrieved from https:\/\/tools.ietf.org\/rfc\/rfc1994.txt"},{"key":"IJWNBT.2020070104-42","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2724"},{"key":"IJWNBT.2020070104-43","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-018-2517-0"},{"key":"IJWNBT.2020070104-44","unstructured":"Varvello, M., Azurmendi, I., Nappa, A., Papadopoulos, P., Pestana, G., Livshits, B. (2019). VPN0: A Privacy-Preserving Decentralized Virtual Private Network"},{"key":"IJWNBT.2020070104-45","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-32150-5_55"},{"key":"IJWNBT.2020070104-46","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2008.01.008"},{"key":"IJWNBT.2020070104-47","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2015.7081076"},{"key":"IJWNBT.2020070104-48","doi-asserted-by":"publisher","DOI":"10.1145\/1185347.1185360"},{"key":"IJWNBT.2020070104-49","unstructured":"Zorn, G. (1999). Point-to-Point Tunneling Protocol (PPTP) RFC 2637. Retrieved from https:\/\/tools.ietf.org\/html\/rfc2637"}],"container-title":["International Journal of Wireless Networks and Broadband Technologies"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=257779","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T19:00:15Z","timestamp":1651863615000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJWNBT.2020070104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2020,7,1]]},"references-count":50,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2020,7]]}},"URL":"https:\/\/doi.org\/10.4018\/ijwnbt.2020070104","relation":{},"ISSN":["2155-6261","2155-627X"],"issn-type":[{"value":"2155-6261","type":"print"},{"value":"2155-627X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,7,1]]}}}