Computer Science

Computer Science ›› 2023, Vol. 50 ›› Issue (10): 308-314.doi: 10.11896/jsjkx.230500141

• Information Security • Previous Articles     Next Articles

IPSec VPN Closure Detection Method Based on Side-channel Features

SUN Yunxiao1, LI Jun1, WANG Bailing1,2   

  1. 1 School of Computer Science and Technology,Harbin Institute of Technology(Weihai),Weihai,Shandong 264209,China
    2 Harbin Institute of Technology Research Institute of Cyberspace Security,Harbin 150001,China
  • Received:2023-05-21 Revised:2023-07-25 Online:2023-10-10 Published:2023-10-10
  • About author:SUN Yunxiao,born in 1989,Ph.D.His main research interests include network security communication protocol and so on.WANG Bailing,born in 1978,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include industrial Internet security,information security and financial security.
  • Supported by:
    National Key R & D Program of China(2021YFB2012400),National Natural Science Foundation of China(62272129) and Fundamental Research Funds for the Central Universities of Ministry of Education of China(HIT.NSRIF.2020098).

PDF (PC)

1216

Abstract: IPSec VPN can be divided into closed networks and open networks according to different application scenarios.Closed networks are generally used to customize virtual private networks,and open network proxies are commonly used to avoid network auditing.Therefore,the identification and classification of IPSec VPN network types is of great significance for network supervision.According to the difference in traffic complexity between the two network types,a method for IPSec VPN closure detection using side-channel features of the encrypted traffic is proposed.The distribution of IPSec encrypted traffic frame length sequence and TCP maximum segment size in the tunnel is extracted,and information entropy is introduced to measure the distribution of MSS value.The information entropy of MSS value and the standard deviation of the frame length sequence are used as feature vectors.Machine Learning algorithms such as support vector machine and random forest are used for training and prediction.Experimental results indicate that the accuracy of closure detection using this classification method exceeds 96% and can effectively identify VPN tunnels used for open proxies.

Key words: IPSec VPN, Closure detection, Side-channel, TCP MSS, Machine learning

CLC Number: 

  • TP309
[1]HAN Z H,CHEN X S,ZENG X M,et al.Detecting Proxy User Based on Communication Behavior Portrait[J].The Computer Journal,2019,62(12):1777-1792.
[2]REZAEI S,LIU X.Deep Learning for Encrypted Traffic Classification:An Overview [J].IEEE Communications Magazine,2019,57(5):76-81.
[3]ALSHAMMARI R,ZINCIR-HEYWOOD N.Generalization ofsignatures for SSH encrypted traffic identification[C]//Proceedings of Computational Intelligence in Cyber Security Confe-rence.2009:167-174.
[4]ANDERSON B,PAUL S,MCGREW D.Deciphering Malware's Use of TLS(without Decryption)[J].Journal of Computer Virology and Hacking Techniques,2018,14(3):195-211.
[5]ANDERSON B,MCGREW D.Machine learning for encrypted malware traffic classification:accounting for noisy labels and non-stationarity[C]//Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining.2017:1723-1732.
[6]L7 filter[EB/OL].[2023-02-10].http://l7-filter.sourceforge.net/.
[7]OpenDPI[EB/OL].[2023-02-10].https://github.com/thoma-sbhatia/OpenDPI.
[8]WANG L,FENG H M,LIU B,et al.SSL VPN encrypted trafficidentification based on hybrid method[J].Computer Applications and Software,2019,36(2):321-328.
[9]SU M Y .Using clustering to improve the KNN-based classifiers for online anomaly network traffic identification[J].Journal of Network & Computer Applications,2011,34(2):722-730.
[10]WU D,CHEN X,CHEN C,et al.On addressing the imbalance problem:a correlated KNN approach for network traffic classification[C]//Proceedings of International Conference on Network and System Security.Cham:Springer International Publishing,2014:138-151.
[11]ZHOU Y M,LIU F Z,WANG Y.IPSec VPN Encrypted Traffic Identification Based on Hybrid Method[J].Computer Science,2021,48(4):295-302.
[12]WANG A,GE J,SHANG N,et al.Practical cases of side-channel analysis[J].Journal of Cryptologic Research,2018,5(4):383-398.
[13]KOCHER P C.Timing attacks on implementations of Diffie-Hellman,RSA,DSS,and other systems[C]//Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology.1996:104-113.
[14]KOCHER P C,JAFFE J,JUN B.Differential power analysis[C]//Advances in Cryptology—CRYPTO'99.1999:388-397.
[15]GANDOLFI K,MOURTEL C,OLIVIER F.Electromagneticanalysis:Concrete results[C]//Cryptographic Hardware and Embedded Systems(CHES 2001).2001:251-261.
[16]TAYLOR V F,SPOLAOR R,CONTI M,et al.Appscanner:Automatic fingerprinting of smartphone apps from encrypted network traffic[C]//2016 IEEE European Symposium on Security and Privacy(EuroS&P).IEEE,2016:439-454.
[17]IETF.Security Architecture for the Internet Protocol [EB/OL].[2023-02-10].https://www.ietf.org.
[18]IETF.Requirements for Internet Hosts-Communication Layers[EB/OL].[2023-02-10].https://www.ietf.org/.
[19]SHANNON C E.A mathematical theory of communication[J].The Bell System Technical Journal,1948,27(3):379-423.
[20]DRAPER-GIL G,LASHKARI A H,MAMUN M S I,et al.Characterization of encrypted and vpn traffic using time-related[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP).2016:407-414.
[21]DAI J,CHEN Y,CHEN Y,et al.An analysis of Network Traffic Identification based on Decision Tree[C]//2021 International Conference on Artificial Intelligence and Electromechanical Automation(AIEA).IEEE,2021:308-311.
[1] LI Ke, YANG Ling, ZHAO Yanbo, CHEN Yonglong, LUO Shouxi. EGCN-CeDML:A Distributed Machine Learning Framework for Vehicle Driving Behavior Prediction [J]. Computer Science, 2023, 50(9): 318-330.
[2] HUANG Shuxin, ZHANG Quanxin, WANG Yajie, ZHANG Yaoyuan, LI Yuanzhang. Research Progress of Backdoor Attacks in Deep Neural Networks [J]. Computer Science, 2023, 50(9): 52-61.
[3] WANG Yao, LI Yi. Termination Analysis of Single Path Loop Programs Based on Iterative Trajectory Division [J]. Computer Science, 2023, 50(9): 108-116.
[4] LIU Xiang, ZHU Jing, ZHONG Guoqiang, GU Yongjian, CUI Liyuan. Quantum Prototype Clustering [J]. Computer Science, 2023, 50(8): 27-36.
[5] WANG Yu, WANG Zuchao, PAN Rui. Survey of DGA Domain Name Detection Based on Character Feature [J]. Computer Science, 2023, 50(8): 251-259.
[6] LI Yang, LI Zhenhua, XIN Xianlong. Attack Economics Based Fraud Detection for MVNO [J]. Computer Science, 2023, 50(8): 260-270.
[7] ZHU Boyu, CHEN Xiao, SHA Letian, XIAO Fu. Two-layer IoT Device Classification Recognition Model Based on Traffic and Text Fingerprints [J]. Computer Science, 2023, 50(8): 304-313.
[8] LU Xingyuan, CHEN Jingwei, FENG Yong, WU Wenyuan. Privacy-preserving Data Classification Protocol Based on Homomorphic Encryption [J]. Computer Science, 2023, 50(8): 321-332.
[9] WANG Xiya, ZHANG Ning, CHENG Xin. Review on Methods and Applications of Text Fine-grained Emotion Recognition [J]. Computer Science, 2023, 50(6A): 220900137-7.
[10] WANG Jinjin, CHENG Yinhui, NIE Xin, LIU Zheng. Fast Calculation Method of High-altitude Electromagnetic Pulse Environment Based on Machine Learning [J]. Computer Science, 2023, 50(6A): 220500046-5.
[11] WANG Dongli, YANG Shan, OUYANG Wanli, LI Baopu, ZHOU Yan. Explainability of Artificial Intelligence:Development and Application [J]. Computer Science, 2023, 50(6A): 220600212-7.
[12] YIN Xingzi, PENG Ningning, ZHAN Xueyan. Filtered Feature Selection Algorithm Based on Persistent Homology [J]. Computer Science, 2023, 50(6): 159-166.
[13] CHEN Jinjie, HE Chao, XIAO Xiao, LEI Yinjie. Optical Performance Monitoring Method Based on Fine-grained Constellation Diagram Recognition [J]. Computer Science, 2023, 50(4): 220-225.
[14] PENG Yuefeng, ZHAO Bo, LIU Hui, AN Yang. Survey on Membership Inference Attacks Against Machine Learning [J]. Computer Science, 2023, 50(3): 351-359.
[15] XU Xia, ZHANG Hui, YANG Chunming, LI Bo, ZHAO Xujian. Fair Method for Spectral Clustering to Improve Intra-cluster Fairness [J]. Computer Science, 2023, 50(2): 158-165.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.