Research Article
VPN Traffic Detection in SSL-Protected Channel
Table 1
Attributes of related techniques.
| Research techniques | Strengths | Limitations |
| NIDS-based technique [22] | (1) Complete architecture to handle encrypted traffic-based intrusion detection | (1) Multiple devices to be added in the network | (2) Protection against remote access and evasion techniques | (2) Increased bandwidth inside the network due to traffic duplication | DNS-based technique [27] | (1) Introduces the concept of DNS scoring and analysis. Helpful in detecting malicious CNC based on DNS | (1) All CNC may not use only DNS based implementation | Connection-based technique [26] | (1) Five-tuple-based connection management. Helpful in identifying different protocol and application behavior | (1) Traffic generated by HTTPS based VPN will generally look like standard HTTPS streams |
|
|