VPN Traffic Detection in SSL-Protected Channel

<table class="table-group" id="tab1"><tr><td><table class="table"><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr class="thead"><td class="align_left">Research techniques</td><td class="align_center">Strengths</td><td class="align_center">Limitations</td></tr><tr><td class="thead-hr" colspan="3"><hr/></td></tr><tr><td class="align_left" rowspan="2">NIDS-based technique [<a href="/journals/scn/2019/7924690/#B22" target="_blank">22</a>]</td><td class="align_center">(1) Complete architecture to handle encrypted traffic-based intrusion detection</td><td class="align_center">(1) Multiple devices to be added in the network</td></tr><tr><td class="align_center">(2) Protection against remote access and evasion techniques</td><td class="align_center">(2) Increased bandwidth inside the network due to traffic duplication</td></tr><tr><td class="align_left">DNS-based technique [<a href="/journals/scn/2019/7924690/#B27" target="_blank">27</a>]</td><td class="align_center">(1) Introduces the concept of DNS scoring and analysis. Helpful in detecting malicious CNC based on DNS</td><td class="align_center">(1) All CNC may not use only DNS based implementation</td></tr><tr><td class="align_left">Connection-based technique [<a href="/journals/scn/2019/7924690/#B26" target="_blank">26</a>]</td><td class="align_center">(1) Five-tuple-based connection management. Helpful in identifying different protocol and application behavior</td><td class="align_center">(1) Traffic generated by HTTPS based VPN will generally look like standard HTTPS streams</td></tr><tr class="table-tr"><td colspan="3"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Attributes of related techniques.</div>

Security and Communication Networks

tab1

Table 1

Table 1: VPN Traffic Detection in SSL-Protected Channel 