Differentiation of Sliding Rescaled Ranges: New Approach to Encrypted and VPN Traffic Detection
This work offers an incremental improvement in detecting encrypted and VPN traffic for network security and monitoring.
This paper introduces Differentiation of Sliding Rescaled Ranges (DSRR), a new traffic preprocessing method, and applies it to detect encrypted and VPN traffic. Using DSRR with Random Forest, the authors achieved 0.971 Precision and 0.969 Recall, improving to 0.976 with statistical feature analysis, outperforming a 2D-CNN approach which yielded 0.93 Precision.
We propose a new approach to traffic preprocessing called Differentiation of Sliding Rescaled Ranges (DSRR) expanding the ideas laid down by H.E. Hurst. We apply proposed approach on the characterizing encrypted and unencrypted traffic on the well-known ISCXVPN2016 dataset. We deploy DSRR for flow-base features and then solve the task VPN vs nonVPN with basic machine learning models. With DSRR and Random Forest, we obtain 0.971 Precision, 0.969 Recall and improve this result to 0.976 using statistical analysis of features in comparison with Neural Network approach that gives 0.93 Precision via 2D-CNN. The proposed method and the results can be found at https://github.com/AleksandrIvchenko/dsrr_vpn_nonvpn.