VPN Detection and Mitigation in Bandwidth-Constrained Networks: A Case Study and Practical Framework for Kandahar University
DOI:
https://doi.org/10.65486/3fnmm379Keywords:
VPN detection, VPN mitigation, machine learning, encrypted trafficAbstract
Purpose:
University networks in developing countries face serious bandwidth constraints. Students often use VPN services to bypass fair usage policies, which causes serious problems for academic services. This study presents a practical approach to detect and mitigate VPN usage without expensive equipment or invasive monitoring techniques.
Method:
We designed a four-layer detection system that combines simple firewall rules, traffic monitoring using NetFlow, machine learning, and selective examination of encryption handshakes. Following detection, we implemented adaptive mitigation strategies including progressive bandwidth throttling and policy-based access controls. We tested the complete system using actual network data from Kandahar University operations over three months, analyzing approximately 145,000 network flows.
Results:
The system correctly identified 92 percent of VPN traffic, with only 6 percent false alerts on legitimate traffic. Implementation of mitigation policies resulted in academic services improving by 18 percent during peak hours, with the Learning Management System experiencing the most significant gains. The framework works without expensive Deep Packet Inspection equipment or privacy-invading payload monitoring.
Practical Implications:
Universities with limited budgets can implement effective VPN detection and mitigation using freely available open-source tools and regular computers. The approach respects student privacy while ensuring fair bandwidth allocation through graduated enforcement policies.
Originality/Novelty:
This work provides a complete detection-to-mitigation framework designed specifically for resource-constrained universities, with detailed implementation guidance, mitigation strategies, and actual performance measurements from operational deployment.
Downloads
References
[1]. Aceto, G., Ciuonzo, D., Montieri, A., & Pescapé, A. (2019). Mobile encrypted traffic classification using deep learning: Experimental evaluation, lessons learned, and challenges. IEEE Transactions on Network and Service Management, 16(2), 445-458. https://doi.org/10.1109/TNSM.2019.2899085
[2]. Anderson, B., Paul, S., & McGrew, D. (2018). Deciphering malware use of TLS (without decryption). Journal of Computer Virology and Hacking Techniques, 14(3), 195-211. https://doi.org/10.1007/s11416-017-0306-6
[3]. Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5-32. https://doi.org/10.1023/A:1010933404324
[4]. Cisco Systems. (2019). Encrypted traffic analytics: Cisco approach. White Paper. https://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/enterprise-network-security/nb-09-encrytd-traf-anlytcs-wp-cte-en.html
[5]. Dyer, K. P., Coull, S. E., Ristenpart, T., & Shrimpton, T. (2013). Protocol misidentification made easy with format-transforming encryption. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 61-72). https://doi.org/10.1145/2508859.2516657
[6]. Ertam, F., & Avci, E. (2017). A new approach for internet traffic classification: GA-WK-ELM. Measurement, 95, 135-142. https://doi.org/10.1016/j.measurement.2016.10.001
[7]. Finsterbusch, M., Richter, C., Rocha, E., Muller, J. A., & Hanssgen, K. (2014). A survey of payload-based traffic classification approaches. IEEE Communications Surveys & Tutorials, 16(2), 1135-1156. https://doi.org/10.1109/SURV.2013.100913.00161
[8]. Husak, M., Cermak, M., Jirsik, T., & Celeda, P. (2016). HTTPS traffic analysis and client identification using passive SSL/TLS fingerprinting. EURASIP Journal on Information Security, 2016(1), 1-14. https://doi.org/10.1186/s13635-016-0030-7
[9]. IETF. (2013). RFC 7011: Specification of the IP Flow Information Export (IPFIX) Protocol. https://datatracker.ietf.org/doc/html/rfc7011
[10]. IETF. (2018). RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. https://datatracker.ietf.org/doc/html/rfc8446
[11]. IETF. (2021). RFC 9000: QUIC: A UDP-Based Multiplexed and Secure Transport. https://datatracker.ietf.org/doc/html/rfc9000
[12]. Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., & Ghorbani, A. A. (2016). Characterization of Tor traffic using time based features. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy (pp. 253-262). https://doi.org/10.5220/0005740704270436
[13]. Ma, X., Shi, J., & Luo, Z. (2016). Application classification of encrypted network traffic using Convolutional Neural Networks. In Proceedings of International Conference on Computer Communication and Networks (pp. 1-6). https://doi.org/10.1109/ICCCN.2016.7568519
[14]. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., & Duchesnay, É. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12, 2825-2830. https://www.jmlr.org/papers/volume12/pedregosa11a/pedregosa11a.pdf
[15]. Rezaei, S., & Liu, X. (2019). Deep learning for encrypted traffic classification: An overview. IEEE Communications Magazine, 57(5), 76-81. https://doi.org/10.1109/MCOM.2019.1800904
[16]. Salesforce Security Research. (2017). TLS fingerprinting with JA3 and JA3S. GitHub Repository and Technical Documentation. https://github.com/salesforce/ja3
[17]. Schuster, F., Kuehner, C., & Kounev, S. (2017). Content-preserving flow fingerprints for network traffic analysis. In Proceedings of IFIP Networking Conference (pp. 1-9). https://doi.org/10.23919/IFIPNetworking.2017.8264882
[18]. Shapira, T., & Shavitt, Y. (2019). FlowPic: Encrypted internet traffic classification is as easy as image recognition. In IEEE INFOCOM 2019 - IEEE Conference on Computer Communications Workshops (pp. 680-687). https://doi.org/10.1109/INFCOMW.2019.8845315
[19]. Shbair, W. M., Cholez, T., Francois, J., & Chrisment, I. (2016). A multi-level framework to identify HTTPS services. In Proceedings of NOMS 2016 IEEE/IFIP Network Operations and Management Symposium (pp. 240-248). https://doi.org/10.1109/NOMS.2016.7502829
[20]. UNB Canadian Institute for Cybersecurity. (2016). VPN-nonVPN dataset (ISCXVPN2016). University of New Brunswick. https://www.unb.ca/cic/datasets/vpn.html
[21]. UNESCO. (2019). Artificial intelligence in education: Challenges and opportunities for sustainable development. UNESCO Working Papers on Education Policy. https://unesdoc.unesco.org/ark:/48223/pf0000366994
[22]. World Bank. (2021). World development report 2021: Data for better lives. World Bank Publications. https://doi.org/10.1596/978-1-4648-1600-0
