Detecting Devices and Protocols on VPN-Encrypted Networks

Information assurance properties are fundamental in securing emerging computer systems. Maintaining properties like authorization in these systems relies on knowing the protocol being used and the type of device using it. Scenarios like IoT often include a diverse set of device types and protocols which call for an approach that can encompass this diversity, such as network traffic analysis. With encrypted communication becoming more standard, current traffic analysis approaches are rendered ineffective and new means are called for to enable this type of detection. Presented here is a machine learning approach to network analysis that aims to uphold security properties on the network through the fundamental steps of detecting device types and protocols used. By inspecting VPN traffic, we classify different device types as they login with the Open Authorization (OAuth) protocol, achieving 96% correct classification in some scenarios. We then turn our attention to detecting the underlying protocols in a VPN stream, showing a 94.9% correct detection of OAuth. Through these two classification attempts, we show how to overcome specific challenges of machine learning on VPN data such as generating samples and labeling of data.