NSA-Net: A NetFlow Sequence Attention Network for Virtual Private Network Traffic Detection

With the increasing attention on communication security, Virtual private network(VPN) technology is widely used to meet different security requirements. VPN traffic detection and classification have become an increasingly important and practical task in network security management. Although a lot of efforts have been made for VPN detection, existing methods mostly extract or learn features from the raw traffic manually. Manual-designed features are often complicated, costly, and time-consuming. And, handling the raw traffic throughout the communication process may lead to the compromise of user privacy. In this paper, we apply bidirectional LSTM network with attention mechanism to the VPN traffic detection problem and propose a model named NetFlow Sequence Attention Network (NSA-Net). The NSA-Net model learns representative features from the NetFlow sequences rather than the raw traffic to ensure the user privacy. Moreover, we adopt the attention mechanism, which can automatically focus on the information that has a decisive effect on detection. We verify our NSA-Net model on the NetFlow data generated from the public ISCXVPN2016 traffic dataset. And the experiment results indicate that our model can detect VPN from non-VPN traffic accurately, and achieve about 98.7% TPR. Furthermore, we analyze the performance of our model in the presence of sampling and our model still achieves over 90% TPR and Accuracy at low sampling rates.