Virtual Private Network Tunnel Research Articles

AAE-DSVDD: A one-class classification model for VPN traffic identification

Virtual Private Network(VPN) can provide a concealed transmission channel for communication and protect the privacy of users. However, it also brings hidden dangers to cybersecurity with its wide application. Malicious behavior or harmful information can be transmitted secretly through VPN tunnels to avoid firewall censorship. Therefore, VPN traffic identification is an important part of ensure cybersecurity. Although many efforts have been made for VPN traffic identification, existing methods mainly focus on supervised learning models. In this paper, we propose an one-class classification model called AAE-DSVDD for VPN traffic identification. First, we introduce Adversarial AutoEncoder(AAE) for preliminary modeling of VPN traffic. AAE can match the aggregated posterior distribution of the hidden layer to an arbitrary prior distribution. It associates the samples with a normal distribution in the hidden space. Secondly, We implement representation learning for VPN traffic via Deep Support Vector Data Description(DSVDD). A standardized method is designed to match the output distribution of DSVDD with the aggregated posterior distribution of AAE. It alleviates the hypersphere collapse problem of DSVDD and improves identification performance. Finally, we verify the abilities of the AAE-DSVDD model on the public dataset ISCXVPN. Compared with other one-class models, AAE-DSVDD achieved the best identification ability for VPN traffic identification. It also improves the recognition ability when identifying strange classes that are not included in the training data.

A VPN Performances Analysis of Constrained Hardware Open Source Infrastructure Deploy in IoT Environment

Virtual private network (VPN) represents an HW/SW infrastructure that implements private and confidential communication channels that usually travel through the Internet. VPN is currently one of the most reliable technologies to achieve this goal, also because being a consolidated technology, it is possible to apply appropriate patches to remedy any security holes. In this paper we analyze the performances of open source firmware OpenWrt 21.x compared with a server-side operating system (Debian 11 x64) and Mikrotik 7.x, also virtualized, and different types of clients (Windows 10/11, iOS 15, Android 11, OpenWrt 21.x, Debian 11 x64 and Mikrotik 7.x), observing the performance of the network according to the current implementation of the various protocols and algorithms of VPN tunnel examined on what are the most recent HW and SW for deployment in outdoor locations with poor network connectivity. Specifically, operating systems provide different performance metric values for various combinations of configuration variables. The first pursued goal is to find the algorithms to guarantee a data transmission/encryption ratio as efficiently as possible. The second goal is to research the algorithms capable of guaranteeing the widest spectrum of compatibility with the current infrastructures that support VPN technology, to obtain a connection system secure for geographically scattered IoT networks spread over difficult-to-manage areas such as suburban or rural environments. The third goal is to be able to use open firmware on constrained routers that provide compatibility with different VPN protocols.

Network Security Analysis Using Virtual Private Network in Vocational School

Every organization chooses a virtual private network (VPN) as their top option since it is a practical and secure solution. Through the use of a virtual private network, this study seeks to evaluate the network in SMK (VPN). The descriptive qualitative research used in this study was carried out at the lab of SMK Negeri 1 Ampek Angkek. Data were gathered through observation, interviews, and document analysis studies. The method of data analysis employed descriptive analysis. The results of this study indicate that the activity on the VPN network is better than the Non-VPN because the activities carried out in the VPN tunnel are not known by others. Users find it simpler to finish their daily agenda as a result.

A Great Approach for Medium Size Hospital Network Infrastructure Architecture

Abstract: To get first-hand experience for setting up a network infrastructure in a medium size hospital to manage the patient’s services, check-ups, follow-up plans from different parts of the hospital primes and store the data into the secured and safe manner in the database and use the data whenever required from the management team for their references. The network architecture based on the concept of the Three- layer network architecture combination of Mesh topology & Bus topology taking into the consideration of the primary data security, remote access to the network, size of the hospital organization, cost-effective, user-friendly and most importantly scalability required in the network architecture for future changes based on the size of the database, utilization of applications remotely, and for security of the data, changing technology etc. The goal of any network architecture is to protect the DATA from any attacks both internally and externally. For internal DATA security it is protected through various user permissions in different layers in the network for the end users. For Outside threat VPN tunnel, Policies, traffic filtering configured at the firewall level. Keywords: HIS-Hospital Information System, VPN- virtual private network tunnel, VLAN- Virtual LAN, HL7- Health Level Seven International, L3- Layer 3, ISP- Internet service provider

Smart Hybrid SDN Approach for MPLS VPN Management and Adaptive Multipath Optimal Routing

The Virtual Private Network (VPN) service offered by the Multi-Protocol Label Switching Protocol (MPLS) is more and more solicited by clients thanks to its various advantages that it can offer especially concerning the security, the quality of service, and the flexibility. MPLS VPN relies on multiple protocols to function correctly and can be represented according to different architectures, each of which requires its own configuration. Besides, this technology is often used to interconnect a high number of sites which makes it challenging to deploy, manage, and supervise. Software Defined Network (SDN) is a paradigm, which, thanks to a centralized point (controller) can manage the MPLS VPN tunnels in an automatic, dynamic, and on-demand way between all the clients’ equipment. To manage the equipment by an SDN controller, they must be of the new generation supporting the OpenFlow protocol. The hybrid SDN paradigm allows Legacy equipment to be included in the orchestration as well, reducing OPEX and CAPEX costs. By the present work, we propose a new approach (SH-SDN) SDN Hybrid for the management of different architectures MPLS VPN based on a new graphical interface. The proposed approach allows not only to manage the MPLS VPN tunnels but also to ensure a reasonable quality of service level by performing an adaptive and an optimal load balancing across the multiple paths. The approach has been implemented and tested in a virtual test network consisting of different manufacturers (Cisco, Juniper, and HP). The results show that the SH-SDN approach offers a remarkable reduction in the MPLS VPN tunnel establishment time in a large network and a reasonable quality of service level of the transported applications through the multipath routing improved process.

Implementation and Analysis of IP Tunnel in Virtual Private Networks

In Virtual Private Network tunneling is designed to examine the performance of Private network for transferring the data. It implements and analysis the IP tunnel in Virtual Private Network (VPN). Tunneling is a method that is used to transfer the data or packet of one protocol using different network communication mediums of another protocol. This research is emphasized to examine the performance of Private network using tunneling for the transfer of data. Basically tunneling is used to send a packet, data or traffic of one protocol using an intermediate structure of another protocol. It is called as the process of encapsulation, transmission, over different types of secured networks as encapsulation and security is one of the procedure within this network provides security .This paper gives overview of a Virtual Private Network with IP Tunnel. Virtual private Network generates a secure encryption and decryption of data with the help of IP tunneling at end points. Basically VPN routes through the internet from a private network to transferring the data from one end (source) to other end (destination). With the help of tunneling and VPN user can check the working of different parameters under various applications.

Implementation of a 24-Hour Teleradiology Service for Cruise Ships: A Pilot Study.

OBJECTIVE. The purpose of this study was to introduce a 24-hour teleradiology service for cruise ships as a novel concept in maritime telemedicine. SUBJECTS AND METHODS. One cruise ship equipped with a mobile radiography unit and digital storage imaging plates was involved in this pilot study. Radiographs were transmitted via satellite internet to a tertiary hospital on shore for image interpretation by expert radiologists. Use of a virtual private network (VPN) enabled secure data transfer. Radiographs and patient data were automatically integrated into the PACS and radiology information system of the radiology department at the hospital. Images were analyzed by the staff radiologist at the hospital, and reports were immediately returned via e-mail through the VPN tunnel. RESULTS. Seventy-five radiographs of 47 patients were obtained on board within 2 months. All datasets were successfully transmitted. Most of the examinations (35 [≈ 75%]) were skeletal radiographs; the other 12 (≈ 25%) were chest radiographs. The turnaround time for the radiology reports was within 30 minutes in 43 cases (≈ 92%). In four cases (≈ 8%), delay was due to technical and organizational issues at the tertiary hospital. CONCLUSION. With the objective of supporting ship physicians with expert analyses of radiographs, a secure and stable method of image and radiology report transmission between an onboard hospital and a land-based radiology department was established.

Identifying VoIP traffic in VPN tunnel via Flow Spatio-Temporal Features.

The persistent emergence of new network applications, along with encrypted network communication, has make traffic analysis become a challenging issue in network management and cyberspace security. Currently, virtual private network (VPNs) has become one of the most popular encrypted communication services for bypassing censorship and guarantee remote access to geographically locked services. In this paper, a novel identification scheme of VoIP traffic tunneled through VPN is proposed. We employed a set of Flow Spatio-Temporal Features (FSTF) to six well-known classifiers, including decision trees, K-Nearest Neighbor (KNN), Bagging and Boosting via C4.5, and Multi-Layer perceptron (MLP). The overall accuracy, precision, sensitivity, and F-measure verify that the proposed scheme can effectively distinguish between the VoIP flows and Non-VoIP ones in VPN traffic.

Performance Analysis of Volume Loads of (Services and Transmission) Traffic in VPN Networks: A Comparative Study

This paper proposes a design for a network connected over public networks using Virtual Private Network (VPN) technique. The network consists of five sites; center server and four customer service sites, each site consists of a number of LANs depending on the user services requirements. This work aims to measure the effect of VPN on the performance of a network. Four approaches are implements: Network design without using VPN, network design using VPN with centralized servers, network design using VPN with distributed servers, and network design using server load balance.The OPNET and BOSON simulation results show higher response time for packet transmission due to effect of VPN tunneling. The concurrent activation of application execution is used as a solution to the delay problem of the initial timing period while the application proceeds. The results dealing with QoS are E-mail, FTP, voice services traffic and IP traffic dropped. The VPN Tunnels is in the range of (0.01 to 0.02) sec.; along with this simulator there are four VPN tunnels in the network. Also, a special server’s load balance is used to manage distribution of the server processing load across all other network servers to achieve the best response

Factors Impacting the Performance of Data Transferred Via VPN

As a cost effective measure to attain security and confidentiality of data, Virtual Private Network (VPN) is used to interconnect two networks. The research shows that the protocols and algorithms of VPNs adds the overhead and in turn affect the network performance. The two end point hardware appliances are configured with standard configuration to establish site to site VPN. There are different data formats transferred via these tunnels. A research was conducted in a simulation environment of open source technology to identify the various factors impacting the performance of data transfer via VPN tunnels. Empirical measurement shows that performance depends critically on nature of data and compressibility in different internet bandwidth conditions. This was also noticed that nested VPN architecture adds complexity in security at the cost of multifold transmission delays. VPN provide security at the cost of performance; hence application specific cost benefit analysis is essential to choose the optimal architecture.

Factors Impacting the Performance of Data Transferred Via VPN

As a cost effective measure to attain security and confidentiality of data, Virtual Private Network (VPN) is used to interconnect two networks. The research shows that the protocols and algorithms of VPNs adds the overhead and in turn affect the network performance. The two end point hardware appliances are configured with standard configuration to establish site to site VPN. There are different data formats transferred via these tunnels. A research was conducted in a simulation environment of open source technology to identify the various factors impacting the performance of data transfer via VPN tunnels. Empirical measurement shows that performance depends critically on nature of data and compressibility in different internet bandwidth conditions. This was also noticed that nested VPN architecture adds complexity in security at the cost of multifold transmission delays. VPN provide security at the cost of performance; hence application specific cost benefit analysis is essential to choose the optimal architecture.

Abstract WP321: Smartphone Application Iodine: A Novel Method for Screening and Identification of Specific Stroke Study Population

Background and Purpose: Stroke studies and trials frequently require identification and screening of specific stroke patients based on set selection criteria, missed by traditional methods that rely on physician reporting and discharge diagnosis codes. Our aim was to determine the utility of a smartphone application, Iodine, in screening and identifying cervical artery dissection (CAD) patients. Methods: Iodine is used to notify healthcare providers regarding specific patient populations for the purpose of process and quality improvement. Real-time patient data is sent to Iodine via feeds secured by encrypted virtual private network tunnels, and continuously evaluated against Iodine’s library of Alert rules. All communication between Iodine and users are encrypted, all data accesses are audited, and data is not stored on mobile devices, thereby ensuring Health Insurance Portability and Accountability Act compliance. CAD is an uncommon cause for stroke or TIA that can affect young patients without traditional risk factors. Recent advances in imaging, including MRI and CT angiogram, have led to more frequent identification of CAD. Based on the identification of the keyword “dissection” in all radiological reporting, we setup a notification to alert study investigators. These notifications were reviewed daily for enrollment in an ongoing prospective study COMPASS. These patients were compared with those identified by ICD-9 discharge diagnosis codes. Results: In a six month period between January 01, 2015 and June 30, 2015, 18 patients with CAD were identified through the Iodine out of 289 total dissection alerts. (Mean age ± SD = 57 ± 17, 50% male, 61% Caucasian, and 39% African American). Of these 18 patients, 3 died in-hospital and thus could not be identified using traditional methods. Of these, only 13 patients were identified through ICD-9 discharge diagnosis codes, out of 4683 total discharges. Iodine was found to have a significantly higher proportion of detecting CAD (χ2=146.1; p<0.0001). Conclusions: We report real time screening and identification of CAD using Iodine, which appears to be superior to traditional methods. This method may be successfully applied for other disease conditions for consecutive study patient identification.

VPN Packet Loss-Oriented Dynamic Control

Through security protocols and virtual private network tunneling for data confidentiality, message integrity, and endpoint authentication. Users can access anywhere Internet VPN service within the group. VPN tunneling technology VPN gateway group is exposed to internal services in the Internet, malicious users are using client terminal allows officers to attack the internal services group. So we must study to the control is based on the model, combined with VPN network traffic characteristics, the topological feature model of security and safety technology and related technologies. Study on dynamic access control packet loss model in this article, you can study can greatly increase VPN security, confidentiality of data on. Due to the introduction of the concept of dynamic control, we can more accurately control the packet loss and improve system performance.

Privacy Preserving Collaborative Enforcement of Firewall Policies in Virtual Private Networks

The widely deployed Virtual Private Network (VPN) technology allows roaming users to build an encrypted tunnel to a VPN server, which, henceforth, allows roaming users to access some resources as if that computer were residing on their home organization's network. Although VPN technology is very useful, it imposes security threats on the remote network because its firewall does not know what traffic is flowing inside the VPN tunnel. To address this issue, we propose VGuard, a framework that allows a policy owner and a request owner to collaboratively determine whether the request satisfies the policy without the policy owner knowing the request and the request owner knowing the policy. We first present an efficient protocol, called Xhash, for oblivious comparison, which allows two parties, where each party has a number, to compare whether they have the same number, without disclosing their numbers to each other. Then, we present the VGuard framework that uses Xhash as the basic building block. The basic idea of VGuard is to first convert a firewall policy to nonoverlapping numerical rules and then use Xhash to check whether a request matches a rule. Comparing with the Cross-Domain Cooperative Firewall (CDCF) framework, which represents the state-of-the-art, VGuard is not only more secure but also orders of magnitude more efficient. On real-life firewall policies, for processing packets, our experimental results show that VGuard is three to four orders of magnitude faster than CDCF.

Uncovering identities: A study into VPN tunnel fingerprinting

Operating System fingerprinting is a reconnaissance method which can be used by attackers or forensic investigators. It identifies a system's identity by observing its responses to targeted probes, or by listening on a network and passively observing its network ‘etiquette’. The increased deployment of encrypted tunnels and Virtual Private Networks (VPNs) calls for the formulation of new fingerprinting techniques, and poses the question: “How much information can be gleaned from encrypted tunnels?” This paper investigates IPSec VPN tunnel-establishment and tear-down on three IPSec implementations: Microsoft Windows 2003, Sun Solaris 9 x86, and racoon on Linux 2.6 kernel. By analysing each platform's Internet Key Exchange (IKE) messages, which negotiate the IPSec tunnel, we identify a number of discriminants, and show that each of these platforms can be uniquely identified by them. We also show that the nature of some encrypted traffic can be determined, thus giving the observer an idea of the type of communication that is taking place between the IPSec endpoints.

Establishment and preliminary application of the interactive tele-radiologic conference system based on virtual private network

Objective To investigate the establishment and characteristics of the interactive tele-radiological system (IATRS) . Methods Local area network (LAN) of local hospitals with firewall and ADSL Modem was connected into internet, then connected into the Virtual Private Network (VPN) server of the affiliated hospital of GuiYang Medical College(GMCAH) through anti-firewall of GMCAH. The VPN tunnel was acquired and LAN of local hospitals was connected into the PACS server of GMCAH, resulting in sharing of radiological data by both the GMCAH and local hospitals. Results Radiological data from local hospitals could be transmitted by the PACS server of GMCAH safely and rapidly. The IATRS could provide high-quality images with high-speed, and with ease to perform. Conclusion IATRS is useful and reliable for transmitting radiological data between remote places.

On the cost of virtual private networks

A virtual private network (VPN) is a private data network that uses a nonprivate data network to carry traffic between remote sites. An establishes network layer connectivity between remote Intranet sites by creating an IP overlay network over the nonprivate network, using various tunneling mechanisms. There are two approaches for establishing such tunnels: a and a approach. In the first approach, tunnels are established only between the CPE devices, whereas in the second approach tunnels are also established between the routers of the core nonprivate network. In this paper we address the problem of determining a CPE-based and a network-based layout of VPN tunnels while taking into account two factors: the cost of the links over which the VPN tunnels are established and the cost of the core routers that serve as end points for the VPN. We define related graph algorithm problems, analyze their complexity, and present heuristics for solving these problems efficiently.