Tomer Schwartz (Data and Security Laboratory Fujitsu Research of Europe Ltd), Ofir Manor (Data and Security Laboratory Fujitsu Research of Europe Ltd), Andikan Otung (Data and Security Laboratory Fujitsu Research of Europe Ltd)

Cyber attacks and fraud pose significant risks to online platforms, with malicious actors who often employ VPN servers to conceal their identities and bypass geolocation-based security measures. Current passive VPN detection methods identify VPN connections with more than 95% accuracy, but depend on prior knowledge, such as known VPN to IP mappings and predefined communication patterns. This makes them ineffective against sophisticated attackers who leverage compromised machines as VPN servers. On the other hand, current active detection methods are effective in detecting proxy usage but are mostly ineffective in VPN detection.

This paper introduces SNITCH (Server-side Non-intrusive Identification of Tunneled CHaracteristics), a novel approach designed to enhance web security by identifying VPN use without prior data collection on known VPN servers or utilizing intrusive client-side software. SNITCH combines IP geolocation, ground-truth landmarks, and communication delay measurements to detect VPN activity in real time and seamlessly integrates into the authentication process, preserving user experience while enhancing security. We measured 130 thousand connections from over 24 thousand globally distributed VPN servers and client nodes to validate the feasibility of our solution in the real world. Our experiments revealed that in scenarios where the State of the Art fails to detect, SNITCH achieves a detection accuracy of up to 93%, depending on the geographical region.

View More Papers

BinEnhance: An Enhancement Framework Based on External Environment Semantics...

Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Xiaojie Zhu (King Abdullah University of Science and Technology, Thuwal, Saudi Arabia), Siyuan Li (Institute of Information Engineering Chinese…

Read More

Automatic Insecurity: Exploring Email Auto-configuration in the Wild

Shushang Wen (School of Cyber Science and Technology, University of Science and Technology of China), Yiming Zhang (Tsinghua University), Yuxiang Shen (School of Cyber Science and Technology, University of Science and Technology of China), Bingyu Li (School of Cyber Science and Technology, Beihang University), Haixin Duan (Tsinghua University; Zhongguancun Laboratory), Jingqiang Lin (School of Cyber…

Read More

Understanding Influences on SMS Phishing Detection: User Behavior, Demographics,...

Daniel Timko (California State University San Marcos), Daniel Hernandez Castillo (California State University San Marcos), Muhammad Lutfor Rahman (California State University San Marcos)

Read More