Tomer Schwartz (Data and Security Laboratory Fujitsu Research of Europe Ltd), Ofir Manor (Data and Security Laboratory Fujitsu Research of Europe Ltd), Andikan Otung (Data and Security Laboratory Fujitsu Research of Europe Ltd)

Cyber attacks and fraud pose significant risks to online platforms, with malicious actors who often employ VPN servers to conceal their identities and bypass geolocation-based security measures. Current passive VPN detection methods identify VPN connections with more than 95% accuracy, but depend on prior knowledge, such as known VPN to IP mappings and predefined communication patterns. This makes them ineffective against sophisticated attackers who leverage compromised machines as VPN servers. On the other hand, current active detection methods are effective in detecting proxy usage but are mostly ineffective in VPN detection.

This paper introduces SNITCH (Server-side Non-intrusive Identification of Tunneled CHaracteristics), a novel approach designed to enhance web security by identifying VPN use without prior data collection on known VPN servers or utilizing intrusive client-side software. SNITCH combines IP geolocation, ground-truth landmarks, and communication delay measurements to detect VPN activity in real time and seamlessly integrates into the authentication process, preserving user experience while enhancing security. We measured 130 thousand connections from over 24 thousand globally distributed VPN servers and client nodes to validate the feasibility of our solution in the real world. Our experiments revealed that in scenarios where the State of the Art fails to detect, SNITCH achieves a detection accuracy of up to 93%, depending on the geographical region.

View More Papers

Work-in-Progress: A Large-Scale Long-term Analysis of Online Fraud across...

Yi Han, Shujiang Wu, Mengmeng Li, Zixi Wang, and Pengfei Sun (F5)

Read More

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via...

Hangtian Liu (Information Engineering University), Lei Zheng (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Shuitao Gan (Laboratory for Advanced Computing and Intelligence Engineering), Chao Zhang (Institute for Network Sciences and Cyberspace (INSC), Tsinghua University), Zicong Gao (Information Engineering University), Hongqi Zhang (Henan Key Laboratory of Information Security), Yishun Zeng (Institute for Network Sciences…

Read More

Generating API Parameter Security Rules with LLM for API...

Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of…

Read More