Send in your ideas. Deadline October 1, 2024
Theme fund: NGI0 PET
Start: 2020-06
End: 2022-10
More projects like this
Network infrastructure
Data and AI


Local machine-based learned analysis of VPN trafffic

Our security decreases significantly especially when we are outside our offices. Current VPNs encrypt our traffic, but they do not protect our devices from attacks or detect if there is an infection. The AI-VPN project proposes a new solution joining the VPN setup with a local AI-based IPS. The AI-VPN implements a state-of-the-art machine learning based Intrusion Prevention System in the VPN, generating alerts and blocking malicious connections automatically. The user is given a summary of the traffic of the device, showing dectected malicious patterns, privacy leaked data and security alerts, in order to protect and educate the users about their security status and any risks they are exposed to.

Why does this actually matter to end users?

When you go on the internet in a public place, or on a network you cannot trust, you can use so called 'virtual private networks' to teleport your internet traffic to somewhere else before it goes out on the internet. The term 'virtual' is used because your traffic of course still goes on the same physical network the same way as it did before. The term 'private' signals that you send the traffic to (or at least intend to) somewhere you yourself chose as a trusted intermediate spot on the net. That could be a private home router you control yourself, or an external service like a VPN provider. Using a VPN is in many scenario's a sane approach, that is if (and that is a big if) you can trust the VPN provider itself - otherwise you might actually be worse off. So choose your VPN provider carefully.

For some security risks, for instance when your computer is already infected with malware, using a regular VPN will not do much. The harmful traffic will just be picked up like the rest of your internet traffic, and delivered to its destination via a slightly longer out. But what if you could use the occasion that all your traffic is sent through a tunnel via a point you control to inspect the traffic that goes into that tunnel, to see if there are any known malicious patterns?

That is what the civisphere project intends to achieve: it wants to help you understand what kind of traffic comes from and goes to your device. It will point out suspicious patterns, reveal any privacy-sensitive data it sees leak out and let you know when it spots a security issue. Obviously, such a solution cannot be a panacea to every risk you as a user are exposed to, but it provides a useful building block to look at the security of your device from the 'outside' - and applying machine learning to spot ongoing issues.

Run by Czech Technical University

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.