Cat-and-mouse game: how to block VPNs in schools using machine learning

12/4/17 11:49 AM

Netflix has a lot to answer for. We're surprised at how widespread VPN use is now in schools, with students easily bypassing the default school internet filtering. Virtual Private Network (VPN) use hit the mainstream in early 2016 as frustrated subscribers began to circumvent geo-location restrictions in order to access their favourite shows on the full American Netflix catalogue. And now, school sudents are easily accessing unrestricted online content while using school networks. 

A search in the App store reveals over 200 results for VPNs, and earlier this year we found that up to 80% of mobile and BYOD devices were using VPNs. Go to the App store, download a free VPN, install it on your device, and you have unfiltered internet access. They work by creating a tunnel from the device to a server remotely, and all traffic is routed through this tunnel.

Creating a tunnel

Cat-and-mouse game

VPNs can be tricky to identify. What is particularly interesting about VPNs is they can adapt and masquerade as normal traffic, making it difficult to block them. This means that traditional, signature based filtering doesn't always work, as VPNs have been designed to avoid them.

However, Linewize uses machine learning to analyse data at scale and in real-time, and identify end points. For example, take a sample of the two users below over a 15 minute browsing history:

Clustering theory and identifying patterns

Which browsing history looks unusual? While both users have consumed a similar amount of data, it is unusual for the use of Paypal to consume 800 Mb of data over such an extended period. Machine learning can group users together by patterns, cross-check them, learn about new patterns of behaviour, analyse the IP addresses, and then block the dodgy or suspicious traffic. Take the following example of an IP address, highlighted in red below: 

Graphing the internet

It's highly unlikely that the same IP address is shared by Google, Apple, Paypal AND the Turkish Government, and Linewize can identify and block this as a masquerading VPN.

In many ways, it's a constant automated cat-and-mouse game. However, we've seen a reduction in VPN use from 80% of BYOD's to 20-30% of attempts in some schools with high usage. We can summarise the cycle below: 

Data cycle of blocking VPN's

If you'd like more information on understanding VPN use in your school, download our free report on student use of VPN agents to bypass internet filtering here. This overview provides information on:

  • What VPNs are, and why schools should be concerned
  • The extent of school legislative responsibility
  • How VPN use enables digital distraction in the classroom  


We can also help you quantify VPN use in your school, and if you'd like a free demonstration contact us now for more information. 

Book a Demo









Topics: VPN block

Recent Posts