AI-Driven VPN Threat Detection and Preventive Mechanism

Amaka Eugenia Ngozi; Okpalla Chidimma Lilian; Ezea Jonathan Ikechukwu; Ibeneme-Sabinus Ifeoma Livina; Nworuh Godwinner Emeka; Atomatofa Emmanuel Oghenero; Gloria Ngozi Ezeh; Ugbor Ihechiluru Chinwe; A.A. Galadima

doi:10.63530/IJCSITR_2026_07_01_002

Authors

Amaka Eugenia Ngozi Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria Author
Okpalla Chidimma Lilian Department of Computer Science, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
Ezea Jonathan Ikechukwu Department of Information Technology, First Bank Nigeria Ltd, 35 Marina Lagos, Nigeria. Author
Ibeneme-Sabinus Ifeoma Livina Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
Nworuh Godwinner Emeka Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
Atomatofa Emmanuel Oghenero Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
Gloria Ngozi Ezeh Department of Information Technology, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
Ugbor Ihechiluru Chinwe Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author
A.A. Galadima Department of Cybersecurity, School of Information and Communication Technology, Federal University of Technology, Owerri, Imo State, Nigeria. Author

DOI:

https://doi.org/10.63530/IJCSITR_2026_07_01_002

Keywords:

MITM Attack, VPN, ARP Spoofing, Signature-Based Detection, Network Security

Abstract

The widespread adoption of remote work has significantly established the Virtual Private Networks (VPNs) as a critical security tool since data remains vulnerable to Man-in-theMiddle (MITM) attacks at the local network layer. Hence, the data is being intercepted and manipulated by adversaries before it enters the secure tunnel. However, this research addresses this vulnerability by designing, implementing, and evaluating a real-time hybrid detection and prevention system for MITM attacks on VPN connections. Similarly, a controlled laboratory environment was used to simulate ARP spoofingbased MITM attacks against a commercial VPN client. Thus, the network traffic was analyzed to identify distinctive signatures of interception and integrated into a Python-based detection engine using Scapy. The signature-based and rule-based techniques were combined to monitor ARP traffic for inconsistencies such as IP-MAC binding violations and Unsolicited ARP replies. Interestingly, a 98.7% detection rate was achieved with an average response latency of 340 milliseconds. An automated mitigation module successfully neutralized 96.8% of attacks by broadcasting corrective ARP packets to restore legitimate network mappings.

References

Coro, M. B. (2024). Information security in remote work: Strategies and challenges in a post-pandemic world. Revista Sistemática, 14(4), 995–999. https://doi.org/10.56238/rcsv14n4-020

Deepika, C., & Abirami, Dr. K. (2024). Current Scenario About Virtual Private Network (Vpn) Cyber Security Threats. Futuristic Trends in Artificial Intelligence Volume 3 Book 11, 3, 101–112. https://doi.org/10.58532/v3bkai11p4ch3

Elmaghraby, R. T., Abdel Aziem, N. M., Sobh, M. A., & Bahaa-Eldin, A. M. (2024). Encrypted network traffic classification based on machine learning. Ain Shams Engineering Journal, 15(2), 102361. https://doi.org/10.1016/j.asej.2023.102361

Gentile, A. F., Macrì, D., Greco, E., & Fazio, P. (2024). Overlay and Virtual Private Networks Security Performances Analysis with Open Source Infrastructure Deployment. Future Internet, 16(8), 1–25. https://doi.org/10.3390/fi16080283

Guerra-Manzanares, A., Caprolu, M., & Di Pietro, R. (2025). A comprehensive review on machine learning-based VPN detection: Scenarios, methods, and open challenges. Computer Science Review, 58(June), 100781. https://doi.org/10.1016/j.cosrev.2025.100781

Hasan, M., & Malik, T. (2024a). AI-Enhanced VPN Security Framework: Integrating Open-Source Threat Intelligence and Machine Learning to Secure Digital Networks. European Conference on Information Warfare and Security, ECCWS, 764–772. https://doi.org/10.34190/eccws.23.1.2505

Hasan, M., & Malik, T. (2024b). AI-Enhanced VPN Security Framework: Integrating Open-Source Threat Intelligence and Machine Learning to Secure Digital Networks. European Conference on Information Warfare and Security, ECCWS, 764–772. https://doi.org/10.34190/eccws.23.1.2505

Jain, V. K., Aggrawal, J., Dangi, R., Prasad Shukla, S. S., Yadav, A. K., & Choudhary, G. (2025). Unmasking the True Identity: Unveiling the Secrets of Virtual Private Networks and Proxies. Information (Switzerland), 16(2), 1–18. https://doi.org/10.3390/info16020126 [9] Kumar, R. R. (2024). Security for Cloud D ata Protecting by VPN. 13(5).

Michael Oladipo Akinsanya, Cynthia Chizoba Ekechi, & Chukwuekem David Okeke. (2024). Virtual Private Networks (Vpn): a Conceptual Review of Security Protocols and Their Application in Modern Networks. Engineering Science & Technology Journal, 5(4), 1452–1472. https://doi.org/10.51594/estj.v5i4.1076

Nair, S. S., & Lakshmikanthan, G. (2020). Beyond VPNs: Advanced Security Strategies for the Remote Work Revolution. International Journal of Multidisciplinary Research in Science, Engineering and Technology, 03(05), 1283–1294. https://doi.org/10.15680/ijmrset.2020.0305009

Ponnuru, S. P. (2024). Advanced Network Security: Evaluating Firewall and Vpn Strategies for Robust Protection in Modern Telecommunications. International Journal of Research In Computer Applications and Information Technology (IJRCAIT), 7(2), 1359.

Putra, S., Iqbal, M., Putera, A., & Siahaan, U. (2024). Network Security Design Using Virtual Private Network (VPN) Method By Utilizing Point To Point Tunneling Protocol (PPTP) Technology On Local Area Network (LAN). International Journal of Computer Sciences and Mathematics Engineering Journal Homepage: Www.Ijecom.Org International Journal of Computer Sciences and Mathematics Engineering Journal Homepage. www.ijecom.org

Qollakaj, K., Larsson, L. E., & Memeti, S. (2025). Cybersecurity of remote work migration: A study on the VPN security landscape post Covid-19 outbreak. Array, 27(September 2024), 100437. https://doi.org/10.1016/j.array.2025.100437

Razooqi, Y. S., & Pekar, A. (2025). VPN Traffic Analysis: A Survey on Detection and Application Identification. IEEE Access, 13(June), 132830–132848. https://doi.org/10.1109/ACCESS.2025.3592152

Scott, V. A. B., & Giancarlo, S. A. (2024). Designing the VPN with Top-Down to Improve Information Security. International Journal of Advanced Computer Science and Applications, 15(6), 182–190. https://doi.org/10.14569/IJACSA.2024.0150620

Shingloo, H., Mishra, S., Zambare, H., Jaiswal, A., & Kumar, M. (2024). Designing A VPN Using Open Network Infrastructure with Enhanced Security and Performance. 11(7), 40–46.

Sun, Y., Wang, B., Wang, C., & Wei, Y. (2021). On Man-in-the-Middle Attack Risks of the VPN Gate Relay System. Security and Communication Networks, 2021. https://doi.org/10.1155/2021/9091675

Tuyisabe, R., Ngugi, Dr. J., & Sumbiri, Dr. D. (2025). Leveraging Site-to-Site VPN and BGP Protocols to Enhance Digital Resource Sharing Among TVET Institutions in Rwanda. Journal of Information and Technology, 5(8), 36–46. https://doi.org/10.70619/vol5iss8pp36-46

Zohaib, S. M., Sajjad, S. M., Iqbal, Z., Yousaf, M., Haseeb, M., & Muhammad, Z. (2024). Zero Trust VPN (ZT-VPN): A Systematic Literature Review and Cybersecurity Framework for Hybrid and Remote Work. Information (Switzerland), 15(11), 1–25. https://doi.org/10.3390/info15110734

Zscaler ThreatLabz team. (2024). Zscaler ThreatLabz 2024 Phishing Report. https://www.zscaler.com/resources/industry-reports/threatlabz-phishing-report-2024.pdf