Academic literature on the topic 'Encrypted Traffic Inspection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Encrypted Traffic Inspection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Encrypted Traffic Inspection"
1
Jia, Xi, and Meng Zhang. "Encrypted Packet Inspection Based on Oblivious Transfer." Security and Communication Networks 2022 (August 24, 2022): 1–13. http://dx.doi.org/10.1155/2022/4743078.
Full textAbstract:
Deep packet inspection (DPI) is widely used in detecting abnormal traffic and suspicious activities in networks. With the growing popularity of secure hypertext transfer protocol (HyperText Transfer Protocol over Secure Socket Layer, HTTPS), inspecting the encrypted traffic is necessary. The traditional decryption-and-then-encryption method has the drawback of privacy leaking. Decrypting encrypted packets for inspection violates the confidentiality goal of HTTPS. Now, people are faced with a dilemma: choosing between the middlebox’s ability to perform detection functions and protecting the privacy of their communications. We propose OTEPI, a system that simultaneously provides both of those properties. The approach of OTEPI is to perform the deep packet inspection directly on the encrypted traffic. Unlike machine and deep learning methods that can only classify traffic, OTEPI is able to accurately identify which detection rule was matched by the encrypted packet. It can facilitate network managers to manage their networks at a finer granularity. OTEPI achieves the function through a new protocol and new encryption schemes. Compared with previous works, our approach achieves rule encryption with oblivious transfer (OT), which allows our work to achieve a better balance between communication traffic consumption and computational resource consumption. And our design of Oblivious Transfer and the use of Natural Language Processing tools make OTEPI outstanding in terms of computational consumption.
2
Nagwani, Karan. "AI-Powered Dynamic Web Filtering for Encrypted Traffic." INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 04 (2025): 1–9. https://doi.org/10.55041/ijsrem46497.
Full textAbstract:
Abstract— The exponential growth of encrypted web traffic through SSL/TLS protocols poses new challenges for traditional web filtering systems. Conventional methods like blacklist filtering, keyword blocking, and static content analysis are increasingly ineffective against encrypted traffic. This research paper proposes an AI-powered dynamic web filtering framework for encrypted traffic, leveraging machine learning, behavioral analysis, and traffic metadata inspection to identify harmful or inappropriate content while preserving user privacy. Previous research in traditional filtering techniques and modern solutions is referenced to support the proposed methodology. Keywords: AI Web Filtering, Encrypted Traffic, SSL/TLS Inspection, Machine Learning, Privacy-Preserving Filtering, Cybersecurity
3
Huang, Yung-Fa, Chuan-Bi Lin, Chien-Min Chung, and Ching-Mu Chen. "Research on QoS Classification of Network Encrypted Traffic Behavior Based on Machine Learning." Electronics 10, no. 12 (2021): 1376. http://dx.doi.org/10.3390/electronics10121376.
Full textAbstract:
In recent years, privacy awareness is concerned due to many Internet services have chosen to use encrypted agreements. In order to improve the quality of service (QoS), the network encrypted traffic behaviors are classified based on machine learning discussed in this paper. However, the traditional traffic classification methods, such as IP/ASN (Autonomous System Number) analysis, Port-based and deep packet inspection, etc., can classify traffic behavior, but cannot effectively handle encrypted traffic. Thus, this paper proposed a hybrid traffic classification (HTC) method based on machine learning and combined with IP/ASN analysis with deep packet inspection. Moreover, the majority voting method was also used to quickly classify different QoS traffic accurately. Experimental results show that the proposed HTC method can effectively classify different encrypted traffic. The classification accuracy can be further improved by 10% with majority voting as K = 13. Especially when the networking data are using the same protocol, the proposed HTC can effectively classify the traffic data with different behaviors with the differentiated services code point (DSCP) mark.
4
Alwhbi, Ibrahim A., Cliff C. Zou, and Reem N. Alharbi. "Encrypted Network Traffic Analysis and Classification Utilizing Machine Learning." Sensors 24, no. 11 (2024): 3509. http://dx.doi.org/10.3390/s24113509.
Full textAbstract:
Encryption is a fundamental security measure to safeguard data during transmission to ensure confidentiality while at the same time posing a great challenge for traditional packet and traffic inspection. In response to the proliferation of diverse network traffic patterns from Internet-of-Things devices, websites, and mobile applications, understanding and classifying encrypted traffic are crucial for network administrators, cybersecurity professionals, and policy enforcement entities. This paper presents a comprehensive survey of recent advancements in machine-learning-driven encrypted traffic analysis and classification. The primary goals of our survey are two-fold: First, we present the overall procedure and provide a detailed explanation of utilizing machine learning in analyzing and classifying encrypted network traffic. Second, we review state-of-the-art techniques and methodologies in traffic analysis. Our aim is to provide insights into current practices and future directions in encrypted traffic analysis and classification, especially machine-learning-based analysis.
5
Papadogiannaki, Eva, and Sotiris Ioannidis. "A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures." ACM Computing Surveys 54, no. 6 (2021): 1–35. http://dx.doi.org/10.1145/3457904.
Full textAbstract:
The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.
6
Papadogiannaki, Eva, and Sotiris Ioannidis. "A Survey on Encrypted Network Traffic Analysis Applications, Techniques and Countermeasures." ACM Computing Surveys 54, no. 6 (2021): 1–35. https://doi.org/10.1145/3457904.
Full textAbstract:
The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure com- munications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.
7
Eva, Papadogiannaki, and Ioannidis Sotiris. "A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures." ACM Computing Surveys 54, no. 6 (2021): 1–35. https://doi.org/10.1145/3475936.
Full textAbstract:
The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.
8
Oh, Chaeyeon, Joonseo Ha, and Heejun Roh. "A Survey on TLS-Encrypted Malware Network Traffic Analysis Applicable to Security Operations Centers." Applied Sciences 12, no. 1 (2021): 155. http://dx.doi.org/10.3390/app12010155.
Full textAbstract:
Recently, a majority of security operations centers (SOCs) have been facing a critical issue of increased adoption of transport layer security (TLS) encryption on the Internet, in network traffic analysis (NTA). To this end, in this survey article, we present existing research on NTA and related areas, primarily focusing on TLS-encrypted traffic to detect and classify malicious traffic with deployment scenarios for SOCs. Security experts in SOCs and researchers in academia can obtain useful information from our survey, as the main focus of our survey is NTA methods applicable to malware detection and family classification. Especially, we have discussed pros and cons of three main deployment models for encrypted NTA: TLS interception, inspection using cryptographic functions, and passive inspection without decryption. In addition, we have discussed the state-of-the-art methods in TLS-encrypted NTA for each component of a machine learning pipeline, typically used in the state-of-the-art methods.
9
Farooq, Irfan, Syed Aale Ahmed, Asfar Ali, Muhammad Ali Warraich, Muhammad Aqeel, and Hamayun Khan. "Enhanced Classification of Networks Encrypted Traffic: A Conceptual Analysis of Security Assessments, Implementation, Trends and Future Directions." Asian Bulletin of Big Data Management 4, no. 4 (2024): 500–522. https://doi.org/10.62019/abbdm.v4i4.287.
Full textAbstract:
Encryption is a fundamental security measure to safeguard data during transmission to ensure confidentiality while at the same time posing a great challenge for traditional packet and traffic inspection. With the widespread use of encrypted data transport, network traffic encryption is becoming a standard nowadays. This presents a challenge for traffic measurement, especially for analysis and anomaly detection methods, which are dependent on the type of network traffic. In this paper, we survey existing approaches for classification and analysis of encrypted trafficIn response to the proliferation of diverse network traffic patterns from IOT devices, websites, and mobile applications, understanding and classifying encrypted traffic are crucial for network administrators, cybersecurity professionals, and policy enforcement entities. This paper presents a comprehensive exploration of recent advancements in numerous virtual private network and machine-learning-driven encrypted security protocols, that examines their critical role in modern networking and the protection of sensitive data across untrusted networks its traffic analysis and classification. We present the overall procedure and provide a detailed explanation of utilizing machine learning in analyzing and classifying encrypted network traffic. As VPN technologies have evolved over time, and today, they are essential in ensuring secure communications for both personal and enterprise use. This study also delves into various VPN protocols such as PPTP, L2TP/IPsec, OpenVPN, IKEv2/IPsec, and the newer WireGuard, evaluating their security features, strengths, and weaknesses in different network environments and reviewed state-of-the-art techniques and methodologies in traffic analysis. Our aim is to provide insights into current practices and future directions in encrypted traffic analysis and classification, that focusing on the integration of AI for enhanced VPN security and the adaptation of VPN protocols to a post-quantum world especially machine-learning-based analysis.
10
Jiang, Ziyu. "Bidirectional Flow-Based Image Representation Method for Detecting Network Traffic Service Categories." Highlights in Science, Engineering and Technology 85 (March 13, 2024): 89–95. http://dx.doi.org/10.54097/mwyge502.
Full textAbstract:
Network traffic identification is crucial for network resource management and improving service quality. Traditional methods, such as port-based and deep packet inspection approaches, face challenges due to the increasing complexity of network environments, privacy concerns, and the emergence of encrypted traffic. This paper aims to address the issues of low accuracy and slow operation speed in encrypted traffic classification while ensuring the protection of user privacy. We propose a data processing method that transforms network traffic into images representing bidirectional flow packet arrival timestamps and packet sizes. By employing this data processing approach and utilizing deep recognition algorithms, the study conducts service analysis on network traffic. Experimental results demonstrate that the bidirectional flow-based image representation method achieves a 90.9% accuracy rate for the traffic analysis task on a TOR-encrypted imbalanced dataset, surpassing the accuracy of the unidirectional flow image method. Furthermore, the method also shows improvements in operation speed, enabling online network traffic detection.
Dissertations / Theses on the topic "Encrypted Traffic Inspection"
1
Esteves, André Filipe Ferreira. "Detection of encrypted traffic generated by peer-to-peer live streaming applications using deep packet inspection." Master's thesis, 2011. http://hdl.handle.net/10400.6/3733.
Full textAbstract:
The number of applications using the peer-to-peer (P2P) networking paradigm and their popularity has substantially grown over the last decade. They evolved from the le-sharing applications to media streaming ones. Nowadays these applications commonly encrypt the communication contents or employ protocol obfuscation techniques. In this dissertation, it was conducted an investigation to identify encrypted traf c ows generated by three of the most popular P2P live streaming applications: TVUPlayer, Livestation and GoalBit. For this work, a test-bed that could simulate a near real scenario was created, and traf c was captured from a great variety of applications. The method proposed resort to Deep Packet Inspection (DPI), so we needed
to analyse the payload of the packets in order to nd repeated patterns, that later were used to create a set of SNORT rules that can be used to detect key network packets generated by these applications. The method was evaluated experimentally on the test-bed created for that purpose, being shown that its accuracy is of 97% for GoalBit.<br>A popularidade e o número de aplicações que usam o paradigma de redes par-a-par (P2P)
têm crescido substancialmente na última década. Estas aplicações deixaram de serem usadas
simplesmente para partilha de ficheiros e são agora usadas também para distribuir conteúdo
multimédia. Hoje em dia, estas aplicações têm meios de cifrar o conteúdo da comunicação
ou empregar técnicas de ofuscação directamente no protocolo. Nesta dissertação, foi realizada
uma investigação para identificar fluxos de tráfego encriptados, que foram gerados por
três aplicações populares de distribuição de conteúdo multimédia em redes P2P: TVUPlayer,
Livestation e GoalBit. Para este trabalho, foi criada uma plataforma de testes que pretendia
simular um cenário quase real, e o tráfego que foi capturado, continha uma grande variedade
de aplicações. O método proposto nesta dissertação recorre à técnica de Inspecção Profunda
de Pacotes (DPI), e por isso, foi necessário 21nalisar o conteúdo dos pacotes a fim de encontrar
padrões que se repetissem, e que iriam mais tarde ser usados para criar um conjunto de regras
SNORT para detecção de pacotes chave· na rede, gerados por estas aplicações, afim de se
poder correctamente classificar os fluxos de tráfego. Após descobrir que a aplicação Livestation
deixou de funcionar com P2P, apenas as duas regras criadas até esse momento foram usadas.
Quanto à aplicação TVUPlayer, foram criadas várias regras a partir do tráfego gerado por ela
mesma e que tiveram uma boa taxa de precisão. Várias regras foram também criadas para
a aplicação GoalBit em que foram usados quatro cenários: com e sem encriptação usando a
opção de transmissão tracker, e com e sem encriptação usando a opção de transmissão sem
necessidade de tracker (aqui foi usado o protocolo Kademlia). O método foi avaliado experimentalmente
na plataforma de testes criada para o efeito, sendo demonstrado que a precisão
do conjunto de regras para a aplicação GoallBit é de 97%.<br>Fundação para a Ciência e a Tecnologia (FCT)
2
Carvalho, David Alexandre Milheiro de. "Towards the detection of encrypted peer-to-peer file sharing traffic and peer-to-peer TV traffic using deep packet inspection methods." Master's thesis, 2009. http://hdl.handle.net/10400.6/3870.
Full textAbstract:
This dissertation is devoted to the study of Peer-to-Peer (P2P) network traffic identification,
using Deep Packet Inspection (DPI) methods. The approach followed in this
work is based on the analysis of the content of a packet payload, being paid particular
attention to the cases where encryption or obfuscation is used.
The protocols and applications under study along this dissertation are organized
into two main categories: P2P file sharing (BitTorrent, Gnutella and eDonkey) and P2P
TV (Lvestation, TVU Player and Goalbit). The history of P2P and its major milestones
are briefly presented, along with their classification according to the functionalities
they provide and the network protocol architectures being used by them. Studies on
the evolution and current state in the detection of P2P traffic are particularly detailed,
as they were the main motivation towards the detection of both encrypted P2P file
sharing and P2P TV traffic.
The detection of Peer-to-Peer traffic is accomplished by using a set of open source
tools, emphasizing Snort, Wireshark and Tcpdump. Snort is used for triggering the
alerts concerning this kind of traffic, by using a specified set of rules. These are manually
created, based on the observed P2P traffic protocol signatures and patterns, by
usingWireshark and Tcpdump. For the storage and visualization of the triggered alerts
in a user friendly manner, two open source tools were used, respectively, MySQL and
BASE.
Finally, the main conclusions achieved in this work are briefly exposed. A section
dedicated to future work contains possible directions that may be followed in order to
improve this work.
3
Alshammari, Riyad. "Automatically Generating Robust Signatures Using a Machine Learning Approach to Unveil Encrypted VoIP Traffic Without Using Port Numbers, IP Addresses and Payload Inspection." Thesis, 2012. http://hdl.handle.net/10222/14872.
Full textAbstract:
The identification of encrypted network traffic represents an important issue for network management tasks including quality of service, firewall enforcement and security. Traffic identification becomes more and more challenging as the traditional techniques such as port numbers or deep packet inspection are becoming ineffective against applications such as the Peer-to-Peer (P2P) Voice over Internet Protocol (VoIP), which uses non-standard ports and encryption. Thus, different approaches such as machine learning (ML) are explored in the literature for traffic classification. However, traffic classification represents a particularly challenging application domain for ML. Ideally, solutions should be both simple (hence efficient to deploy) and accurate. Recent advances in ML provide the opportunity to decompose the original problem into a subset of classifiers with non-overlapping behaviours, in effect providing further insight into the problem domain and increasing the throughput of solutions. Thus, this thesis presents a novel approach for generating robust signatures to classify P2P VoIP traffic using a ML-based approach, specifically with the C5.0, GP and AdaBoost classification algorithms. In this research, simple packet header feature sets and statistical flow feature sets are explored without using the IP addresses, source/destination ports and payload information to unveil the encrypted VoIP application in network traffic. In this context, what is meant by robust signatures are those which have been learned by training on one network are still valid when they are applied to traffic coming from different time periods, different networks (locations) as well as under evasion attacks that are designed to bypass such a classifier.
Results show that the performance of the automatically generated signatures does not degrade significantly when evaluated against the robustness criteria. These results demonstrate that flow-based statistical features (temporal information) with the use of a ML-based approach can achieve high classification accuracy and produce robust signatures. Furthermore, the results on the evasion experiments demonstrate that the performance of the signatures is very promising if a malicious user tries to alter the characteristics of VoIP (specifically, Skype) traffic to evade the classifier.
Book chapters on the topic "Encrypted Traffic Inspection"
1
Carvalho, David A., Manuela Pereira, and Mário M. Freire. "Towards the Detection of Encrypted BitTorrent Traffic through Deep Packet Inspection." In Security Technology. Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-10847-1_33.
Full text
2
Karthikeyan, Shivani, Shrish K. S, Arunkumar J, and Bagavathi C. "Securing Networks with Precision: Unveiling the Potential of Application Protocol Based Intrusion Detection Systems." In Advancements in Intelligent Systems. Soft Computing Research Society, 2024. https://doi.org/10.56155/978-81-975670-3-2-5.
Full textAbstract:
Intrusion detection systems (IDS) are crucial for network security, detecting and preventing unauthorized activities. This paper examines the effectiveness of IDS like Snort, Suricata, and Bro in analyzing network traffic and identifying anomalies across various application layer protocols such as DNS, SSH, FTP, SMTP, SNMP, and HTTPS. Each protocol poses unique challenges due to specific vulnerabilities, requiring IDS to utilize a mix of behavioral analysis, signature-based detection, and content inspection. Advanced techniques are essential for handling encrypted traffic in HTTPS and identifying threats in SMTP and DNS communications. The paper compares different IDS types— Network-Based, Host-Based, Protocol-Based, Application Protocol-Based, and Hybrid IDS—emphasizing the specialized protection offered by APIDS for application layer protocols. The integration of multiple IDS types enhances defense capabilities, underscoring the effectiveness of hybrid approaches for comprehensive threat management.
3
Hayward, Gil. "The British Tunny Machine." In Colossus. Oxford University Press, 2006. http://dx.doi.org/10.1093/oso/9780192840554.003.0034.
Full textAbstract:
Early in 1944 I returned to the UK from top-secret work in the Middle East. Two days after my arrival I received instructions to report to Tommy Flowers at Dollis Hill. I had joined DH in 1934 at the age of 16, straight from school, and had left in 1940 to carry out intelligence work overseas. Flowers introduced me to my new colleagues, Doc Coombs, Bill Chandler, and Sid Broadhurst, the last of whom I had met in 1938, during a course of training for the rank of probationary inspector—I had enjoyed his lectures on automatic telephony. The introductions over, an awkward silence fell. Here was an army captain in the intelligence corps who knew nothing about their project and who was still being vetted by the security services. This would preclude their discussing anything of a secret nature in my presence, probably for another two weeks, until my security clearance came through. On the third day of this ridiculous state of affairs, Broadhurst could stand it no longer. After lunch he said, to no one in particular, ‘Let’s tell him.’ The others agreed, and in less than an hour I had a fairly detailed outline of what our project was. By the end of the afternoon I was deeply immersed in the design of the wiring and layout of the rotary switches that would simulate the 12 wheels of the German Tunny machine. Broadhurst saved two precious weeks by taking the bull by the horns as he did. As it was, it was a near-run thing to get the equipment in operation by D-day. Our Tunny would be deciphering the encrypted teleprinter traffic after the cryptanalysts had determined the wheel patterns and wheel settings. The tedious hand-work required to produce the decrypts, once the settings were known, had not been able to keep pace once Colossus went into operation. This situation called for a copy of the Lorenz machine to produce decrypts. The Lorenz, one of which I was able to examine after the end of hostilities, was a beautifully made piece of mechanism, but it lacked the flexibility that our electromechanical copy possessed.
Conference papers on the topic "Encrypted Traffic Inspection"
1
Schiff, Liron, and Stefan Schmid. "PRI: Privacy Preserving Inspection of Encrypted Network Traffic." In 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 2016. http://dx.doi.org/10.1109/spw.2016.34.
Full text
2
MB, Anushlin Leena, Jegana R, and Abitha Rose P. "Network Traffic Identification Based On Machine Learning and Deep Packet Inspection." In 7th International Conference on Recent Innovations in Computer and Communication (ICRICC 23). International Journal of Advanced Trends in Engineering and Management, 2023. http://dx.doi.org/10.59544/bdfm3626/icricc23p27.
Full textAbstract:
Accurate network traffic identification is an important basic for network traffic monitoring and data analysis and is the key to improve the quality of user service. In this project, through the analysis of two network traffic identification methods based on machine learning and deep packet inspection, a network traffic identification method based on machine learning and deep packet inspection is proposed. The deep packet inspection based on the feature library RuleLib, conducts in depth analysis of data traffic through pattern matching and identifies specific application traffic. Machine learning method is used to assist in identifying network traffic with encryption and unknown features, which makes up for the disadvantage of deep packet inspection that cannot identify new application and encrypted traffic. Experiments show that this method can improve the identification rate of network traffic.
3
Deri, Luca, and Daniele Sartiano. "Monitoring IoT Encrypted Traffic with Deep Packet Inspection and Statistical Analysis." In 2020 15th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE, 2020. http://dx.doi.org/10.23919/icitst51030.2020.9351330.
Full text