SoK: Detection of Attacks in Encrypted Traffic
20 April 2025, by Omkar Kondhalkar

Photo: Mistral
Widespread adoption of HTTPS and encryption severely limits NIDS visibility, rendering traditional Deep-Packet Inspection ineffective without decryption. The core problem is Detection of Attacks in Encrypted Traffic Without Traffic Decryption, avoiding overhead and MITM risks.
This project systematically reviews and evaluates cutting-edge detection methods focusing on metadata-based approaches. It specifically investigates Machine Learning and flow interaction analysis to detect anomalies based on traffic patterns and behavior. Detection relies on careful selection and correlation of metadata (e.g., flow characteristics) to infer malicious activity without payload access. The research conducts a comparative study of advanced techniques, aiming to provide a comprehensive overview of the field.