SoK: Detection of Attacks in Encrypted Traffic

20 April 2025, by Omkar Kondhalkar

symbolic illustration of traffic analysis in encrypted networks

Photo: Mistral

Widespread adoption of HTTPS and encryption severely limits NIDS visibility, rendering traditional Deep-Packet Inspection ineffective without decryption. The core problem is Detection of Attacks in Encrypted Traffic Without Traffic Decryption, avoiding overhead and MITM risks.
This project systematically reviews and evaluates cutting-edge detection methods focusing on metadata-based approaches. It specifically investigates Machine Learning and flow interaction analysis to detect anomalies based on traffic patterns and behavior. Detection relies on careful selection and correlation of metadata (e.g., flow characteristics) to infer malicious activity without payload access. The research conducts a comparative study of advanced techniques, aiming to provide a comprehensive overview of the field.

Latest articles

Photo: Arian Urdu

22.08.2025|basecamp-projects

PokéAgent Challenge (NeurIPS 2025)

Addressing the NeurIPS 2025 PokéAgent Challenge (Track 2: Speedrunning Pokémon Emerald) by comparing Large Language Model agents (LLMs) and Deep Reinforcement Learning (RL). The core problem is automating the speedrun of the game without hard-coded solutions, a task demanding long-term planning and...

Photo: base.camp

03.03.2025|basecamp-projects

Solve the Dominating Set Problem (DSP) - PACE Challenge 2025

Project aims to solve the Dominating Set Problem (DSP) on graphs for the PACE Challenge 2025. The goal is to develop highly effective exact and heuristic algorithms to find a minimal vertex set D that 'touches' all other vertices. Implementation will be in Rust, built upon prior theoretical insights...