TU Berlin

Main document

Literature Database Entry


Ahmad Alaswad, "Encrypted Traffic Detection: Beyond The Port-number Era," Master's Thesis, School of Electrical Engineering and Computer Science (EECS), TU Berlin (TUB), September 2021. (Advisor: Hossein Doroud; Referees: Falko Dressler and Thomas Sikora)


The adoption of encryption is increasing rapidly in online communications. Encryption methods are widely used in popular apps to secure communications and preserve users' privacy. Also, cyberattackers on the networks utilize encryption to conceal their presence and activities. However, encryption introduces obstacles for applications and tools that use Deep Packet Inspection (IDP) techniques for improving the network functionality and applying network security supervision. Hence, early detection of encrypted traffic is required to reduce the overhead on the network and allow finer-grained traffic classification and processing. Port-number-based encryption identification is becoming less and less accurate due to the obfuscation techniques such as dynamic ports and port hoping. There are a variety of methods proposed by researchers for encrypted traffic identification and classification. Some of them rely on unencrypted parts of packets, e.g. DPI, others are machine learning methods that rely on flow statistics. Still, none of these techniques can be considered an optimum solution for detecting encrypted traffic generally. In this thesis, a new method for general encrypted traffic detection is proposed, by extracting features solely from the packets' payloads, using a set of Randomness Tests (RTs). The extracted features are used as input to an Artificial Neural Network (ANN) to perform the classification. Besides, along with the public data-set used for evaluation, a ground-truth generator is implemented for obtaining a data-set with more detailed labels. Furthermore, a comparison of the proposed method with two approaches is applied. In the first approach, a Deep Packet Inspection (DPI) mechanism is used that relies on the signatures of application protocols. The second approach is a machine learning method that relies on the features extracted from the statistical properties of the flow. In the comparison, three levels of granularity are considered: (i) only encryption detection, (ii) application protocol classification, and (iii) content classification.

Quick access

BibTeX BibTeX


Ahmad Alaswad

BibTeX reference

    author = {Alaswad, Ahmad},
    title = {{Encrypted Traffic Detection: Beyond The Port-number Era}},
    advisor = {Doroud, Hossein},
    institution = {School of Electrical Engineering and Computer Science (EECS)},
    location = {Berlin, Germany},
    month = {9},
    referee = {Dressler, Falko and Sikora, Thomas},
    school = {TU Berlin (TUB)},
    type = {Master's Thesis},
    year = {2021},

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.


Featured Paper