Detecting Network Applications in Encrypted Traffic

With the development of encryption of network communications, the problem of monitoring applications transmitted over an encrypted channel such as TLS arises. Detecting communication in encrypted traffic is essential for network monitoring, detecting cyber-attacks or malware transmission.

Current approaches to detecting network application communication in encrypted traffic include TLS fingerprinting methods, modelling statistical properties of communication using machine learning or neural networks.

The project will investigate existing approaches and describe their properties, in particular accuracy, stability and extensibility with respect to TLS library development and application updates. Based on this study, the student should propose a method that extends or combines existing techniques to refine application detection and automate the creation of detection models. The prototype detector should be evaluated on real traffic, e.g. in CESNET.