A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures

ACM Computing Surveys (CSUR) Pub Date : 2021-07-01 DOI:10.1145/3457904

Eva Papadogiannaki, S. Ioannidis

{"title":"A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures","authors":"Eva Papadogiannaki, S. Ioannidis","doi":"10.1145/3457904","DOIUrl":null,"url":null,"abstract":"The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.","PeriodicalId":7000,"journal":{"name":"ACM Computing Surveys (CSUR)","volume":"33 1","pages":"1 - 35"},"PeriodicalIF":0.0000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys (CSUR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3457904","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 52

Abstract

The adoption of network traffic encryption is continually growing. Popular applications use encryption protocols to secure communications and protect the privacy of users. In addition, a large portion of malware is spread through the network traffic taking advantage of encryption protocols to hide its presence and activity. Entering into the era of completely encrypted communications over the Internet, we must rapidly start reviewing the state-of-the-art in the wide domain of network traffic analysis and inspection, to conclude if traditional traffic processing systems will be able to seamlessly adapt to the upcoming full adoption of network encryption. In this survey, we examine the literature that deals with network traffic analysis and inspection after the ascent of encryption in communication channels. We notice that the research community has already started proposing solutions on how to perform inspection even when the network traffic is encrypted and we demonstrate and review these works. In addition, we present the techniques and methods that these works use and their limitations. Finally, we examine the countermeasures that have been proposed in the literature in order to circumvent traffic analysis techniques that aim to harm user privacy.

查看原文本刊更多论文

加密网络流量分析应用、技术及对策综述

网络流量加密的采用在不断增长。流行的应用程序使用加密协议来保护通信和保护用户的隐私。此外，很大一部分恶意软件通过网络流量传播，利用加密协议隐藏其存在和活动。进入互联网上完全加密通信的时代，我们必须迅速开始审查网络流量分析和检测领域的最新技术，以确定传统的流量处理系统是否能够无缝地适应即将全面采用的网络加密。在本调查中，我们研究了在通信通道加密上升后处理网络流量分析和检查的文献。我们注意到，研究界已经开始提出如何在网络流量被加密的情况下执行检查的解决方案，我们演示和审查了这些工作。此外，我们还介绍了这些作品使用的技术和方法及其局限性。最后，我们研究了文献中提出的对策，以规避旨在损害用户隐私的流量分析技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys (CSUR)

自引率

0.00%

发文量