Encrypted Traffic Analysis: A Primer

Posted · Add Comment

Monitoring encrypted traffic is must for providing visibility in modern traffic. Due to this we’ve put a lot of energy in extending nDPI so that it could be useful in this context. DPI (deep packet inspection) however is not enough for complete visibility, and thus we have started to add classification techniques and algorithm to nDPI to merge visibility and behavioural analysis. In fact flow-based analysis is not enough to understand what’s happening on a network without having a big picture. An this is what we’re doing in our tools, and in particular on ntopng v4 that will be introduced next month.



In this context, we have organised a series of seminars at the University of Pisa, Italy, where we cover some hot topics in cybersecurity. Yesterday over 200 people attended the first event about encrypted traffic analysis.

For those who have missed this event, these are the presentation slides. We hope you will enjoy the presentation that describe various techniques we implemented/experimented with while carrying on our research.