Abstract
Inspecting network traffic has been a staple technique of Cybersecurity tools for many years. This
ability to review packet contents as they traverse an organization’s network is hindered by the ever
increasing use of encrypted communications. Without the visibility of deep-packet inspection, automated
systems are unable to determine if network connections pose a threat to organizational interests or if
they are supporting necessary day-to-day interactions.
One solution is a man-in-the-middle configuration, where an organization decrypts all traffic traversing
its borders, however, this is cumbersome and computationally expensive as network speeds increase.
This thesis aims to survey the current landscape of “in the dark” network traffic fingerprinting, where
encrypted payloads remain opaque to automated analysis leaving only network flow, packet header, and
inferred metadata available for traffic classification.