Privacy-Preserving Anomaly Detection in Encrypted Traffic
2025 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE credits
Student thesis
Abstract [en]
In 2023, 90% of internet traffic was encrypted which blocked forensic analysis without opening the packets. Our thesis develops a method for the identification of suspicious behavior in encrypted traffic on the basis of metadata, without breaking privacy laws including GDPR. Four machine learning algorithms were experimented with for anomaly detection: Isolation Forest, One-Class SVM, DBSCAN, and K-Means. Based on the results, Isolation Forest was selected for the final system due to its superior performance (AUC = 0.94, AP = 0.36). We have developed thirteen visualizations including scatter plots and performance charts, to clearly show the results, and finally with the help of seven peers in network forensics we reviewed these plots to find the better solution. Our system can be used in Security Operations Centers (SOC) and it will be helpful in investigating threats such as data theft while protecting privacy. Our system will provide accuracy, clarity and legal compliance.
Keywords: Encrypted Traffic, Digital Forensics, Machine Learning, Anomaly Detection, PCA, DBSCAN, Isolation Forest, Interactive Visualization
Place, publisher, year, edition, pages
2025. , p. 42
Keywords [en]
Encrypted Traffic, Digital Forensics, Machine Learning, Anomaly Detection, PCA, DBSCAN, Isolation Forest, Interactive Visu- alization
National Category
Other Computer and Information Science
Identifiers
URN: urn:nbn:se:hh:diva-56267OAI: oai:DiVA.org:hh-56267DiVA, id: diva2:1965964
Educational program
Master's Programme in Network Forensics, 60 credits
Presentation
2025-05-15, Halmstad University, 10:00 (English)
Supervisors
Examiners
2025-06-112025-06-092025-10-01Bibliographically approved