eprintid: 10206661
rev_number: 7
eprint_status: archive
userid: 699
dir: disk0/10/20/66/61
datestamp: 2025-03-28 15:16:28
lastmod: 2025-03-28 15:16:28
status_changed: 2025-03-28 15:16:28
type: article
metadata_visibility: show
sword_depositor: 699
creators_name: Feng, Yebo
creators_name: Li, Jun
creators_name: Mirkovic, Jelena
creators_name: Wu, Cong
creators_name: Wang, Chong
creators_name: Ren, Hao
creators_name: Xu, Jiahua
creators_name: Liu, Yang
title: Unmasking the Internet: A Survey of Fine-Grained Network Traffic Analysis
ispublished: inpress
divisions: UCL
divisions: B04
divisions: F48
keywords: Network traffic, traffic analysis, traffic classification, traffic monitoring, fine-grained traffic analysis, intrusion
detection, user behavior identification
note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
abstract: Fine-grained traffic analysis (FGTA), as an advanced form of traffic analysis (TA), aims to analyze network traffic to deduce fine-grained information on or above the application layer, such as application-layer activities, fine-grained user behaviors, or message content, even in the presence of traffic encryption or traffic obfuscation. Different from traditional TA, FGTA approaches are usually based on complicated processing pipelines or sophisticated data mining techniques such as deep learning or high-dimensional clustering, enabling them to discover subtle differences between different network traffic groups. Nowadays, with the increasingly complex Internet architecture, the increasingly frequent transmission of user data, and the widespread use of traffic encryption, FGTA is becoming an essential tool for both network administrators and attackers to gain different levels of visibility over the network. It plays a critical role in intrusion and anomaly detection, quality of experience investigation, user activity inference, website fingerprinting, location estimation, etc. To help scholars and developers research and advance this technology, in this survey paper, we examine the literature that deals with FGTA, investigating the frontier developments in this domain. By comprehensively surveying different approaches toward FGTA, we introduce their input traffic data, elaborate on their operating principles by different use cases, indicate their limitations and countermeasures, and raise several promising future research avenues.
date: 2025-02-25
date_type: published
publisher: Institute of Electrical and Electronics Engineers (IEEE)
official_url: https://doi.org/10.1109/comst.2025.3545541
oa_status: green
full_text_type: other
language: eng
primo: open
primo_central: open_green
verified: verified_manual
elements_id: 2369924
doi: 10.1109/COMST.2025.3545541
lyricists_name: Xu, Jiahua
lyricists_id: JXUDX19
actors_name: Flynn, Bernadette
actors_id: BFFLY94
actors_role: owner
full_text_status: public
publication: IEEE Communications Surveys & Tutorials
issn: 1553-877X
citation:        Feng, Yebo;    Li, Jun;    Mirkovic, Jelena;    Wu, Cong;    Wang, Chong;    Ren, Hao;    Xu, Jiahua;           Feng, Yebo;  Li, Jun;  Mirkovic, Jelena;  Wu, Cong;  Wang, Chong;  Ren, Hao;  Xu, Jiahua;  Liu, Yang;   - view fewer <#>    (2025)    Unmasking the Internet: A Survey of Fine-Grained Network Traffic Analysis.                   IEEE Communications Surveys & Tutorials        10.1109/COMST.2025.3545541 <https://doi.org/10.1109/COMST.2025.3545541>.    (In press).    Green open access   
 
document_url: https://discovery.ucl.ac.uk/id/eprint/10206661/1/Unmasking_the_Internet_A_Survey_of_Fine-Grained_Network_Traffic_Analysis.pdf