International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 13 Issue: 01 | Jan 2026
p-ISSN: 2395-0072
www.irjet.net
Cyber Threat Detection in Encrypted Traffic Analysis without Decryption Vaishnavi V, Santhosh Devappa Dubari, Uzma Samreen Madeena Vaishnavi V, Department of CSE, East Point College of Engineering and Technology, Bengaluru, Karnataka, India Santhosh Devappa Dubari, Department of CSE, East Point College of Engineering and Technology, Bengaluru, Karnataka, India Uzma Samreen Madeena, Department of CSE East Point College of Engineering and Technology, Bengaluru, Karnataka, India -----------------------------------------------------------------------***-----------------------------------------------------------------------1. INTRODUCTION Abstract - This paper presents an AI-based cyber threat detection system that analyses encrypted network traffic without the need for decryption. As most modern communication is now encrypted, traditional security systems that rely on payload inspection struggle to identify threats hidden within secure channels. Decrypting traffic introduces computational overhead and privacy risks, making it unsuitable for privacy-focused environments. To overcome this challenge, the proposed system examines traffic metadata such as packet size, flow duration, timing intervals, packet rate, and behavioural patterns instead of inspecting packet contents. A Random Forest machine learning model trained on the CICIDS dataset is employed to classify network flows as normal or malicious, including threats such as DoS, DDoS, Port Scan, Probe, and Brute Force attacks. Live network traffic is captured using Scapy, and the extracted metadata is processed in real time to generate predictions. When abnormal activity is detected, the system immediately triggers alerts and updates an interactive web dashboard developed using Flask and SocketIO, providing visual insights into traffic behaviour, threat severity, and alert logs. Experimental evaluation demonstrates that the proposed approach achieves a detection accuracy of 95%, outperforming alternative classifiers such as Naive Bayes (86%), KNN (88%), SVM (91%), and Decision Tree (89%). Performance is assessed using standard metrics Including accuracy, precision, recall, F1-score, and detection latency, confirming the system’s suitability for real-time deployment in encrypted network environments. By combining AI-driven analysis with realtime visualization and automated alerting, this work offers a lightweight, efficient, and privacy-preserving solution for modern cybersecurity requirements.
Modern network communication relies heavily on encryption to protect user data, but this creates a challenge for traditional security systems that depend on inspecting packet content to identify threats. Since encrypted traffic hides the payload, techniques such as deep packet inspection become ineffective, and decrypting data introduces privacy risks and high processing overhead. As attackers increasingly exploit encrypted channels, there is a growing need for security solutions that can detect malicious activity without accessing sensitive information. A promising approach is to analyze traffic metadata, such as packet size, flow duration, timing intervals, and packet rate, which reveal behavioral patterns even when the content is encrypted. With the help of machine learning, these patterns can be studied to classify network flows as normal or suspicious. Real time dashboards further support monitoring by presenting alerts and traffic insights in a visual and easy to understand format. Based on this idea, the proposed system uses AI to detect cyber threats in encrypted traffic without performing decryption. By combining metadata analysis, a trained Random Forest model, live packet capture, and dashboard visualization, the system provides an efficient and privacy preserving solution suitable for modern secure networks.
1.1 Background Today’s digital world depends heavily on online communication, and most of this communication is protected through encryption to keep user information private. While encryption is essential, it creates a major challenge for organizations that need to monitor their networks for harmful activities. When data is hidden inside encrypted traffic, it becomes difficult to understand whether the activity is normal or potentially dangerous. This problem exists because security teams can no longer see what is inside the data being transmitted, yet attacks still happen through the same encrypted channels. As a result, users, companies, and
Key Words: Privacy Preserving Detection, Encrypted Traffic Analysis, No Decryption Approach, Metadata Based Classification, Machine Learning, Random Forest, Cyber Threat Detection, Real Time Monitoring.
© 2026, IRJET
|
Impact Factor value: 8.315
|
ISO 9001:2008 Certified Journal
|
Page 594