Encrypted video traffic clustering demystified

Amit Dvir, Angelos K. Marnerides, Ran Dubin, Nehor Golan, Chen Hajaj

Research output: Contribution to journalArticlepeer-review

9 Scopus citations


Cyber threat intelligence officers and forensics investigators often require the behavioural profiling of groups based on their online video viewing activity. It has been demonstrated that encrypted video traffic can be classified under the assumption of using a known subset of video titles based on temporal video viewing trends of particular groups. Nonetheless, composing such a subset is extremely challenging in real situations. Therefore, this work exhibits a novel profiling scheme for encrypted video traffic with no a priori assumption of a known subset of titles. It introduces a seminal synergy of Natural Language Processing (NLP) and Deep Encoder-based feature embedding algorithms with refined clustering schemes from off-the-shelf solutions, in order to group viewing profiles with unknown video streams. This study is the first to highlight the most computationally effective, accurate combinations of feature embedding and clustering using real datasets, thereby, paving the way to future forensics tools for automated behavioural profiling of malicious actors.

Original languageEnglish
Article number101917
JournalComputers and Security
StatePublished - Sep 2020
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2020 Elsevier Ltd


  • Clustering
  • Encrypted traffic
  • NLP
  • Video title
  • Youtube


Dive into the research topics of 'Encrypted video traffic clustering demystified'. Together they form a unique fingerprint.

Cite this