Contents I. Introduction
The use of encrypted communications has become common, with [1] reporting that approximately 81.8% of websites defaulted to use HTTPS for encrypted traffic in January 2023. Taking advantage of this trend, attackers also use encrypted communications for cyber attacks. In May 2017, CISCO reported that 21.4% of malware was already using HTTPS communications [2], and it is expected that this number has increased since then. Since payload of the traffic is encrypted, conventional investigation methods such as deep packet inspection (DPI) or signature-based detection cannot be applied. Therefore, many organizations and companies take counter-measures by performing the process of decrypting encrypted traffic, analyzing it, and encrypting it again at the exit, and several vendors sell products that can achieve this. However, the recent shift to the cloud environment has made the situation more complicated. Especially after COVID-19, the shifting was more accelerated, and many employee’s devices now communicate directly with the clouds [3]. This has diminished the effectiveness of the above measures. Furthermore, the fact that ordinary businesses now take for granted Internet connections of several tens of Gbps, and even ordinary households now use Internet connections of 10 Gbps, has also contributed to the ineffectiveness of the above measures. Installing software to monitor traffic on endpoint terminals could be considered as a countermeasure, but it is also very costly. Therefore, a different approach is needed to support the monitoring operations of encrypted traffic.
