Various communication analysis techniques analyze and classify communication traffic based on behavioral characteristics rather than content. Such techniques are useful, for example, for analyzing encrypted traffic. For example, Bar Yanai et al. describe a statistical classifier for real-time classification of encrypted data, in “Realtime Classification for Encrypted Traffic,” Experimental Algorithms, Lecture Notes in Computer Science, Volume 6049, May, 2010, which is incorporated herein by reference.
As another example, Zhang and Paxson describe an algorithm for detecting “stepping stones”—intermediary hosts that are used for launching hostile network attacks, in “Detecting Stepping Stones,” Proceedings of the 9th USENIX Security Symposium, August, 2000, which is incorporated herein by reference. The algorithm is based on distinctive characteristics, e.g., packet size and timing, of interactive traffic, and not on connection contents.