• Novel Method for Encrypted Traffic Analysis: This paper introduces an innovative technique for analysing encrypted traffic on instant messaging platforms, a critical issue in the field of information forensics and security. The approach uses machine learning models to extract meaningful features from encrypted data, enabling the detection of communication events such as message exchanges. • High-Precision Message Fingerprinting: The method achieves exceptionally high accuracy, with F1 scores reaching 0.98 on platforms like WhatsApp, illustrating the capability to fingerprint messages even when encrypted. This contribution is crucial to the security community, as it advances pattern recognition and forensics in encrypted traffic, a domain where accurate detection has historically been challenging. • Platform-Specific Vulnerability Insights: By revealing significant performance differences across platforms (e.g., WhatsApp vs. X), this research highlights vulnerabilities specific to messaging platforms in their susceptibility to traffic analysis. • Real-Time Traffic Analysis for Security Monitoring: The ability to detect message patterns in real time, without needing to decrypt traffic, presents a valuable contribution to the field of surveillance and real-time security monitoring. Real-time detection is essential in scenarios such forensics investigations, where quick response is needed. This speaks to the journal’s focus on practical applications in real-world systems. • Security and Privacy Implications: The paper exposes privacy vulnerabilities in current encryption practices, demonstrating that communication patterns can be inferred despite encryption. This insight is pivotal in the field of information security and forensic analysis, encouraging the development of more robust encryption schemes or countermeasures against traffic analysis attacks. Encrypted instant messaging (IM) traffic conceals message content but still exposes communication patterns that can reveal user behaviour. This paper presents a unified framework for inferring user activities across multiple IM platforms by analysing encrypted traffic using machine learning techniques. The proposed approach integrates empirical traffic characterisation, transaction-centric segmentation, and lightweight classifiers to detect user actions, such as sending or receiving text and multimedia messages, in real time. Using Zeek as the core analysis engine, the framework performs packet inspection, transaction segmentation, connection classification, and feature extraction. The framework was evaluated on traffic from nine major IM platforms (Discord, Facebook Messenger, Instagram, Snapchat, Microsoft Teams, Telegram, WeChat, WhatsApp, and X), achieving F1 scores ranging from 0.62 for X up to 0.98 for WhatsApp. Unlike prior studies limited to single applications or synthetic datasets, our work employs realistic, user-driven traffic and explicitly distinguishes message type and direction, improving comparison and cross-platform generalization. Beyond methodological advancements, this study exposes privacy risks inherent in encrypted communication and outlines ethical safeguards and countermeasures to mitigate activity fingerprinting. The findings demonstrate that accurate, real-time inference of encrypted messaging activities is feasible under responsible, consent-based conditions, offering valuable insights for network forensics and privacy-aware communication design.
Mehavilla et al. (Sun,) studied this question.