Abstract Cyber threat intelligence officers and forensics investigators often require the behavioural profiling of groups based on their online video viewing activity. It has been demonstrated that encrypted video traffic can be classified under the assumption of using a known subset of video titles based on temporal video viewing trends of particular groups. Nonetheless, composing such a subset is extremely challenging in real situations. Therefore, this work exhibits a novel profiling scheme for encrypted video traffic with no a priori assumption of a known subset of titles. It introduces a seminal synergy of Natural Language Processing (NLP) and Deep Encoder-based feature embedding algorithms with refined clustering schemes from off-the-shelf solutions, in order to group viewing profiles with unknown video streams. This study is the first to highlight the most computationally effective, accurate combinations of feature embedding and clustering using real datasets, thereby, paving the way to future forensics tools for automated behavioural profiling of malicious actors.

中文翻译：

---

加密视频流量聚类揭秘

摘要 网络威胁情报官员和取证调查员通常需要根据他们的在线视频观看活动对群体进行行为分析。已经证明，可以在使用基于特定组的时间视频观看趋势的已知视频标题子集的假设下对加密视频流量进行分类。尽管如此，在实际情况下组成这样的子集极具挑战性。因此，这项工作展示了一种新颖的加密视频流量分析方案，没有已知标题子集的先验假设。它引入了自然语言处理 (NLP) 和基于深度编码器的特征嵌入算法与现成解决方案中的精细聚类方案的开创性协同作用，以便将具有未知视频流的观看配置文件分组。