Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Exploring QUIC Dynamics: A Large-Scale Dataset for Encrypted Traffic Analysis

Barak Gahtan, Robert J. Shahla, Alex M. Bronstein, Reuven Cohen

TL;DR

This paper tackles the challenge of encrypted QUIC traffic analysis by introducing VisQUIC, a large-scale dataset with SSL keys for controlled decryption and coverage across multiple QUIC implementations. It introduces an image-based representation of QUIC traffic and standardized benchmarks enabling ML-driven analysis on encrypted data within a temporal window $T$ and configurable resolutions. Key contributions include 100,000+ traces from 44,000+ websites, SSL-key access, diverse QUIC implementations, and a benchmark achieving up to 97% CAP in HTTP/3 response estimation. The open VisQUIC release provides a reproducible platform for encrypted traffic research, with future directions toward privacy-preserving analytics and expansion to mobile and IoT contexts.

Abstract

The increasing adoption of the QUIC transport protocol has transformed encrypted web traffic, necessitating new methodologies for network analysis. However, existing datasets lack the scope, metadata, and decryption capabilities required for robust benchmarking in encrypted traffic research. We introduce VisQUIC, a large-scale dataset of 100,000 labeled QUIC traces from over 44,000 websites, collected over four months. Unlike prior datasets, VisQUIC provides SSL keys for controlled decryption, supports multiple QUIC implementations (Chromium QUIC, Facebooks mvfst, Cloudflares quiche), and introduces a novel image-based representation that enables machine learning-driven encrypted traffic analysis. The dataset includes standardized benchmarking tools, ensuring reproducibility. To demonstrate VisQUICs utility, we present a benchmarking task for estimating HTTP/3 responses in encrypted QUIC traffic, achieving 97% accuracy using only observable packet features. By publicly releasing VisQUIC, we provide an open foundation for advancing encrypted traffic analysis, QUIC security research, and network monitoring.

Exploring QUIC Dynamics: A Large-Scale Dataset for Encrypted Traffic Analysis

TL;DR

This paper tackles the challenge of encrypted QUIC traffic analysis by introducing VisQUIC, a large-scale dataset with SSL keys for controlled decryption and coverage across multiple QUIC implementations. It introduces an image-based representation of QUIC traffic and standardized benchmarks enabling ML-driven analysis on encrypted data within a temporal window and configurable resolutions. Key contributions include 100,000+ traces from 44,000+ websites, SSL-key access, diverse QUIC implementations, and a benchmark achieving up to 97% CAP in HTTP/3 response estimation. The open VisQUIC release provides a reproducible platform for encrypted traffic research, with future directions toward privacy-preserving analytics and expansion to mobile and IoT contexts.

Abstract

The increasing adoption of the QUIC transport protocol has transformed encrypted web traffic, necessitating new methodologies for network analysis. However, existing datasets lack the scope, metadata, and decryption capabilities required for robust benchmarking in encrypted traffic research. We introduce VisQUIC, a large-scale dataset of 100,000 labeled QUIC traces from over 44,000 websites, collected over four months. Unlike prior datasets, VisQUIC provides SSL keys for controlled decryption, supports multiple QUIC implementations (Chromium QUIC, Facebooks mvfst, Cloudflares quiche), and introduces a novel image-based representation that enables machine learning-driven encrypted traffic analysis. The dataset includes standardized benchmarking tools, ensuring reproducibility. To demonstrate VisQUICs utility, we present a benchmarking task for estimating HTTP/3 responses in encrypted QUIC traffic, achieving 97% accuracy using only observable packet features. By publicly releasing VisQUIC, we provide an open foundation for advancing encrypted traffic analysis, QUIC security research, and network monitoring.
Paper Structure (10 sections, 5 equations, 5 figures, 2 tables)

This paper contains 10 sections, 5 equations, 5 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. VisQUIC: A Dataset for Encrypted QUIC Traffic Analysis
  4. Dataset Collection and Structure
  5. Image-Based Representation for ML Applications
  6. Dataset Scope and Accessibility
  7. Potential Applications of VisQUIC
  8. Benchmarking HTTP/3 Response Estimation
  9. Conclusion
  10. Appendices

Figures (5)

  • Figure 1: Constructing an image from a QUIC trace. (a) Raw packet metadata captures timing, size, and direction. (b) Packets are binned by time and length, creating histograms for client-to-server (green) and server-to-client (red) traffic. (c) The final RGB representation preserves temporal relationships and directionality, where pixel intensity indicates packet density.
  • Figure 2: Comparison of QUIC image representations at different resolutions. Lower resolutions lose fine packet detail, while higher resolutions capture intricate temporal patterns.
  • Figure 3: Response distribution for training and evaluation datasets with a $T=0.1$-second sliding window.
  • Figure 4: Prediction errors assuming known web servers. Red lines indicate median values; blue boxes represent 25–75% prediction intervals.
  • Figure 5: Scatter plots showing prediction results: each point compares a trace’s predicted vs. true response count. Transparency ($0.05$) highlights density in overlapping regions.