In the Vault7 leak (malware library of the CIA <https://wikileaks.org/ciav7p1/>), there is a page giving advices to malware authors: how to avoid leaving traces <https://wikileaks.org/ciav7p1/cms/page_14587109.html>. Among very good advices, it talks of the IETF: DO use ITEF [sic] RFC compliant network protocols as a blending layer. The actual data, which must be encrypted in transit across the network, should be tunneled through a well known and standardized protocol (e.g. HTTPS) Custom protocols can stand-out to network analysts and IDS filters.