Network traffic encryption not only protects corporate data and user privacy but also brings new challenges to malicious traffic detection. According to different ways of processing encrypted traffic, encrypted malicious traffic detection technology can be divided into active and passive detection. Active detection technology includes detection after traffic decryption and that based on searchable encryption technology. Its research focuses on privacy protection and detection efficiency improvement, and mainly analyzes the application of trusted execution environments and controllable transmission protocols. Passive detection technology is a method of identifying encrypted malicious traffic without perception for users and without performing any encryption or decryption operations. The research focuses on the selection and construction of features. It analyzes relevant detection methods from three types of features such as side channel features, plaintext features, and raw traffic, and then the experimental evaluation conclusions of relevant models are given. Finally, the feasibility of the research on the countermeasures of encrypted malicious traffic detection is analyzed from the perspectives of obfuscating traffic characteristics, interference learning algorithms, and hiding relevant information.