Note:
- β Please leave a STAR if you like this project! β
- If you find any incorrect / inappropriate / outdated content, please kindly consider opening an issue or a PR.
- We would greatly appreciate your contribution to this list, and you will appear in the contributorsβ¨!
- About
- Dataset
- Survey & Benchmark
- Encrypted Traffic Analysis
- Measurement
- Research Groups
- Blogs
- Tool Libraries and Frameworks
- News and Updates
- Contributors
This repository offers a curated collection of research and development resources in the field of encrypted traffic analysis, with an emphasis on representative studies, datasets, and notable research groups.
| Dataset | Description | Year | Status |
|---|---|---|---|
| Canadian Institute for Cybersecurity Datasets | IoT, LLM, DNS, IDS, DoS, Darknet, Tor, VPN, Botnet, Malware | β | π’Β Regularly |
| ANT Datasets | Botnet, IoT, DNS, IP Geolocation | β | π’Β Regularly |
| Information Security and Object Technology Research Lab Datasets | IoT, Botnet, Cloud Security | β | π’Β Regularly |
| VisQUIC | QUIC Traffic Captured from Different Webpages | 2025 | π΅Β New |
| CipherSpectrum | TLS 1.3 Web-Traffic for 40 Domains | 2025 | π΅Β New |
| NETD | Dynamic Non-I.I.D. Encrypted Traffic Dataset | 2025 | π΅Β New |
| MobileTraffic | 300+ Mobile Apps | 2024 | π‘Β No updates |
| Network Multiflow Fingerprinting Datasets | UAV, IoT Device ID, ISD, KWS, SWF | 2023 | π‘Β No updates |
| Itc-Net-Blend-60 | Android Apps in Diverse Environments | 2023 | π‘Β No updates |
| AnonProxy2023 | Anonymous, Proxy, VPN | 2023 | π‘Β No updates |
| CSTNET-TLS 1.3 | TLS 1.3 Services | 2022 | π‘Β No updates |
| LFETT2021 Dataset | Tunnel, Proxy, VPN | 2021 | π‘Β No updates |
| DataCon2021-Encrypted Proxy | Proxy, VPN | 2021 | π‘Β No updates |
| Malware Capture Facility Project | CTU, IoT, Malware, Botnet | 2020 | π‘Β No updates |
| Cross-Platform (Backup Dataset) | iOS and Android Apps | 2019 | π‘Β No updates |
| Network-based Intrusion Detection | AWID, Botnet, CIC DoS, CTU, DARPA | 2019 | π‘Β NoΒ updates |
| Wangknn-dataset | Tor, Websites | 2018 | π‘Β No updates |
| DLWF | Tor, Websites, Concept Drift, Open World | 2018 | π‘Β No updates |
| Network-Flow-of-QUIC | QUIC Services | 2017 | π‘Β No updates |
- Decision-Making Large Language Model for Wireless Communication: A Comprehensive Survey on Key Techniques. Ning Yang.
IEEE Communications Surveys & Tutorials 2025. - SoK: Decoding the Enigma of Encrypted Network Traffic Classifiers. Nimesha Wickramasinghe.
S&P 2025. [code] - Large Language Model (LLM) for Telecommunications: A Comprehensive Survey on Principles, Key Techniques, and Opportunities. Hao Zhou.
IEEE Communications Surveys & Tutorials 2025. - Deep learning and pre-training technology for encrypted traffic classification: A comprehensive review. Wenqi Dong.
Neurocomputing 2024. - SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses. Nate Mathews.
S&P 2023. - Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive Survey. Meng Shen.
IEEE Communications Surveys & Tutorials 2023. - Graph Mining for Cybersecurity: A Survey. Bo Yan.
ACM Transactions on Knowledge Discovery from Data 2023. - Deep Learning for Encrypted Traffic Classification: An Overview. Shahbaz Rezaei.
IEEE Communications Magazine 2019. - Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. Fannia Pacheco.
IEEE Communications Surveys & Tutorials 2019. - Deep Learning in Mobile and Wireless Networking: A Survey. Chaoyun Zhang.
IEEE Communications Surveys & Tutorials 2019.
- The Digital Cybersecurity Expert: How Far Have We Come?. Dawei Wang.
S&P 2025. [Report] [BenchMark] - Demystifying Network Foundation Models. Sylee Beltiukov.
NeurIPS 2025. [BenchMark] - SECURE: Benchmarking Large Language Models for Cybersecurity. Dipkamal Bhusal.
ACSAC 2024. [BenchMark] - CTIBench: A Benchmark for Evaluating LLMs in Cyber Threat Intelligence. Md Tanvirul Alam.
NeurIPS 2024. [Evaluation] [BenchMark] - NetBench: A Large-Scale and Comprehensive Network Traffic Benchmark Dataset for Foundation Models. Qian Chen.
FMSys 2024. [Dataset]
- BTRFormer: Hierarchical Learning of Encrypted Traffic Using a Masked Autoencoder with Block-Based Traffic Representation. Junnan Yin.
ICNP 2025. [code] - MOTA: Mixture Of Traffic Agents for Robust Network Traffic Classification. Shaowei Li.
IWQoS 2025. - TraGe: A Generic Packet Representation for Traffic Classification Based on Header-Payload Differences. Chungang Lin.
IWQoS 2025. - Swallow: A Transfer-Robust Website Fingerprinting Attack via Consistent Feature Learning. Meng Shen.
CCS 2025. [code] - MM4flow: A Pre-trained Multi-modal Model for Versatile Network Traffic Analysis. Luming Yang.
CCS 2025. - MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification. Xuyang Chen and Lu Han.
AAAI 2025. - TrafficFormer: An Efficient Pre-trained Model for Traffic Data. Guangmeng Zhou.
S&P 2025. [code] - Designing and engineering a Q&A LLM for network packet representation. Giovanni Dettori.
Politecnico di Torino, Master's Degree Thesis, 2024. - Ptu: Pre-Trained Model for Network Traffic Understanding. Lingfeng Peng.
ICNP 2024. - NetMamba: Efficient Network Traffic Classification via Pre-training Unidirectional Mamba. Tongze Wang.
ICNP 2024. [code] - Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic Classification. Zijun Hang.
RAID 2023. [code] - Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training. Xiang Li.
SECON 2023. - Yet Another Traffic Classifier: A Masked Autoencoder Based Traffic Transformer with Multi-Level Flow Representation. Ruijie Zhao.
AAAI 2023. [code] - MT-FlowFormer: A Semi-Supervised Flow Transformer for Encrypted Traffic Classification. Ruijie Zhao.
KDD 2022. - ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. Xinjie Lin.
WWW 2022. [code] [Reproduce]
- Revolutionizing Encrypted Traffic Classification with MH-Net: A Multi-View Heterogeneous Graph Model. Haozhen Zhang.
AAAI 2025. [code] - FlowMiner: A Powerful Model Based on Flow Correlation Mining for Encrypted Traffic Classification. Hongbo Xu.
INFOCOM 2025. - TFE-GNN: A Temporal Fusion Encoder Using Graph Neural Networks for Fine-grained Encrypted Trafic Classification. Haozhen Zhang.
WWW 2023. [code] - An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting. Jian Qu.
USENIX Security 2023. [code] - Packet Representation Learning for Traffic Classification. Xuying Meng.
KDD 2022. [code] - Enabling Efficient Flow Classification for ML-based Network Security Applications. Diogo Barradas.
NDSS 2021. [code] - FS-Net: A Flow Sequence Network For Encrypted Traffic Classification. Chang Liu.
INFOCOM 2019. [code] - MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints. Chang Liu.
IWQoS 2018. [code]
- Resolving Packets from Counters: Enabling Multi-scale Network Traffic Super Resolution via Composable Large Traffic Model. Xizheng Wang.
NSDI 2025. [code] - NetLLM: Adapting Large Language Models for Networking. Duo Wu.
SIGCOMM 2024. [code] - NetDiffusion: Network Data Augmentation Through Protocol-Constrained Traffic Generation. Xi Jiang.
SIGMETRICS 2023. [code]
- Datacenter Network Deserves Be!er Traffic Models. Sijiang Huang.
HotNets 2023. - Practical GAN-based synthetic IP header trace generation using NetShare. Yucheng Yin.
SIGCOMM 2022. [code]
- Robust Detection of Malicious Encrypted Traffic via Contrastive Learning. Meng Shen.
TIFS 2025. - Trident: A Universal Framework for Fine-Grained and Class-Incremental Unknown Traffic Detection. Secbrain.
WWW 2024. [code] - Mateen: Adaptive Ensemble Learning for Network Anomaly Detection. Fahad Alotaibi.
RAID 2024. [code] - AOC-IDS: Autonomous Online Framework with Contrastive Learning for Intrusion Detection. Xinchen Zhang.
INFOCOM 2024. [code] - Early Network Intrusion Detection Enabled by Attention Mechanisms and RNNs. Taki Eddine Toufik Djaidja.
TIFS 2024. - TMG-GAN: Generative Adversarial Networks-Based Imbalanced Learning for Network Intrusion Detection. Hongwei Ding.
TIFS 2024. - Network intrusion detection based on n-gram frequency and time-aware transformer. Xueying Han.
Computer Security 2023. - Encrypted Malware Traffic Detection via Graph-based Network Analysis. Zhuoqun Fu.
RAID 2022. - Interactive Anomaly Detection in Dynamic Communication Networks. Xuying Meng.
ToN 2021. [code]
- Training with Only 1.0 β° Samples: Malicious Traffic Detection via Cross-Modality Feature Fusion. Chuanpu Fu.
CCS 2025. - Wedjat: Detecting Sophisticated Evasion Attacks via Real-time Causal Analysis. Li Gao.
KDD 2025. - PETNet: Plaintext-aware encrypted traffic detection network for identifying Cobalt Strike HTTPS traffics. Xiaodu Yang.
Computer Networks 2024. [code] - Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns. Chuanpu Fu.
CCS 2024. [code] - Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms. Chuanpu Fu.
CCS 2023. [code] - Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis. Chuanpu Fu.
NDSS 2023. [code]
- IoT Malicious Traffic Detection
- HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong.
USENIX Security 2023.
- HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong.
- Vehicle Network (IoV) Malicious Traffic Detection
- Cyber Security Framework for Vehicular Network Based on a Hierarchical Game. Hichem Sedjelmaci.
IEEE Transactions on Emerging Topics in Computing 2021.
- Cyber Security Framework for Vehicular Network Based on a Hierarchical Game. Hichem Sedjelmaci.
Illegal Traffic Identification
- Gambling Detection
- Let gambling hide nowhere: Detecting illegal mobile gambling apps via heterogeneous graph-based encrypted traffic analysis. Zheyuan Gu.
Computer Networks 2024. - Gambling Domain Name Recognition via Certificate and Textual Analysis. GuoYing Sun.
The Computer Journal 2023. - Analyzing Ground-Truth Data of Mobile Gambling Scams. Geng Hong.
Symposium on Security and Privacy (S&P) 2022.
- Let gambling hide nowhere: Detecting illegal mobile gambling apps via heterogeneous graph-based encrypted traffic analysis. Zheyuan Gu.
- HOLMES & WATSON: A Robust and Lightweight HTTPS Website Fingerprinting through HTTP Version Parallelism. Yifei Cheng.
WWW 2025. - NΓΌwa: Enhancing Network Traffic Analysis With Pre-Trained Side-Channel Feature Imputation. Faqi Zhao.
ToN 2025. - DE-GNN: Dual embedding with graph neural network for fine-grained encrypted traffic classification. Xinbo Han.
Computer Networks 2024. - Seeing Traffic Paths: Encrypted Traffic Classification With Path Signature Features. Shijie Xu.
TIFS 2022. - A Novel Multimodal Deep Learning Framework for Encrypted Traffic Classification. Peng Lin.
ToN 2022. - Accurate Decentralized Application Identification via Encrypted Traffic Analysis Using Graph Neural Networks. Meng Shen.
TIFS 2021. - Classifying encrypted traffic using adaptive fingerprints with multi-level attributes. Chang Liu.
WWW Journal 2021. - Fine-Grained Webpage Fingerprinting Using Only Packet Length Information of Encrypted Traffic. Meng Shen.
TIFS 2020. - CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification. Cong Dong.
Computer Networks 2020.
- Tunnel and VPN
- Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes. Diwen Xue.
USENIX Security 2024. - ProxyKiller: An Anonymous Proxy Traffic Attack Model Based on Traffic Behavior Graphs. Hongbo Xu.
ESORICS 2024. - VPNSniffer: Identifying VPN Servers Through Graph-Represented Behaviors. Chenxu Wang.
WWW 2024. - Causality Correlation and Context Learning Aided Robust Lightweight Multi-Tab Website Fingerprinting Over Encrypted Tunnel. Siyang Chen.
INFOCOM 2024. [code] [data] - Website Fingerprinting on Encrypted Proxies: A Flow-Context-Aware Approach and Countermeasures. Xiaobo Ma.
ToN 2024. [code] - Context-aware Website Fingerprinting over Encrypted Proxies. Xiaobo Ma.
INFOCOM 2021.
- Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes. Diwen Xue.
- Tor
- Beyond Single Tabs: A Transformative Few-Shot Approach to Multi-Tab Website Fingerprinting Attacks. Wenwen Meng.
WWW 2025. [code] - Enhancing Search Privacy on Tor: Advanced Deep Keyword Fingerprinting Attacks and BurstGuard Defense. Chaiwon Hwang.
ASIA CCS 2025. - Stop, Donβt Click Here Anymore: Boosting Website Fingerprinting By Considering Sets of Subpages. Mitseva and Panchenko.
Usenix Security 2024. - Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis. Xinhao Deng.
CCS 2024. [code] - Towards Fine-Grained Webpage Fingerprinting at Scale. Xiyuan Zhao and Xinhao Deng.
CCS 2024. [code] - On Precisely Detecting Censorship Circumvention in Real-World Networks. Ryan Wails.
NDSS 2024. - HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories. Qingfeng Zhang.
WWW 2024. - Towards Robust Multi-tab Website Fingerprinting. Xinhao Deng.
S&P 2023. [code] - Realistic Website Fingerprinting By Augmenting Network Trace. Alireza Bahramali.
CCS 2023. [code] - Transformer-based Model for Multi-tab Website Fingerprinting Attack. Zhaoxin Jin.
CCS 2023. [code] - Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. Giovanni Cherubin.
USENIX Security 2022. - Adaptive Fingerprinting:Website Fingerprinting over Few Encrypted Traffic. Chenggang Wang.
CODASPY 2021. - BAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on Tor. Zhong Guan.
ACSAC 2021. - Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam.
CCS 2019. [code] - Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks. Mohammad Saidur Rahman.
PETS 2019. [code] - Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. Payap Sirinam.
CCS 2018. [code] - Automated Website Fingerprinting through Deep Learning. Vera Rimmer.
NDSS 2018. [code]
- Beyond Single Tabs: A Transformative Few-Shot Approach to Multi-Tab Website Fingerprinting Attacks. Wenwen Meng.
- Tunnel and VPN
- DecETT: Accurate App Fingerprinting Under Encrypted Tunnels via Dual Decouple-based Semantic Enhancement. Zheyuan Gu.
WWW 2025. [code] - AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN. Sanghak Oh.
WWW 2023. [code]
- DecETT: Accurate App Fingerprinting Under Encrypted Tunnels via Dual Decouple-based Semantic Enhancement. Zheyuan Gu.
- Mobile App
- Ultimate Encrypted Traffic Feature Engineering: HTTPS Encrypted Traffic Classification Using Restored Application Data Unit Length. Zihan Chen.
TDSC 2025. - A novel approach for application classification with encrypted traffic using BERT and packet headers. Jaehak Yu.
Computer Networks 2024. - Packet-Level Open-World App Fingerprinting on Wireless Traffic. Jianfeng Li.
NDSS 2022. [code] - FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. Thijs van Ede.
NDSS 2020. [code] - Robust Smartphone App Identification via Encrypted Network Traffic Analysis. Vincent F. Taylor.
IEEE Transactions on Information Forensics and Security (TIFS) 2018. [code] - AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic. Vincent F. Taylor.
Euro S&P 2016. [code] - Adaptive encrypted traffic fingerprinting with bi-directional dependence. Khaled Al-Naami.
ACSAC 2016. [code]
- Ultimate Encrypted Traffic Feature Engineering: HTTPS Encrypted Traffic Classification Using Restored Application Data Unit Length. Zihan Chen.
- Streaming Media
- JumpDASH: LLM-Based Content Perception for Intelligent Jumping DASH in Mobile Adaptive Video Streaming. Hanling Wang.
ToN 2025. - PPVF: An Efficient Privacy-Preserving Online Video Fetching Framework With Correlated Differential Privacy. Xianzhi Zhang.
ToN 2025. - Dive into streaming: efficient identification of encrypted dynamic DASH video traffic. Xiyuan Zhang.
SCIS 2026. - Endangered Privacy: Large-Scale Monitoring of Video Streaming Services. Martin BjΓΆrklund.
USENIX Security 2025. - TorVIA A Novel Encrypted Video Identification Method Based on Tor Transmission Characteristics. Juncheng Lu.
Computer Networks 2025. - The Analysis of Encrypted Video Stream Based on Low-dimensional Embedding Method. Luming Yang.
TIFS 2024. - Zenith: Real-time Identification of DASH Encrypted Video Traffic with Distortion. Weitao Tang.
MM 2024. - Breaking Through the Diversity: Encrypted Video Identification Attack Based on QUIC Features. Nan Hu.
ESORICS 2024. - Traffic spills the beans: A robust video identification attack against YouTube. Xiyuan Zhang.
ComSec 2024. - EVS2vec: A Low-dimensional Embedding Method for Encrypted Video Stream Analysis. Luming Yang.
SECON 2023 - Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. Jiaxi Gu.
IEEE INFOCOM 2018.
- JumpDASH: LLM-Based Content Perception for Intelligent Jumping DASH in Mobile Adaptive Video Streaming. Hanling Wang.
- LLMs Privacy Analysis
- Whisper Leak: A novel side-channel attack on remote language models. Microsoft Defender Security Research Team.
Microsoft Security 2025. [code] [Report] - What Was Your Prompt? A Remote Keylogging Attack on AI Assistants. Roy Weiss.
USENIX Security 2024. [code]
- Whisper Leak: A novel side-channel attack on remote language models. Microsoft Defender Security Research Team.
- Out-of-Distribution
- Training with Only 1.0 β° Samples: Malicious Traffic Detection via Cross-Modality Feature Fusion. Chuanpu Fu.
CCS 2025. - Training Robust Classifiers for Classfiying Encrypted Traffic under Dynamic Network Conditions. Yuqi Qing.
CCS 2025. - Towards Context-Aware Traffic Classification via Time-Wavelet Fusion Network. Ziming Zhao.
KDD 2025. - SnifferDog: Comprehensively Learning Heterogeneous Features of Network Traffic to Identify Malicious Flows. Xi Luo.
TIFS 2025. - Respond to Change with Constancy: Instruction-tuning with LLM for Non-I.I.D. Network Traffic Classification. Xinjie Lin.
TIFS 2025. - FG-SAT: Efficient Flow Graph for Encrypted Traffic Classification under Environment Shifts. Susu Cui.
TIFS 2025. - Facing Anomalies Head-On: Network Traffic Anomaly Detection via Uncertainty-Inspired Inter-Sample Differences. Xinglin Lian.
WWW 2025. - CD-Net: Robust mobile traffic classification against apps updating. Yanan Chen.
ComSec 2025. - Zero-relabelling mobile-app identification over drifted encrypted network traffic. Minghao Jiang.
Computer Networks 2023. - Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation. Dongqi Han.
NDSS 2023. [code] - Accurate mobile-app fingerprinting using flow-level relationship with graph neural networks. Minghao Jiang.
Computer Networks 2022. - CADE: Detecting and Explaining Concept Drift Samples for Security Applications. Dongqi Han.
USENIX Security 2021. [code]
- Training with Only 1.0 β° Samples: Malicious Traffic Detection via Cross-Modality Feature Fusion. Chuanpu Fu.
- Few-shot/Zero-shot
- Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. Yuqi Qing.
NDSS 2024. [code] - CETP: A Novel Semi-Supervised Framework Based on Contrastive Pre-Training for Imbalanced Encrypted Traffic Classification. Xinjie Lin.
Computers & Security (ComSec) 2024. - Few-shot encrypted traffic classification via multi-task representation enhanced meta-learning. Chen Yang.
Computer Networks 2023. - Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam.
CCS 2019. [code] (N-shot Learning)
- Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. Yuqi Qing.
- Open-set
- Reliable Open-Set Network Traο¬c Classification. Xueman Wang.
TIFS 2025. - TrafficGPT: An LLM Approach for Open-Set Encrypted Traffic Classification. Yasod Ginige.
AINTEC 2024. [code] - Knowing the unknowns: Network traffic detection with open-set semi-supervised learning. Rui Chen.
Computer Networks 2024. - Identifying malicious traffic under concept drift based on intraclass consistency enhanced variational autoencoder. Xiang Luo.
SCIENCE CHINA Information Sciences (SCIS) 2024. - Robust open-set classification for encrypted traffic fingerprinting. Thilini Dahanayaka.
Computer Networks 2023. - Autonomous Unknown-Application Filtering and Labeling for DL-based Traffic Classifier Update. Jielun Zhang.
INFOCOM 2020
- Reliable Open-Set Network Traο¬c Classification. Xueman Wang.
- Defense and Adversarial Techniques
- A Hard-Label Black-Box Evasion Attack against ML-based Malicious Traffic Detection Systems. Zixuan Liu.
NDSS 2026. [code] - Robustness Matters: Pre-Training Can Enhance the Performance of Encrypted Traffic Analysis. Luming Yang.
TIFS 2025.[code] - CertTA: Certified Robustness Made Practical for Learning-Based Traffic Analysis. Jinzhu Yan.
USENIX Security 2025. [code] [Zenodo] - AdvTG: An Adversarial Traffic Generation Framework to Deceive DL-Based Malicious Traffic Detection Models. Peishuai Sun.
WWW 2025. [code] - TrafCL: Robust Encrypted Malicious Traffic Detection via Contrastive Learning. Xiaodu Yang.
CIKM 2024. - MCRe: A Unified Framework for Handling Malicious Traffic With Noise Labels Based on Multidimensional Constraint Representation. Qingjun Yuan.
TIFS 2024. - Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization. Meng Shen.
S&P 2024. - Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples. Blake Hayden.
ACM Transactions on Privacy and Security (TOPS) 2024. - BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems. Kai Wang.
NDSS 2023. - Prism: Real-Time Privacy Protection Against Temporal Network Traffic Analyzers. Wenhao Li.
TIFS 2023. - Subverting Website Fingerprinting Defenses with Robust Traffic Representation. Meng Shen.
USENIX Security 2023. - Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation. Renjie Xie.
USENIX Security 2023. [code]
- A Hard-Label Black-Box Evasion Attack against ML-based Malicious Traffic Detection Systems. Zixuan Liu.
- Explanatory Analysis
- The Sweet Danger of Sugar: Debunking Representation Learning for Encrypted Traffic Classification. Yuqi Zhao.
SIGCOMM 2025. [code] - Explainable Anomaly Detection in Network Traffic Using Normalizing Flows. Lior Shafir.
ToN 2025. - Understanding Web Fingerprinting with a Protocol-Centric Approach. Bogdan Cebere.
RAID 2024. [code] - GEAD: Rules Refine the Riddle: Global Explanation for Deep Learning-Based Anomaly Detection in Security Applications. Dongqi Han.
CCS 2024. [code] - Towards Real-Time Intrusion Detection with Explainable AI-Based Detector. Wenhao Li.
CCS Poster 2024. - xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses. Feng Wei.
USENIX Security 2023. [code] - Towards Understanding Alerts raised by Unsupervised Network Intrusion Detection Systems. Maxime Lanvin.
RAID 2023. - AI/ML for Network Security: The Emperor has no Clothes. Arthur S. Jacobs.
CCS 2022. [code]
- The Sweet Danger of Sugar: Debunking Representation Learning for Encrypted Traffic Classification. Yuqi Zhao.
- Web-FTP: A Feature Transferring-Based Pre-Trained Model for Web Attack Detection. Zhenyu Guo.
TKDE 2025. - Less is More: Simplifying Network Traffic Classification Leveraging RFCs. Nimesha Wickramasinghe.
WWW 2025. - Leo: Online ML-based Traffic Classification at Multi-Terabit Line Rate. Syed Usman Jafri.
NSDI 2024. [code] - Brain-on-Switch: Towards Advanced Intelligent Network Data Plane via NN-Driven Traffic Analysis at Line-Speed. Jinzhu Yan.
NSDI 2024. [code] - LINC: Enabling Low-Resource In-network Classification and Incremental Model Update. Haolin Yan.
ICNP 2024. [code] - IIsy: Hybrid In-Network Classification Using Programmable Switches. Changgang Zheng.
ToN 2024. [code] - Recursive Multi-Tree Construction With Efficient Rule Sifting for Packet Classification on FPGA. Yao Xin.
ToN 2024. [code] - NetVigil: Robust and Low-Cost Anomaly Detection for East-West Data Center Security. Kevin Hsieh.
NSDI 2024. [code] - RIDS: Towards Advanced IDS via RNN Model and Programmable Switches Co-Designed Approaches. Ziming Zhao.
INFOCOM 2024. [code] - Genos: General In-Network Unsupervised Intrusion Detection by Rule Extraction. Ruoyu Li.
INFOCOM 2024. - HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong.
USENIX Security 2023. [code] - Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis. Chuanpu Fu.
NDSS 2023. [code] - Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. Yisroel Mirsky.
NDSS 2018. [code]
- Domain Name System
- A Worldwide View on the Reachability of Encrypted DNS Services. Ruixuan Li.
WWW 2024. - Investigating Deployment Issues of DNS Root Server Instances from a China-wide View. Fenglu Zhang.
IEEE Transactions on Dependable and Secure Computing (TDSC) 2024.
- A Worldwide View on the Reachability of Encrypted DNS Services. Ruixuan Li.
- Privacy and Security
- Enhanced Dynamics of IP Allocation: Fine-Grained IP Geolocation via Temporal-Spatial Correlation. Yiyang Huang.
IEEE Transactions on Networking (ToN) 2025. [code] - Mapping the unseen: Robust IP geolocation through the lens of uncertainty quantification. Xueting Liu.
Computer Networks 2025. - Privacy protection of Chinaβs top websites: A Multi-layer privacy measurement via network behaviours and privacy policies. Xinjie Lin.
ComSec 2022. - Towards IP-based Geolocation via Fine-grained and Stable Webcam Landmarks. Zhihao Wang.
WWW 2020. - Server-Side Traffic Analysis Reveals Mobile Location Information over the Internet. Keen Sung.
IEEE Transactions on Mobile Computing 2018.
- Enhanced Dynamics of IP Allocation: Fine-Grained IP Geolocation via Temporal-Spatial Correlation. Yiyang Huang.
- IPv6
- IPv6 Prefix Target Generation through Pattern and Distribution Learning using Vision-Transformer and Guided-Diffusion. Yaochen Ren.
INFOCOM 2025. - 6GAN: IPv6 Multi-Pattern Target Generation via Generative Adversarial Nets with Reinforcement Learning. Tianyu Cui.
INFOCOM 2021. [code] - SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network. Tianyu Cui.
USENIX Security 2021. [code] - 6VecLM: Language Modeling in Vector Space for IPv6 Target Generation. Tianyu Cui.
ECML/PKDD 2020. [code]
- IPv6 Prefix Target Generation through Pattern and Distribution Learning using Vision-Transformer and Guided-Diffusion. Yaochen Ren.
- Quality of Service
- Network Traffic Statistical Upper Limit Prediction From Flow Features for Traffic Fluctuations. Erina Takeshita.
ToN 2025.
- Network Traffic Statistical Upper Limit Prediction From Flow Features for Traffic Fluctuations. Erina Takeshita.
Chinese Academy of Sciences, University of Chinese Academy of Sciences/China
- Gang Xiong (Institute of Information Engineering)
- Kai Chen (Institute of Information Engineering)
- Qixu Liu (Institute of Information Engineering)
- Guozhu Meng (Institute of Information Engineering)
- Qingyun Liu (Institute of Information Engineering)
- Zhigang Lu (Institute of Information Engineering)
- Xiaodong Li (Institute of Computing Technology)
- Zhenyu Li (Institute of Computing Technology)
- Yujun Zhang (Institute of Computing Technology)
- Yuqing Zhang (School of Computer Science and Technology)
Tsinghua University/China
Zhejiang University/China
Harbin Institute of Technology/China
Beijing University of Posts and Telecommunications/China
Beijing Institute of Technology/China
Beihang University/China
Xi'an Jiaotong University/China
Shanghai Jiao Tong University/China
Fudan University/China
- Min Yang
- Mi Zhang (Whitzard AI Team)
- Yuan Zhang
Beijing University of Posts and Telecommunications/China
Others
- Guang Cheng (Southeast University/China)
- Fengwei Zhang (Southern University of Science and Technology/China)
- Qian Wang (Wuhan University/China)
- Shuguang Cui (The Chinese University of Hong Kong/China)
- Feng Li (Shandong University/China)
- Zhihong Tian (Guangzhou University)
Overseas
- Xuemin (Sherman) Shen (University of Waterloo/Canada)
- Xiaofeng Wang (Indiana University Bloomington/United States)
- Tao Wang (Simon Fraser University/Canada)
- Ivan Martinovic (University of Oxford/United Kingdom)
- Amir Houmansadr (University of Massachusetts Amherst/United States)
- Giuseppe Aceto (University Federico II of Naples/Italy)
- Antonio Pescapè (University Federico II of Naples/Italy)
- Verdoliva Luisa (University Federico II of Naples/Italy)
- Thorsten Holz (CISPA Helmholtz Center for Information Security/Germany)
- Mohammad Saidur Rahman (University of Texas at El Paso/United States)
- Yue Zhang (Drexel University/United States)
- Xinyu Xing (Northwestern University/United States)
- Yang Liu (Nanyang Technological University/Singapore)
- Alessandro Finamore (Huawei Technologies/France)
- Thijs van Ede (University of Twente/Netherlands)
- Idilio Drago (University of Turin/Italy)
- Arash Shaghaghi (University of New South Wales/Australia)
- Wenbo Guo (University of California, Santa Barbara/United States)
- Arpit Gupta (University of California, Santa Barbara/United States)
- PacketScope
- flowcontainer
- traffic_classification_utils
- scapy
- wireshark
- Tshark
- pyshark
- Cisco Talos
- Joy
- Proxifier
- traffic_classification_utils
- Website-Fingerprinting-Library (WFlib)
- NTC-Enigma
- CICFlowMeter
Version 2.0
March 22, 2025
- Welcome to the New Contributors from UCAS, BIT, SEU, GZHU, UNSW!
- The content is presented with a clearer structure and style.
- Fixed some errors.
Version 1.0
April 15, 2022
- Welcome to the Ph.Ds from IIE,CAS.
Thanks goes to these wonderful people!