GETA is a protocol-agnostic framework that analyzes encrypted network traffic using only metadata, achieving state-of-the-art performance across diverse tasks without needing large labeled datasets.

immUNITY is a system that enhances network security by combining programmable switches and SmartNICs to efficiently detect and mitigate low-volume and slow network attacks.

AEGIS introduces a novel physics-based system that analyzes encrypted network traffic flow dynamics, achieving state-of-the-art zero-day evasion detection with high accuracy and low latency.

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

NetSecBed is a container-native, scenario-oriented testbed designed to generate reproducible and auditable network traffic evidence and execution artifacts for complex cybersecurity research.

The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

This paper introduces an active traffic analysis method (NATA) and a deep learning framework (BM-Net) to demonstrate that bandwidth perturbations can be used by an adversary to correlate and de-anonym…

EdgeDetect is a communication-efficient and privacy-preserving federated intrusion detection system that uses gradient binarization and homomorphic encryption to significantly reduce bandwidth usage w…

This paper analyzes Bitcoin's new V2 P2P transport protocol, demonstrating that while it fixes known vulnerabilities, attackers can still execute conceptual attacks like message identification via pay…

The paper proposes HSTS-Enforced, a new web security model that flips the default connection from HTTP to HTTPS, eliminating TLS stripping attacks while allowing sites to opt out if they genuinely req…

ML Defender (aRGus NDR) is an open-source, embedded Machine Learning Network Intrusion Detection System (NIDS) that achieves superior detection rates for botnet and anomalous traffic on resource-const…

The paper proposes a quantum-resilient session-key establishment scheme that fragments a new key across multiple, independently encrypted Tor circuits, requiring an adversary to compromise many circui…

The paper proposes a federated, high-throughput stream-processing framework for cross-sector threat detection and automated containment, achieving end-to-end operational convergence within 12-20 secon…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

The paper introduces AICCE, an AI-driven engine that uses generative systems and dual-architecture reasoning to accurately verify IPv6 compliance, overcoming the limitations of traditional rule-based…

The paper identifies and demonstrates the existence of a covert sublayer, called the Exclusive Network, within the I2P anonymous network, which allows nodes to host services without being discoverable…

The paper introduces R$^2$A, an adversarial attack that uses suffix optimization to mislead black-box LLM routers into consistently selecting expensive, high-capability models.

The paper introduces CAT, a novel coverage-guided fuzzing tool that overcomes the limitations of existing fuzzers for complex, multi-object cryptographic repositories like RPKI, leading to the discove…