This paper proposes a two-stage machine learning system that accurately detects I2P traffic and subsequently classifies it as data exfiltration or legitimate activity, achieving high accuracy in both…

The paper identifies and demonstrates the existence of a covert sublayer, called the Exclusive Network, within the I2P anonymous network, which allows nodes to host services without being discoverable…

This study analyzed I2P's routing topology and found no significant evidence that peer selection is influenced by geographic location, suggesting highly random global mixing.

This paper introduces an active traffic analysis method (NATA) and a deep learning framework (BM-Net) to demonstrate that bandwidth perturbations can be used by an adversary to correlate and de-anonym…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

This paper proposes a comprehensive framework for network intrusion detection using unified multi-modal datasets and evaluates advanced adversarial learning methods for generating high-fidelity synthe…

GETA is a protocol-agnostic framework that analyzes encrypted network traffic using only metadata, achieving state-of-the-art performance across diverse tasks without needing large labeled datasets.

This paper evaluates a novel black-box adversarial attack to demonstrate the vulnerability of ML-based IoT Intrusion Detection Systems (IDS) and proposes a robust defense mechanism to mitigate these e…

The paper proposes NTSSL, a novel semi-supervised method that combines network traffic analysis and transaction clustering to significantly improve the deanonymization of Bitcoin transactions.

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

NetVAD proposes a novel, identifier-free Variational Autoencoder that leverages frozen Foundation Models to achieve highly competitive unsupervised performance for zero-day intrusion detection.

EdgeDetect is a communication-efficient and privacy-preserving federated intrusion detection system that uses gradient binarization and homomorphic encryption to significantly reduce bandwidth usage w…

This paper proposes and evaluates a federated deep learning framework using autoencoders for lightweight, privacy-preserving, and scalable real-time anomaly detection in resource-constrained IoT netwo…

DEMUX is a novel framework that addresses the challenge of multi-tab website fingerprinting by treating the interleaved traffic as a demixing problem, achieving state-of-the-art performance in complex…

The paper evaluates AI's effectiveness in detecting network intrusions and cryptographic side-channel leakage, finding high accuracy in stable environments but performance degradation with novel traff…

TrafficMoE proposes a Disentangle-Filter-Aggregate (DFA) framework using sparse Mixture-of-Experts to improve encrypted traffic classification by separating header and payload features and adaptively…

FedFG introduces a robust federated learning framework using flow-matching generation to simultaneously enhance client privacy and defend against sophisticated poisoning attacks.

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

VeriX-Anon is a multi-layered framework that provides mathematically verifiable assurance that outsourced data anonymization (k-anonymization) was executed correctly, achieving high detection rates ag…