This paper introduces an active traffic analysis method (NATA) and a deep learning framework (BM-Net) to demonstrate that bandwidth perturbations can be used by an adversary to correlate and de-anonym…

TrafficMoE proposes a Disentangle-Filter-Aggregate (DFA) framework using sparse Mixture-of-Experts to improve encrypted traffic classification by separating header and payload features and adaptively…

This paper proposes a two-stage machine learning system that accurately detects I2P traffic and subsequently classifies it as data exfiltration or legitimate activity, achieving high accuracy in both…

This paper analyzes darknet traffic to characterize advanced, AI-assisted bot reconnaissance, finding that modern evasion techniques allow most bot traffic to bypass standard IDS thresholds.

The paper proposes Shaperd, a real-time traffic shaper designed to enhance the resilience of fully encrypted protocols against censorship by allowing users to generate traffic flows with customizable…

The paper proposes Mean MAE (MMAE), a novel self-supervised pre-training framework that uses flow mixing and teacher-student distillation to improve encrypted traffic classification by capturing multi…

AEGIS introduces a novel physics-based system that analyzes encrypted network traffic flow dynamics, achieving state-of-the-art zero-day evasion detection with high accuracy and low latency.

MambaNetBurst introduces a compact, tokenizer-free byte-level classifier using a Mamba-2 backbone to achieve strong network traffic classification without requiring pre-training or complex data prepro…

The paper proposes FreeUp, a frequency-decoupled framework that improves encrypted network anomaly detection by separately modeling and fusing low- and high-frequency components of traffic data.

NetSecBed is a container-native, scenario-oriented testbed designed to generate reproducible and auditable network traffic evidence and execution artifacts for complex cybersecurity research.

This paper systematically analyzes the threat posed by malicious third-party API routers in the LLM supply chain, finding that a significant number of routers actively perform payload injection, crede…

The paper investigates using Convolutional Neural Networks (CNNs) for deanonymizing I2P traffic patterns, but concludes that the proposed methods do not compromise the network's anonymity guarantees.

This paper systematically identifies and demonstrates multiple session manipulation attacks against VPN connection tracking frameworks, revealing widespread vulnerabilities in popular VPN services.

The paper proposes SATA, a semantics-aware traffic augmentation framework, to significantly improve the generalization of website fingerprinting models by addressing variability in resource compositio…

Analyzing 10 days of global internet traffic from a network telescope reveals that a small fraction of source IPs dominate traffic, with a notable focus on exploiting legacy IoT devices via Telnet por…

The paper introduces Map Reduce Graph (MRG), an unsupervised method that automatically models and secures HTTP REST APIs by learning their structure from real-world traffic, achieving high accuracy an…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper analyzes persistent TLS misconfigurations and introduces TLSGatekeeper, a high-performance, network-based tool that enforces security policies by monitoring TLS handshakes without requiring…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…