Encrypted Network Traffic Analysis Resources

加密流量分析相关研究资源汇总

Note:

• ⭐ Please leave a STAR if you like this project! ⭐
• If you find any incorrect / inappropriate / outdated content, please kindly consider opening an issue or a PR.
• We would greatly appreciate your contribution to this list, and you will appear in the contributors✨!

Content

• About
• Dataset
• Survey
• Network Traffic Analysis
• Measurement
• Teams
• Blogs
• Libraries and Frameworks

About

This is a current list of resources related to the research and development of encrypted traffic analysis. We comb the field for relevant representative work and related resources, and pay more attention to typical studies and research teams.

Datasets

• Canadian Institute for Cybersecurity Datasets (DNS, IDS, DoS, Darknet, Tor, VPN, Botnet, Malware)
• Information Security and Object Technology Research Lab Datasets (IoT, Botnet, Cloud Security)
• Cross-Platform (iOS and Android Apps)
• Malware Capture Facility Project (Malware)
• CSTNET-TLS 1.3 (TLS 1.3 services)
• Network-based Intrusion Detection (AWID, Botnet, CIC DoS, CICIDS, CIDDS, CTU, DARPA, ISCX, IRSC)
• MobileTraffic (300+ Mobile Apps)
• Itc-Net-Blend-60 (Android applications in Diverse Environments)
• Network-Flow-of-QUIC (QUIC services)
• Network Multiflow Fingerprinting Datasets (User Activities (UAV), IoT Device Identification (IDI), Intrusion Detection (ISD), Keyword Searching (KWS), Shadowsocks Website Fingerprinting (SWF))
• CTU-13 (Botnet, Malware)
• ANT Datasets (Botnet, IoT, DNS, IP Geolocation)
• LFETT2021 Dataset (Tunnel, Proxy, VPN)
• AnonProxy2023 (Anonymous, Proxy, VPN)
• DataCon2021-加密代理流量数据集 (Proxy, VPN)

Survey

• Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive Survey. Meng Shen. IEEE Communications Surveys & Tutorials 2023.
• Deep Learning for Encrypted Traffic Classification: An Overview. Shahbaz Rezaei. IEEE Communications Magazine 2019.
• Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. Fannia Pacheco. IEEE Communications Surveys & Tutorials 2019.
• Deep Learning in Mobile and Wireless Networking: A Survey. Chaoyun Zhang. IEEE Communications Surveys & Tutorials 2019.

Network Traffic Analysis

ETA with Pre-training/LLMs (Generalization, Side-channel Analysis)

• TrafficFormer: An Efficient Pre-trained Model for Traffic Data. Guangmeng Zhou. S&P 2025. [code]
• What Was Your Prompt? A Remote Keylogging Attack on AI Assistants. Roy Weiss. USENIX 2024. [code]
• CETP: A Novel Semi-Supervised Framework Based on Contrastive Pre-Training for Imbalanced Encrypted Traffic Classification. Xinjie Lin. Computers & Security (ComSec) 2024.
• A novel approach for application classification with encrypted traffic using BERT and packet headers. Jaehak Yu. Computer Networks 2024.
• Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic Classification. Zijun Hang. RAID 2023. [code]
• Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training. Xiang Li. SECON 2023.
• Yet Another Traffic Classifier: A Masked Autoencoder Based Traffic Transformer with Multi-Level Flow Representation. Ruijie Zhao. AAAI 2023. [code]
• ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. Xinjie Lin. WWW 2022. [code] [Reproduce]

ETA for Stable/Robust (Out-of-Distribution, Few-shot, Zero-shot)

• Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. Yuqi Qing. NDSS 2024. [code]
• Identifying malicious traffic under concept drift based on intraclass consistency enhanced variational autoencoder. Xiang Luo. SCIENCE CHINA Information Sciences (SCIS) 2024.
• TrafCL: Robust Encrypted Malicious Traffic Detection via Contrastive Learning. Xiaodu Yang. CIKM 2024.
• MCRe: A Unified Framework for Handling Malicious Traffic With Noise Labels Based on Multidimensional Constraint Representation. Qingjun Yuan. TIFS 2024.
• Few-shot encrypted traffic classification via multi-task representation enhanced meta-learning. Chen Yang. Computer Networks 2023.
• Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation. Renjie Xie. USENIX 2023. [code]
• Zero-relabelling mobile-app identification over drifted encrypted network traffic. Minghao Jiang. Computer Networks 2023.
• Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation. Dongqi Han. NDSS 2023. [code]
• Accurate mobile-app fingerprinting using flow-level relationship with graph neural networks. Minghao Jiang. Computer Networks 2022.
• Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam. CCS 2019. [code] (N-shot Learning)

Traditional Targets (Web, App, Malware, Gambling, User Activities, Intrusion Detection, IoT, Streaming Media)

• General
  • DE-GNN: Dual embedding with graph neural network for fine-grained encrypted traffic classification. Xinbo Han. Computer Networks 2024.
  • Towards Fine-Grained Webpage Fingerprinting at Scale. Xiyuan Zhao. CCS 2023.
  • An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting. Jian Qu. USENIX 2023. [code]
  • Classifying encrypted traffic using adaptive fingerprints with multi-level attributes. Chang Liu. WWW Journal 2021.
  • CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification (Generalization). Cong Dong. Computer Networks 2020.
  • FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. van Ede, Thijs. NDSS 2020. [code]
  • FS-Net: A Flow Sequence Network For Encrypted Traffic Classification. Chang Liu. INFOCOM 2019. [code]
  • MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints. Chang Liu. IWQoS 2018. [code]
  • AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic. Vincent F. Taylor. EuroS&P 2016. [code]
• Malicious
  • PETNet: Plaintext-aware encrypted traffic detection network for identifying Cobalt Strike HTTPS traffics. Xiaodu Yang. Computer Networks 2024. [code]
  • Early Network Intrusion Detection Enabled by Attention Mechanisms and RNNs. Taki Eddine Toufik Djaidja. TIFS 2024.
  • TMG-GAN: Generative Adversarial Networks-Based Imbalanced Learning for Network Intrusion Detection. Hongwei Ding. TIFS 2024.
  • Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms. Chuanpu Fu. CCS 2023.
  • Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis. Chuanpu Fu. NDSS 2023.
• Gambling
  • Let gambling hide nowhere: Detecting illegal mobile gambling apps via heterogeneous graph-based encrypted traffic analysis. Zheyuan Gu. Computer Networks 2024.
  • Gambling Domain Name Recognition via Certificate and Textual Analysis. GuoYing Sun. The Computer Journal 2023.
  • Analyzing Ground-Truth Data of Mobile Gambling Scams. Geng Hong. Symposium on Security and Privacy (S&P) 2022.
• IoT
  • HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong. USENIX 2023.
• Vedio (Streaming Media)
  • Breaking Through the Diversity: Encrypted Video Identification Attack Based on QUIC Features. Nan Hu. ESORICS 2024.
  • Traffic spills the beans: A robust video identification attack against YouTube. Xiyuan Zhang. ComSec 2024.
  • Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. Jiaxi Gu. IEEE INFOCOM 2018.

Defense and Adversarial Techniques

• Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization. Meng Shen. S&P 2024.
• Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples. Blake Hayden. ACM Transactions on Privacy and Security (TOPS) 2024.
• Subverting Website Fingerprinting Defenses with Robust Traffic Representation. Meng Shen. USENIX 2023.

Anonymous and VPN

• Rules Refine the Riddle: Global Explanation for Deep Learning-Based Anomaly Detection in Security Applications. DongqiHan. CCS 2024. [code]
• Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns. Chuanpu Fu. CCS 2024. [vedio]
• ProxyKiller: An Anonymous Proxy Traffic Attack Model Based on Traffic Behavior Graphs. Hongbo Xu. ESORICS 2024.
• HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories. Qingfeng Zhang. WWW 2024.
• VPNSniffer: Identifying VPN Servers Through Graph-Represented Behaviors. Chenxu Wang. WWW 2024.
• AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN. Sanghak Oh. WWW 2023.
• Transformer-based Model for Multi-tab Website Fingerprinting Attack. Zhaoxin Jin. CCS 2023.
• Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. Giovanni Cherubin. USENIX 2022.
• BAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on Tor. Zhong Guan. ACSAC 2021.
• Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. Payap Sirinam. CCS 2018. [code]

Measurement

• Domain Name System
  • A Worldwide View on the Reachability of Encrypted DNS Services. Ruixuan Li. WWW 2024.
  • Investigating Deployment Issues of DNS Root Server Instances from a China-wide View. Fenglu Zhang. IEEE Transactions on Dependable and Secure Computing (TDSC) 2024.
• Privacy and Security
  • Privacy protection of China’s top websites: A Multi-layer privacy measurement via network behaviours and privacy policies. Xinjie Lin. ComSec 2022.
• IPv6
  • 6GAN: IPv6 Multi-Pattern Target Generation via Generative Adversarial Nets with Reinforcement Learning. Tianyu Cui. INFOCOM 2021. [code]
  • SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network. Tianyu Cui. USENIX 2021. [code]
  • 6VecLM: Language Modeling in Vector Space for IPv6 Target Generation. Tianyu Cui. ECML/PKDD 2020. [code]

Teams

• Tsinghua University/China
  • Ke Xu
  • Jiahai Yang
  • Chao Zhang
  • Haixin Duan
  • Qi Li
  • Jianjun Chen
  • Dan Li
• Chinese Academy of Sciences/China
  • Gang Xiong (Institute of Information Engineering)
  • Kai Chen (Institute of Information Engineering)
  • Qingyun Liu (Institute of Information Engineering)
  • Zhenyu Li (Institute of Computing Technology)
• Beijing Institute of Technology/China
  • Liehuang Zhu
  • Meng Shen
• Xi'an Jiaotong University/China
  • Xiaohong Guan
  • Chao Shen
• Zhejiang University/China
  • Shouling Ji
  • Wenyuan Xu
  • Meng Luo
  • Kui Ren
  • Fan Zhang
• Shanghai Jiao Tong University/China
  • Guoxing Chen
  • Haojin Zhu
• Guang Cheng (Southeast University/China)
• Fengwei Zhang (Southern University of Science and Technology/China)
• Qian Wang (Wuhan University/China)
• Overseas Teams
  • Xuemin (Sherman) Shen (University of Waterloo/Canada)
  • Xiaofeng Wang (Indiana University Bloomington/United States)
  • Tao Wang (Simon Fraser University/Canada)
  • Ivan Martinovic (University of Oxford/United Kingdom)
  • Amir Houmansadr (University of Massachusetts Amherst/United States)
  • Giuseppe Aceto (Università di Napoli Federico II/Italy)
  • Thorsten Holz (CISPA Helmholtz Center for Information Security/Germany)
  • Mohammad Saidur Rahman (University of Texas at El Paso/United States)
  • Yue Zhang (Drexel University/United States)
  • Xinyu Xing (Northwestern University/United States)

Blogs

Network Traffic Knowledge

• Icoding_F2014
• Malware-Traffic-Analysis

Network Traffic Analysis Tool Manual

• Tshark
• pyshark

Tool Libraries and Frameworks

• flowcontainer
• scapy
• wireshark
• pyshark
• Cisco Talos
• Joy
• Proxifier
• traffic_classification_utils

What's New

Version 1.0

April 15, 2022

1. Welcome to the Ph.Ds from IIE,CAS.

Contributors 🌟

Thanks goes to these wonderful people!

Xinjie Lin 🎯 📝 📔

Tianyu Cui 🎯

Minghao Jiang 🎯

Zhong Guan 🎯 📝

Wei Cai 🎯

Xiyuan Zhang 🎯 📝