linwhitehat/ETA-Resource

Materials about Encrypted Traffic Analysis

Encrypted Network Traffic Analysis Resources

加密流量分析相关研究资源汇总

Note:

• ⭐ Please leave a STAR if you like this project! ⭐
• If you find any incorrect / inappropriate / outdated content, please kindly consider opening an issue or a PR.
• We would greatly appreciate your contribution to this list, and you will appear in the contributors✨!

Content

• About
• Dataset
• Survey
• Network Traffic Classification
• Measurement
• Ethereum
• Teams
• Blogs
• Libraries and Frameworks

About

This is a current list of resources related to the research and development of encrypted traffic analysis. We comb the field for relevant representative work and related resources, and pay more attention to typical studies and research teams.

Datasets

• Canadian Institute for Cybersecurity Datasets (DNS, IDS, DoS, Darknet, Tor, VPN, Botnet, Malware)
• Cross-Platform (iOS and Android Apps)
• Malware Capture Facility Project (Malware)
• CSTNET-TLS 1.3 (TLS 1.3 services)
• Network-based Intrusion Detection (AWID, Botnet, CIC DoS, CICIDS, CIDDS, CTU, DARPA, ISCX, IRSC)
• MobileTraffic (300+ Mobile Apps)
• Itc-Net-Blend-60 (Android applications in Diverse Environments)
• Network-Flow-of-QUIC (QUIC services)

Survey

• Deep Learning for Encrypted Traffic Classification: An Overview. Shahbaz Rezaei. IEEE Communications Magazine 2019.
• Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. Fannia Pacheco. IEEE Communications Surveys & Tutorials 2019.
• Deep Learning in Mobile and Wireless Networking: A Survey. Chaoyun Zhang. IEEE Communications Surveys & Tutorials 2019.

Network Traffic Classification

Traditional Target (Web, App, Malware, Gambling)

• Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms. Chuanpu Fu. CCS 2023.
• Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis. Chuanpu Fu. NDSS 2023.
• Gambling Domain Name Recognition via Certificate and Textual Analysis. GuoYing Sun. The Computer Journal 2023.
• Analyzing Ground-Truth Data of Mobile Gambling Scams. Geng Hong. Symposium on Security and Privacy(S&P) 2022.
• Classifying encrypted traffic using adaptive fingerprints with multi-level attributes. Chang Liu. WWW Journal 2021.
• CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification (Generalization). Cong Dong. Computer Networks 2020.
• FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. van Ede, Thijs. NDSS 2020. [code]
• FS-Net: A Flow Sequence Network For Encrypted Traffic Classification. Chang Liu. INFOCOM 2019. [code]
• MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints. Chang Liu. IWQoS 2018. [code]
• AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic. Vincent F. Taylor. EuroS&P 2016. [code]

Anonymous and VPN

• Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization. Meng Shen. Symposium on Security and Privacy(S&P) 2024.
• HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories. Qingfeng Zhang. WWW 2024.
• VPNSniffer: Identifying VPN Servers Through Graph-Represented Behaviors. Chenxu Wang. WWW 2024.
• Subverting Website Fingerprinting Defenses with Robust Traffic Representation. Meng Shen. USENIX 2023.
• Transformer-based Model for Multi-tab Website Fingerprinting Attack. Zhaoxin Jin. CCS 2023.
• Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. Giovanni Cherubin. Usenix Security 2022.
• BAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on Tor. Zhong Guan. ACSAC 2021.
• Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. Payap Sirinam. CCS 2018. [code]

ETA with Pre-training/LLMs (Generalization)

• CETP: A Novel Semi-Supervised Framework Based on Contrastive Pre-Training for Imbalanced Encrypted Traffic Classification. Xinjie Lin. Computers & Security 2024.
• Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training. Xiang Li. SECON 2023.
• Yet Another Traffic Classifier: A Masked Autoencoder Based Traffic Transformer with Multi-Level Flow Representation. Ruijie Zhao. AAAI 2023.
• ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. Xinjie Lin. WWW 2022. [code] [Reproduce]

ETA for Stable/Robust (Out-of-Distribution, Few-shot, Zero-shot)

• Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation. Renjie Xie. USENIX 2023.
• Zero-relabelling mobile-app identification over drifted encrypted network traffic. Minghao Jiang. Computer Networks 2023.
• Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation. Dongqi Han. NDSS 2023. [code]
• Accurate mobile-app fingerprinting using flow-level relationship with graph neural networks. Minghao Jiang. Computer Networks 2022.
• Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam. CCS 2019. [code] (N-shot Learning)

IoT

• HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong. USENIX 2023.

Vedio (Streaming Media)

• Traffic spills the beans: A robust video identification attack against YouTube. Xiyuan Zhang. Computers & Security 2024.
• Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. Jiaxi Gu. IEEE INFOCOM 2018.

Measurement

• 6GAN: IPv6 Multi-Pattern Target Generation via Generative Adversarial Nets with Reinforcement Learning. Tianyu Cui. INFOCOM 2021. [code]
• SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network. Tianyu Cui. USENIX 2021. [code]
• 6VecLM: Language Modeling in Vector Space for IPv6 Target Generation. Tianyu Cui. ECML/PKDD 2020. [code]

Ethereum

• A Flexible Sharding Blockchain Protocol Based on Cross-Shard Byzantine Fault Tolerance. Yizhong Liu. TIFS 2023.
• Secure and Scalable Cross-Domain Data Sharing in Zero-Trust Cloud-Edge-End Environment Based on Sharding Blockchain. Yizhong Liu. TDSC 2023.
• TGC: Transaction Graph Contrast Network for Ethereum Phishing Scam Detection. Sijia Li. ACSAC 2023.
• TTAGN: Temporal transaction aggregation graph network for ethereum phishing scams detection. Sijia Li. WWW 2022.

Teams

• Xiaohong Guan (Xi'an Jiaotong University/China)
• Jiahai Yang (Tsinghua University/China)
• Ke Xu (Tsinghua University/China)
• Haixin Duan (Tsinghua University/China)
• Gang Xiong (Institute of Information Engineering, Chinese Academy of Sciences/China)
• Zhenyu Li (Institute of Computing Technology, Chinese Academy of Sciences/China)
• Liehuang Zhu (Beijing Institute of Technology/China)
• Guang Cheng (Southeast University/China)
• Tao Wang (Simon Fraser University/Canada)
• Xiaofeng Wang (Indiana University Bloomington/United States)

Blogs

Network Traffic Knowledge

• Icoding_F2014
• Malware-Traffic-Analysis

Network Traffic Analysis Tool Manual

• Tshark
• pyshark

Tool Libraries and Frameworks

• flowcontainer
• scapy
• wireshark
• pyshark
• Cisco Talos
• Joy
• Proxifier
• traffic_classification_utils

What's New

Version 1.0

April 15, 2022

1. Welcome to the Ph.Ds from IIE,CAS.

Contributors 🌟

Thanks goes to these wonderful people!

Xinjie Lin 🎯 📝 📔

Tianyu Cui 🎯

Minghao Jiang 🎯

Zhong Guan 🎯 📝

Wei Cai 🎯

Xiyuan Zhang 🎯 📝