A survey on encrypted network traffic analysis applications, techniques, and countermeasures
E Papadogiannaki, S Ioannidis - ACM Computing Surveys (CSUR), 2021 - dl.acm.org
The adoption of network traffic encryption is continually growing. Popular applications use
encryption protocols to secure communications and protect the privacy of users. In addition …
encryption protocols to secure communications and protect the privacy of users. In addition …
CRUSOE: A toolset for cyber situational awareness and decision support in incident handling
The growing size and complexity of today's computer network make it hard to achieve and
maintain so-called cyber situational awareness, ie, the ability to perceive and comprehend …
maintain so-called cyber situational awareness, ie, the ability to perceive and comprehend …
[HTML][HTML] Passive operating system fingerprinting revisited: Evaluation and current challenges
Fingerprinting a host's operating system is a very common yet precarious task in network,
asset, and vulnerability management. Estimating the operating system via network traffic …
asset, and vulnerability management. Estimating the operating system via network traffic …
Cactus: Obfuscating Bidirectional Encrypted TCP Traffic at Client Side
As the mainstream encrypted protocols adopt TCP protocol to ensure lossless data
transmissions, the privacy of encrypted TCP traffic becomes a significant focus for …
transmissions, the privacy of encrypted TCP traffic becomes a significant focus for …
Towards a data-driven recommender system for handling ransomware and similar incidents
M Husák - 2021 IEEE International Conference on Intelligence …, 2021 - ieeexplore.ieee.org
Effective triage is of utmost importance for cybersecurity incident response, namely in
handling ransomware or similar incidents in which the attacker may use self-propagating …
handling ransomware or similar incidents in which the attacker may use self-propagating …
Characterizing User Platforms for Video Streaming in Broadband Networks
Internet Service Providers (ISPs) bear the brunt of being the first port of call for poor video
streaming experience. ISPs can benefit from knowing the user's device type (eg, Android …
streaming experience. ISPs can benefit from knowing the user's device type (eg, Android …
Device Tracking via {Linux's} New {TCP} Source Port Selection Algorithm
We describe a tracking technique for Linux devices, exploiting a new TCP source port
generation mechanism recently introduced to the Linux kernel. This mechanism is based on …
generation mechanism recently introduced to the Linux kernel. This mechanism is based on …
Network fingerprinting via timing attacks and defense in software defined networks
Abstract Software-Defined Networking (SDN) is becoming a native networking model for
next generation networks. However, with its decoupled architecture, SDN is susceptible to …
next generation networks. However, with its decoupled architecture, SDN is susceptible to …
Fingerprinting the Shadows: Unmasking Malicious Servers with Machine Learning-Powered TLS Analysis
A Theofanous, E Papadogiannaki, A Shevtsov… - Proceedings of the …, 2024 - dl.acm.org
Over the last few years, the adoption of encryption in network traffic has been constantly
increasing. The percentage of encrypted communications worldwide is estimated to exceed …
increasing. The percentage of encrypted communications worldwide is estimated to exceed …
System for continuous collection of contextual information for network security management and incident handling
In this paper, we describe a system for the continuous collection of data for the needs of
network security management. When a cybersecurity incident occurs in the network, the …
network security management. When a cybersecurity incident occurs in the network, the …