International Workshop on Traffic Measurements for Cybersecurity (WTMC 2024)

Vienna, Austria
Monday, July 8, 2024

Overview

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behavior. Understanding and measuring traffic in such networks is a challenging yet vital task for network management but recently also for cybersecurity purposes. Network traffic measurement and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats, including those that exploit user's behavior and other user's sensitive information. On the other hand, network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Traffic measurements have been utilized in the area of economics of cybersecurity e.g., to assess ISP “badness” or to estimate the revenue of cybercriminals. Recent research has focused on measurements of fake news and the interplay between misinformation and user engagement in news postings using different online platforms.

The WTMC workshop aims to bring together the research accomplishments provided by researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interested in hearing about new research and approaches.

Topics of interest include but are not limited to:

Measurements for network incidents response, investigation, and evidence handling
Measurements of cyber attacks (e.g., DDoS, botnet, malware, and phishing campaigns)
Measurements for the security of web-based applications and services (e.g., social networking)
Measurements for network anomalies detection
Measurements for the economics of cybersecurity and privacy
Measurements of security and privacy for the Internet of Things
Measurements of Internet censorship
Measurements of trends in the diffusion of misinformation on social media
Measurement studies describing the impacts of regulations on cybersecurity and users' privacy (e.g., GDPR)
Network traffic analysis to discover the nature and evolution of the cybersecurity threats
Measurements of cyber-physical systems security
Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
Novel passive, active, and hybrid measurements techniques and tools for cybersecurity purposes
Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
Correlation of measurements across multiple layers, protocols, or networks for cybersecurity purposes
Machine learning and data mining for analysis of network traffic measurements for cybersecurity
Novel approaches for large-scale measurements for cybersecurity (e.g., crowd-sourcing)
Novel visualization approaches to detect network attacks and other threats
Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
Vulnerability measurements and notifications
Measurements for new cybersecurity settings
Ethical issues in measurements for cybersecurity
Reappraisal of previous empirical findings

SUBMISSIONS

Papers will be accepted based on single-blind peer review (3-4 per paper) and should contain original, high-quality work. All papers must be written in English.

Authors are invited to submit short papers (up to 4 pages +2 for appendices/references), regular papers (up to 6 pages +2 for appendices/references), and long papers (up to 10 pages +4 for appendices/references) via EasyChair. Reviewers are explicitly not expected to read the appendices while deciding whether to accept or reject the paper.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp2023-template.zip. We recommend using LaTeX, and suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied. Then, write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Submissions failing to conform to the submission guidelines risk rejection without review.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Authors are encouraged to share developed software implementations, measurement datasets, simulation models, etc. used in articles allowing other researchers to build upon and extend current results. Authors may include a paragraph about reproducible research.

Submission page: https://easychair.org/conferences/?conf=wtmc2024

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper at the conference.

Papers accepted by the workshop will be published through IEEE Xplore in a volume accompanying the main IEEE Euro S&P conference proceedings. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and the quality of the presentation at WTMC 2024. The final decision will be made by co-chairs after the workshop.

IMPORTANT DATES

March 24, 2024 (AoE, UTC -12) [Firm]: Paper Submission
April 30, 2024: Notification Date
May 15, 2024: Camera-Ready Paper Deadline

WORKSHOP REGISTRATION

The workshop registration is now open. Please follow the instructions on the IEEE Euro S&P conference page here. IEEE Euro S&P WTMC workshop is a live event and authors are expected to present their work in person. Remote attendance is not supported.

VENUE

The 9th IEEE Euro S&P WTMC workshop will be held at the University of Vienna. Lecture halls are located at the Faculty for Computer Science, Währinger Straße 29, 1090 Vienna. WTMC will run at ROOM-4. Detailed venue information can be found here.

PROGRAM

Time zone: Central European Summer Time (CEST)

9:00-9:15	Opening Remarks
09:15-10:15	Keynote: "Bridging Research and Product Development to Detect Novel Threats on all Levels", Stefan Achleitner (Dynatrace)
10:15-10:45	Coffee Break
10:45-12:30	Session I: AI/ML in Network Security
	"On the Quest for Foundation Generative-AI Models for Anomaly Detection in Time-Series Data", by Gastón García González, Pedro Casas, Emilio Martinez and Alicia Fernandez
	"On Explainable Stacking Models based on Complementary Traffic Embeddings", by Luca Gioacchini, Welton Santos, Bárbara Lopes, Idilio Drago, Marco Mellia, Jussara Almeida and Marcos André Gonçalves
	"A Tale of Two Methods: Unveiling the limitations of GAN and the Rise of Bayesian Networks for Synthetic Network Traffic Generation", by Adrien Schoen, Gregory Blanc, Pierre-François Gimenez, Yufei Han, Frédéric Majorczyk and Ludovic Mé
	"Dynamic Cluster Analysis to Detect and Track Novelty in Network Telescopes", by Kai Huang, Luca Gioacchini, Marco Mellia and Luca Vassio
12:30-13:30	Lunch Break
13:30-15:15	Session II: Internet Security
	"An Internet-wide View on HTTPS Certificate Revocations: Observing the Revival of CRLs via Active TLS Scans", by Markus Sosnowski, Johannes Zirngibl, Patrick Sattler, Juliane Aulbach, Jonas Lang and Georg Carle
	"Are you sure you want to do Coordinated Vulnerability Disclosure?", by Ting-Han Chen, Jeroen van der Ham, Carlotta Tagliaro, Martina Lindorfer and Kevin Borgolte
	"A first look into Utiq: Next-generation cookies at the ISP level" [SHORT], by Ismael Castell-Uroz and Pere Barlet-Ros
	"Optimal Flow Collector Placement In Experimental Networks" [SHORT], by Ganesh Chennimalai Sankaran, Mukund Raghothaman and Michael Collins
15:15-15:45	Coffee Break
15:45-17:15	Session III: Network Security Data Analysis
	"Improving Synthetic Network Attack Traffic Generation", by Abdirisaq Farah, Martin Nielsen and Emmanouil Vasilomanolakis
	"Measuring the Complexity of Benchmark NIDS Datasets via Spectral Analysis", by Robert Flood and David Aspinall
	"Measuring Malware Detection Capability for Security Decision Making", by Muhammad Yasir Muzayan Haq, Abhishta Abhishta, Sander Zeijlemaker, Annette Chau, Michael Siegel and L.J.M. Nieuwenhuis
17:15	Closing Remarks

KEYNOTE

Stefan Achleitner, Dynatrace

Title:"Bridging Research and Product Development to Detect Novel Threats on all Levels"

Abstract

Detection of threats on the network and in cloud environments is an ever challenging task for researchers in academia as well as industry. This talk will discuss a number of real world examples where research prototypes were successfully applied to find novel cyber threats impacting millions of users. A special focus will be put on the challenges to transform a research prototype into a security product feature deployed on a large scale. From android applications sniffing sensitive data, to exploitable CVEs the whole world thought are fixed (but were actually not), we will dive into examples of detected threats with early stage research prototypes.

Bio

Stefan has been working in the field of cyber-security for more than a decade. He obtained his PhD from the Pennsylvania State University, where he focused his research on network security. He published multiple academic papers in top venues, won the ACM best student paper award for his work on SDN security and is an inventor of numerous patents in the field of cyber threat detection. After graduating, he joined Palo Alto Networks and led research on multiple projects involving the application of artificial intelligence for detecting novel types of cyber-attacks on the network. In his current role at Dynatrace, Stefan leads the research for cloud native security and threat intelligence. He is enthusiastic about creating new and innovative prototypes in the field of cybersecurity and helping to transform them into successful products for early detection and prevention of cyber threats.

ORGANIZING COMMITTEE

Maciej Korczyński, Grenoble Alps University, France
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Pedro Casas, Austrian Institute of Technology, Austria

PROGRAM COMMITTEE

Abhishta, University of Twente
Onur Ascigil, Lancaster University
Leonhard Balduf, Technical University of Darmstadt
Giovane C. M. Moura, SIDN/Delft University of Technology
Luca Caviglione, CNR - IMATI
Batyr Charyyev, University of Nevada Reno
Isabelle Chrisment, Université de Lorraine
Simon Fernandez, Université Grenoble Alpes
Romain Fontugne, Internet Initiative Japan
Paweł Foremski, IITiS PAN/DomainTools
Carlos Gañán, Delft University of Technology/ICANN
Olivier Hureau, Université Grenoble Alpes
Michał Król, City, University of London
Sachin Kumar Singh, University of Utah
Victor Le Pochat, KU Leuven
Qasim Lone, RIPE NCC
Johan Mazel, ANSSI
Moritz Müller, SIDN Labs/University of Twente
Yevheniya Nosyk, Université Grenoble Alpes
Philippe Owezarski, LAAS-CNRS
Nabeel Mohamed, Palo Alto Networks
Davy Preuveneers, KU Leuven
Ewa Syta, Yale University
Samaneh Tajalizadehkhoob, ICANN
Rajat Tandon, Juniper Networks, Inc
Jeroen van der Ham, University of Twente
Tom Van Goethem, KU Leuven/Google
Steffen Wendzel, Worms University of Applied Sciences
Ramin Yazdani, University of Twente
Yury Zhauniarovich, Delft University of Technology