4th International Workshop on Traffic Measurements for Cybersecurity
(WTMC 2019)

co-located with
40th IEEE Symposium on Security and Privacy

logo logo_sandp logo_COMSOC

San Francisco, California
Thursday, May 23, 2019

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP “badness” or to estimate the revenue of cyber criminals.

The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches.

Topics of interest include, but are not limited to:

  • Measurements for network incidents response, investigation and evidence handling
  • Measurements of cyber attacks (e.g. DDoS, botnet, malware and phishing campaigns)
  • Measurements for security of web-based applications and services (e.g., social networking)
  • Measurements for network anomalies detection
  • Measurements for economics of cybersecurity and privacy
  • Measurements of security and privacy for the Internet of Things
  • Network traffic analysis to discover the nature and evolution of the cybersecurity threats
  • Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
  • Novel passive, active and hybrid measurements techniques for cybersecurity purposes
  • Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
  • Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
  • Machine learning and data mining for analysis of network traffic measurements for cybersecurity
  • Novel approaches for large-scale measurements for cybersecurity (e.g. crowd-sourcing)
  • Novel visualization approaches to detect network attacks and other threats
  • Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
  • Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
  • Vulnerability notifications
  • Measurements for new cybersecurity settings
  • Ethical issues in measurements for cybersecurity
  • Reappraisal of previous empirical findings


Papers will be accepted based on peer review (3-4 per paper) and should contain original, high quality work. All papers must be written in English.

Authors are invited to submit regular papers (maximum 6 pages) via EasyChair. Papers must be formatted for US letter (not A4) size paper. The text must be formatted in a two-column layout, with columns no more than 9.5 in. tall and 3.5 in. wide. The text must be in Times font, 10-point or larger, with 11-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates. LaTeX submissions should use IEEEtran.cls version 1.8. Failure to adhere to the page limit and formatting requirements will be grounds for rejection.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Authors are encouraged to share developed software implementations, measurement datasets, simulation models, etc. used in articles allowing other researchers to build upon and extend current results. Authors may include a paragraph about reproducible research.

Submission page: https://easychair.org/conferences/?conf=wtmc2019

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference.

Papers accepted by the workshop will be published in the Conference Proceedings published by IEEE Computer Society Press. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and quality of the presentation at WTMC 2019. The final decision will be made by co-chairs after the workshop.


January 25, 2019 (AoE, UTC -12, EXTENDED): Regular Paper Submission
February 23, 2019: Notification Date
March 18, 2019: Camera-Ready Paper Deadline

Registration is now open (early registration by April 19, 2019, 11:59pm PDT)!
The 4th WTMC workshop will be held at the Hyatt Regency, San Francisco, California.
7:30-8:30 Breakfast
8:50-9:00 Opening remarks
9:00-10:15 Keynote: Manos Antonakakis (Georgia Institute of Technology, USA)
10:15-10:45 Coffee break
10:45-12:30 Session 1: Measurements for DNS Security
Victor Le Pochat, Tom Van Goethem and Wouter Joosen. A Smörgåsbord of Typos: Exploring International Keyboard Layout Typosquatting
Marcin Skwarek, Maciej Korczyński, Wojciech Mazurczyk and Andrzej Duda. Characterizing Vulnerability of DNS AXFR Transfers with Global-Scale Scanning
Thomas Vissers, Peter Janssen, Wouter Joosen and Lieven Desmet. Assessing the Effectiveness of Domain Blacklisting Against Malicious DNS Registrations
Oliver Farnan, Joss Wright and Alexander Darer. Analysing Censorship Circumvention with VPNs via DNS Cache Snooping
12:30-13:30 Lunch
13:30-14:30 Keynote: Roya Ensafi (University of Michigan, USA)
14:30-15:20 Session 2: Measurements for Web Security
Vinnie Monaco. Feasibility of a Keystroke Timing Attack on Search Engines with Autocomplete
Oleksii Starov, Yuchen Zhou and Jun Wang. Detecting malicious campaigns in obfuscated JavaScript with scalable behavioral analysis
15:20-15:45 Mid-afternoon Break
15:45-17:30 Session 3: Measurements for Network Security
Alexander Vetterl, Richard Clayton and Ian Walden. Counting Outdated Honeypots: Legal and Useful
Pedro Casas, Gonzalo Marín, Germán Capdehourat and Maciej Korczyński. MLSEC - Benchmarking Shallow and Deep Machine Learning Models for Network Security
Kelvin Mai, Xi Qin, Neil Ortiz Silva and Alvaro A. Cardenas. IEC-60870-5-104 Network Characterization of a Large-Scale Operational Power Grid
Abhishta Abhishta, Marianne Junger, Reinoud Joosten and Lambert J. M. Nieuwenhuis. Victim Routine Influences the Number of DDoS Attacks: Evidence from Dutch Educational Network
17:30-17:45 Closing Remarks and Distinguished Paper Award
Manos Antonakakis, Georgia Institute of Technology, USA
Roya Ensafi, University of Michigan, USA
Maciej Korczyński, Grenoble Institute of Technology, France
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Pedro Casas, AIT, Austria
kc Claffy, CAIDA, USA
Aiko Pras, University of Twente, Netherlands
Kensuke Fukuda, National Institute of Informatics, Japan


Hadi Asghari, Delft University of Technology, Netherlands
Elias Bou-Harb, National Cyber Forensics and Traning Alliance and FAU, USA
Giovane C. M. Moura, SIDN Labs, Netherlands
Luca Caviglione, CNR - ISSIA, Italy
Eric Chan-Tin, Loyola University Chicago, USA
Richard Clayton, University of Cambridge, UK
Amogh Dhamdhere, CAIDA/UCSD, USA
Simone Ferlin, Ericsson Research, Sweden
Romain Fontugne, Internet Initiative Japan (IIJ), Japan
Paweł Foremski, Farsight Security and Polish Academy of Sciences, Poland
Oliver Gasser, Technical University of Munich, Germany
Mehmet Gunes, University of Nevada, USA
Carlos H. Gañán, Delft University of Technology, Netherlands
Amir Houmansadr, The University of Texas at Austin, USA
Artur Janicki, Warsaw University of Technology, Poland
Mobin Javed, ICSI, USA/LUMS, Pakistan
Christian Keil, DFN-CERT, Germany
Jörg Keller, Fern Universität in Hagen, Germany
Igor Kotenko, SPIIRAS, Russia
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Jean-Francois Lalande, CentraleSupélec, France
Matthew Luckie, University of Waikato, New Zealand
Jelena Mirkovic, USC Information Sciences Institute, USA
Vinnie Monaci, Naval Postgraduate School, USA
Tyler Moore, University of Tulsa, USA
Philippe Owezarski, LAAS-CNRS, France
Franck Rousseau, Grenoble Institute of Technology, France
Ramin Sadre, KU Louvain, Belgium
Quirin Scheitle, Technical University of Munich, Germany
Anna Sperotto, University of Twente, Netherlands
Stephen Strowes, RIPE NCC, Netherlands
Ewa Syta, Yale University, USA
Hu Tian, National Huaqiao University, China
Guillaume Urvoy-Keller, Université de Nice Sophia-Antipolis, France
Jeroen van der Ham, National Cyber Security Center, Netherlands
Tom van Goethem, KU Leuven, Belgium
Roland van Rijswijk-Deij, University of Twente and NLnet Labs, Netherlands
Steffen Wendzel, Worms University of Applied Sciences and Fraunhofer FKIE, Germany
Katsunari Yoshioka, Yokohama National University, Japan
Nur Zincir-Heywood, Dalhousie University, Canada

WTMC 2018 at ACM SIGCOMM Budapest, Hungary
WTMC 2017 at IEEE S&P, San Jose, California, USA
WTMC 2016 at ACM ASIACCS, Xi'an, China

Contact WTMC 2019 chairs using this email address: wtmc2019@easychair.org.