2nd International Workshop on Traffic Measurements for Cybersecurity
(WTMC 2017)

co-located with
38th IEEE Symposium on Security and Privacy

logo logo_sandp logo_COMSOC

San Jose, California
May 25, 2017

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP “badness” or to estimate the revenue of cyber criminals.

The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interesting in hearing about new research and approaches.

Topics of interest include, but are not limited to:

  • Measurements for network incidents response, investigation and evidence handling
  • Measurements for network anomalies detection
  • Measurements for economics of cybersecurity
  • Network traffic analysis to discover the nature and evolution of the cybersecurity threats
  • Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
  • Novel passive, active and hybrid measurements techniques for cybersecurity purposes
  • Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
  • Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
  • Novel visualization approaches to detect network attacks and other threats
  • Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
  • Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
  • Measurements related to network security and privacy
  • Ethical issues in measurements for cybersecurity


Papers will be accepted based on peer review (3 per paper) and should contain original, high quality work. All papers must be written in English.

Authors are invited to submit regular papers (maximum 6 pages) via EasyChair. Papers must be formatted for US letter (not A4) size paper with margins of at least 3/4 inch on all sides. The text must be formatted in a two-column layout, with columns no more than 9” high and 3.375” wide. The text must be in Times font, 10-point or larger, with 12-point or larger line spacing. Authors are encouraged to use the IEEE conference proceedings templates found here: Manuscript Template. Failure to adhere to the page limit and formatting requirements will be grounds for rejection.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Submission page: https://easychair.org/conferences/?conf=wtmc2017

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper in the conference.

Papers accepted by the workshop will be published in the Conference Proceedings published by IEEE Computer Society Press. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed) or EURASIP Journal on Information Security (confirmed). The decision will depend on the quality of the paper and quality of the presentation at WTMC 2017. The final decision will be made by co-chairs after the workshop.


January 22, 2017 (EXTENDED): Regular Paper Submission
February 15, 2017: Notification Date
March 20, 2017 (No extensions): Camera-Ready Paper Deadline

Registration is now open (early pricing ends by 21st April)!
The 2nd WTMC workshop will be held at the Fairmont Hotel, San Jose, California.
7:30-8:30 Breakfast
8:50-9:00 Opening remarks
9:00-10:00 Keynote: Erin Kenneally (Homeland Security Advanced Research Projects Agency) Title: “Assailing the Systems of Our Limitations: A Sampling of R&D Approaches at DHS Cyber Security Division”
10:15-10:45 Coffee break
10:45-12:30 Session 1. Chair: Maciej Korczyński (Delft University of Technology)
Jeroen van der Ham. Ethics and Internet Measurements
Khalid Shahbar and A. Nur Zincir-Heywood. Effects of Shared Bandwidth on Anonymity of the I2P Network Users
Oliver Gasser, Quirin Scheitle, Carl Denis, Nadja Schricker and Georg Carle. Security Implications of Publicly Reachable Building Automation Systems
12:30-13:30 Lunch
13:30-15:15 Session 2. Chair: Jeroen van der Ham (National Cyber Security Center, the Netherlands)
Stefan Prandl, Mihai Lazarescu, Sie Teng Soh, Duc Son Pham and Subhash Kak. An Investigation of Power Law Probability Distributions for Network Anomaly Detection
Aarthi Reddy, Meredith Ordway-West, Melissa Lee, Matt Dugan, Joshua Whitney, Ronen Kahana, Brad Ford, Johan Muedsam, Austin Henslee and Max Rao. Using Gaussian Mixture Models to Detect Outliers in Seasonal Univariate Network Traffic
Aonan Zhai, Fei Xu, Zigang Cao, Haiqing Pan, Zhen Li and Gang Xiong. Real Time Network File Similarity Detection Based on Approximate Matching
15:15-15:45 Mid-afternoon Break
15:45-17:15 Session 3. Chair: Oliver Gasser (Technical University of Munich)
Paul Prasse, Lukas Machlika, Tomas Pevny and Tobias Scheffer. Malware Detection by Analysing Network Traffic with LSTMs
Kinan Dak Albab, Rawane Issa, Andrei Lapets, Azer Bestavros and Nikolaj Volgushev. Scalable Secure Multi-Party Network Vulnerability Analysis via Symbolic Optimization
José Camacho, Gabriel Maciá-Fernández and Pedro García-Teodoro. Traffic Monitoring and Diagnosis with Multivariate Statistical Network Monitoring: A Case Study
17:15-17:20 End and wrap up

pv Erin Kenneally (Program Manager in the Homeland Security Advanced Research Projects Agency)


“Assailing the Systems of Our Limitations: A Sampling of R&D Approaches at DHS Cyber Security Division”


Accepting that “truth” is the system of one’s limitations, what is our collective truth about the security, stability, and resilience of our systems and communications infrastructures where cyber threats are more certain and prolific than purported solutions? Take one part “Alt-Facts,” add another part “Post-Truth,” stir vigorously in a morass of “Groundhog Day” discussions of problems and solutions, and one wonders how we can move the goal posts toward effective solutions in our information economy. I will describe several programs in the Cyber Security Division at DHS Science & Technology that aim to improve our collective truths about cyber security risk and support pragmatic solutions.

The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program provides R&D-enabling infrastructure for the global cyber risk research community by coordinating and developing real world data and information sharing capabilities between and among the cyber security R&D community in academia, industry and the government. IMPACT offers a unique, distributed research data supported by a streamlined legal framework and centralized coordination. This brokering and distributed provisioning between data supply and demand addresses the operational, trust and administrative costs and challenges that impede sustainable and scalable data sharing.

In conjunction, the Cyber Risk Economic (CyRiE) program supports empirically-based measurement, modeling and evaluation of the economics of cyber threats, vulnerabilities and controls. It focuses on four dimensions: Investment, Impact, Value, and Incentives.

A satellite project addresses the ethics of ICT research-originating with the flagship Menlo and Companion Reports Companion Reports, recent efforts focus on arming researchers with a tool to identify and reason about ethical issues that may arise with their R&D. The tool, CREDS: Cyber-risk Ethics Decision Support, aims to help researchers and oversight entities enable responsible innovation.

Short Bio

Erin Kenneally is a Program Manager in the Cyber Security Division for the Homeland Security Advanced Research Projects Agency (HSARPA) at the DHS Science & Technology Directorate. Her portfolio comprises trusted data sharing, R&D infrastructure, cyber risk economics, data privacy and ICT ethics. This includes the IMPACT (Information Marketplace for Policy and Analysis of Cyber-risk and Trust) and CyRie Programs. Prior to joining CSD, Kenneally was Founder and CEO of Elchemy, Inc., and served as Technology-Law Specialist at the International Computer Science Institute (ICSI) and the Center for Internet Data Analysis (CAIDA) and Center for Evidence-based Security Research (CESR) at the University of California, San Diego. Erin is a licensed attorney specializing in information technology law, including privacy technology, data protection, trusted information sharing, technology policy, cybercrime, data ethics, and emergent IT legal risks. She holds Juris Doctorate and Masters of Forensic Sciences degrees, and is a graduate of Syracuse University and The George Washington University.

Maciej Korczyński, Delft University of Technology, The Netherlands
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Katsunari Yoshioka, Yokohama National University, Japan
Michel van Eeten, Delft University of Technology, The Netherlands
Engin Kirda, Northeastern University, USA


Tomasz Andrysiak, UTP Bydgoszcz, Poland
Hadi Asghari, Delft University of Technology, Netherlands
Elias Bou-Harb, National Cyber Forensics and Traning Alliance & Florida Atlantic University, Canada
Giovane C. M. Moura, SIDN, Netherlands
Pedro Casas, Austrian Institute of Technology, Austria
Luca Caviglione, CNR ISSIA, Italy
Eric Chan-Tin, Oklahoma State University, USA
Michal Choras, ITTI Ltd., Poland
Richard Clayton, University of Cambridge, UK
Andrzej Duda, Grenoble Institute of Technology, France
Romain Fontugne, Internet Initiative Japan (IIJ), Japan
Pawel Foremski, Institute of Theoretical and Applied Informatics, Polish Academy of Sciences, Poland
Kensuke Fukuda, National Institute of Informatics, Japan
Zeno Geradts, Netherlands Forensic Institute, Netherlands
Carlos H. Gañán, Delft University of Technology, Netherlands
Amir Houmansadr, The University of Texas at Austin, USA
Artur Janicki, Warsaw University of Technology, Poland
Bartosz Jasiul, Military Communication Institute, Poland
Christian Keil, DFN-CERT Services GmbH, Germany
Joerg Keller, FernUniversitaet in Hagen, Germany
Igor Kotenko, SPIIRAS, Russia
Zbigniew Kotulski, Warsaw University of Technology, Poland
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Jean-Francois Lalande, INSA Centre Val de Loire, France
Matthew Luckie, University of Waikato, New Zealand
Tyler Moore, University of Tulsa, USA
Philippe Owezarski, LAAS-CNRS, France
Giancarlo Pellegrino, Saarland University, Germany
Pedro Luis Prospero Sanchez, University of Sao Paulo, Brazil
William Robertson, Northeastern University, USA
Johnson Thomas, Oklahoma State University, USA
Hui Tian, National Huaqiao University, China
Guillaume Urvoy-Keller, Université de Nice Sophia-Antipolis, France
Jeroen van der Ham, National Cyber Security Centrum (NCSC), Netherlands
Roland van Rijswijk – Deij, Surfnet/University of Twente, Netherlands
Zachary Weinberg, Carnegie Mellon University, USA
Steffen Wendzel, Fraunhofer FKIE, Germany
Yang Xiao, The University of Alabama, USA


WTMC 2016


Contact WTMC 2017 chairs using this email address: chairs@wtmc.info.