5th International Workshop on Traffic Measurements for Cybersecurity
(WTMC 2020)

co-located with
5th IEEE European Symposium on Security and Privacy

logo logo_sandp logo_COMSOC

Virtual Workshop
September 7, 2020
Important news


The 2020 IEEE European Symposium on Security and Privacy and all other co-located workshops are being rescheduled to September 7-11. IEEE has been monitoring the developing COVID-19. The safety and well-being of IEEE European Symposium on Security and Privacy 2020 conference participants is our priority. After studying and evaluating the announcements, guidance, and news released by relevant national departments, we are rescheduling the workshop date from June 15, 2020, to September 7, 2020, as well as paper submission, notification, and camera-ready paper deadlines (see the details below). Thank you for your understanding.


Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP “badness” or to estimate the revenue of cybercriminals.

The aim of this workshop is to bring together the research accomplishments provided by researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interested in hearing about new research and approaches.

Topics of interest include but are not limited to:

  • Measurements for network incidents response, investigation, and evidence handling
  • Measurements of cyber attacks (e.g. DDoS, botnet, malware, and phishing campaigns)
  • Measurements for security of web-based applications and services (e.g. social networking)
  • Measurements for network anomalies detection
  • Measurements for economics of cybersecurity and privacy
  • Measurements of security and privacy for the Internet of Things
  • Measurements of Internet censorship
  • Measurement studies describing the impacts of regulations on cybersecurity and users' privacy (e.g. GDPR)
  • Network traffic analysis to discover the nature and evolution of the cybersecurity threats
  • Measurements of cyber-physical systems security
  • Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
  • Novel passive, active and hybrid measurements techniques for cybersecurity purposes
  • Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
  • Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
  • Machine learning and data mining for analysis of network traffic measurements for cybersecurity
  • Novel approaches for large-scale measurements for cybersecurity (e.g. crowd-sourcing)
  • Novel visualization approaches to detect network attacks and other threats
  • Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
  • Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
  • Vulnerability notifications
  • Measurements for new cybersecurity settings
  • Ethical issues in measurements for cybersecurity
  • Reappraisal of previous empirical findings


Papers will be accepted based on peer review (3-4 per paper) and should contain original, high-quality work. All papers must be written in English.

Authors are invited to submit regular papers (maximum 10 pages) and short papers (maximum 6 pages) including references and appendices via EasyChair. Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp-2020-template.zip. We suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied, and then write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Authors are encouraged to share developed software implementations, measurement datasets, simulation models, etc. used in articles allowing other researchers to build upon and extend current results. Authors may include a paragraph about reproducible research.

Submission page: https://easychair.org/conferences/?conf=wtmc2020

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper at the conference.

Papers accepted by the workshop will be published through IEEE Xplore in a volume accompanying the main IEEE EuroS&P conference proceedings. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and the quality of the presentation at WTMC 2020. The final decision will be made by co-chairs after the workshop.


May 11, 2020 (AoE, UTC -12, firm deadline): Paper Submission
June 10, 2020: Notification Date
June 24, 2020: Camera-Ready Paper Deadline (firm)

The workshop registration is now open. Please follow the instructions on the IEEE EuroS&P conference page here.

WTMC will offer several workshop registration waivers supported by the Grenoble Alpes Cybersecurity Institute (https://cybersecurity.univ-grenoble-alpes.fr/) to the students who will be presenting their work at the workshop as well as WTMC attendees. To obtain a registration waiver, please send an email to wtmc2020@easychair.org by September 3 (AoE). Your application must include your correct e-mail address and a short personal statement (1 or 2 paragraphs) that includes information that the applicant feels is relevant to support their case, i.e. why the workshop attendance is important to the applicant's development.


The 5th WTMC workshop will be held as a virtual workshop. More details are to be provided soon.

13:55-14:00 Opening remarks
14:00-15:00 Session 1: Measurements for Web Security (Session Chair: Giovane Moura, SIDN Labs, Netherlands)
Keynote: Tom Van Goethem (KU Leuven). Towards Robust Web Security Measurements
Yuji Sakurai, Takuya Watanabe, Tetsuya Okuda, Mitsuaki Akiyama and Tatsuya Mori. Discovering HTTPSified Phishing Websites Using the TLS Certificates Footprints
Wissem Soussi, Maciej Korczyński, Sourena Maroofi, Andrzej Duda. Feasibility of Large-Scale Vulnerability Notifications after GDPR
15:00-15:30 Break
15:30-16:30 Session 2: DNS Security Measurements (Session Chair: Maciej Korczyński, Grenoble Alps University, France)
Raffaele Sommese, Mattijs Jonker, Roland van Rijswijk-Deij, Alberto Dainotti, Kimberly Claffy and Anna Sperotto. The Forgotten Side of DNS: Orphan and Abandoned Records
Olivier van der Toorn, Roland van Rijswijk-Deij, Tobias Fiebig, Martina Lindorfer and Anna Sperotto. On Finding Security Issues in DNS TXT Records
Giovane C. M. Moura, Cristian Hesselman, Gerald Schaapman, Nick Boerman and Octavia de Weert. Into the DDoS Maelstrom: A Longitudinal Study of a Scrubbing Service
Ramin Yazdani, Olivier van der Toorn and Anna Sperotto. A Case of Identity: Detection of Suspicious IDN Homograph Domains Using Active DNS Measurements
16:30-17:00 Break
17:00-18:00 Session 3: Measurements of Network Attacks (Session Chair: Carlos Gañán, ICANN, Netherlands)
Laetitia Leichtnam, Eric Totel, Nicolas Prigent and Ludovic Mé. Forensic Analysis of Network Attacks: Restructuring Security Events as Graphs and Identifying Strongly Connected Sub-graphs
Pavol Mulinka, Kensuke Fukuda, Pedro Casas and Lukas Kencl. WhatsThat? On the Usage of Hierarchical Clustering for Unsupervised Detection & Interpretation of Network Attacks
Stéphane Mocanu and Jean-Marc Thiriet. Experimental study of performance and vulnerabilities of IEC 61850 process bus communications on HSR networks
Emeline Marechal and Benoit Donnet. Network Fingerprinting: Routers under Attack
18:00-18:10 Closing Remarks


pv Tom Van Goethem, University of Leuven, Belgium

Title: Towards Robust Web Security Measurements


Interference with users’ online activities is on the rise, through behaviors that range from censorship and surveillance to content injection, traffic throttling, and violations of net neutrality. Reliably investigating interference requires new frameworks for measuring and interpreting network behavior. Understanding these complex phenomena requires longitudinal studies, observation from multiple vantage points, the ability to reverse engineer network traffic, and even application-specific techniques. In this talk, I will describe my efforts to design and build scalable, statistically robust measurement systems that use novel side channels to remotely infer network- and application-layer content filtering at global (Internet-wide) scale. My lab has deployed these systems in Censored Planet, a service that continuously monitors global Internet censorship and publishes semiweekly datasets about the availability of thousands of sensitive websites across more than 180 countries.

Short Bio

Tom is a researcher at the DistriNet group at the University of Leuven, where he works on understanding various technical and operational aspects of the Web and its many different ecosystems. By analyzing complex systems for vulnerabilities and their susceptibility to side-channel attacks, Tom and his fellow group members aim to increase insights in novel security issues. Furthermore, through large-scale analyses we try to better estimate the impact and prevalence of widespread security and privacy issues.

Maciej Korczyński, Grenoble Alps University, France
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Pedro Casas, AIT, Austria
Christian Rossow, Saarland University, Germany
Roya Ensafi, University of Michigan, USA
Kensuke Fukuda, National Institute of Informatics, Japan
Aiko Pras, University of Twente, Netherlands


Hadi Asghari, Delft University of Technology, Netherlands
Giovane C. M. Moura, SIDN Labs, Netherlands
Alvaro Cardenas, The University of Texas at Dallas, USA
Luca Caviglione, CNR - IMATI, Italy
Richard Clayton, University of Cambridge, UK
Simone Ferlin, Ericsson research, Sweeden
Romain Fontugne, Internet Initiative Japan, Japan
Paweł Foremski, IITiS PAN / Farsight Security Inc, Poland
Carlos Gañán, ICANN, Netherlands
Oliver Gasser, Max Planck Institute for Informatics, Germany
Mehmet Gunes, Stevens Institute of Technology, USA
Ralph Holz, The University of Sydney, Australia
Artur Janicki, Warsaw University of Technology, Poland
Christian Keil, DFN-CERT, Germany
Jörg Keller, FernUniversität in Hagen, Germany
Igor Kotenko, SPIIRAS, Russia
Christian Kraetzer, Otto-von-Guericke University Magdeburg, Germany
Jean-Francois Lalande, Centrale Supélec, France
Qasim Lone, Delft University of Technology, Netherlands
Matthew Luckie, University of Waikato, New Zealand
Vinnie Monaco, Naval Postgraduate School, USA
Arman Noroozian, Delft University of Technology, Netherlands
Philippe Owezarski, LAAS-CNRS, France
Davy Preuveneers, Katholieke Universiteit Leuven, Belgium
José Jair Santanna, University of Twente, Netherlands
Anna Sperotto, University of Twente, Netherlands
Oleksii Starov, Palo Alto Networks, USA
Ewa Syta, Yale University, USA
Samaneh Tajalizadehkhoob, ICANN, USA
Hui Tian, National Huaqiao University, China
Guillaume Urvoy-Keller, Université de Nice Sophia-Antipolis, France
Tom van Goethem Katholieke Universiteit Leuven, Belgium
Roland van Rijswijk-Deij, University of Twente, Netherlands
Thomas Vissers, Cloudflare, USA
Steffen Wendzel, Fraunhofer FKIE, Germany
Katsunari Yoshioka, Yokohama National University, Japan
Nur Zincir-Heywood, Dalhousie University, Canada





We are grateful to our supporters who will help us make WTMC'20 a great event.

WTMC 2019 at IEEE S&P, San Francisco, California, USA
WTMC 2018 at ACM SIGCOMM Budapest, Hungary
WTMC 2017 at IEEE S&P, San Jose, California, USA
WTMC 2016 at ACM ASIACCS, Xi'an, China

Contact WTMC 2020 chairs using this email address: wtmc2020@easychair.org.