7th International Workshop on Traffic Measurements for Cybersecurity
(WTMC 2022)

co-located with
7th IEEE European Symposium on Security and Privacy

logo logo_sandp logo_COMSOC

Genoa, Italy
Monday, June 6, 2022

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behaviors. Understanding and measuring traffic in such networks is a difficult yet vital task for network management but recently also for cybersecurity purposes. Network traffic measuring and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats including those that exploit users’ behavior and other user’s sensitive information. On the other hand network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Recently, traffic measurements have been utilized in the area of economics of cybersecurity e.g. to assess ISP “badness” or to estimate the revenue of cybercriminals.

The aim of this workshop is to bring together the research accomplishments provided by researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interested in hearing about new research and approaches.

Topics of interest include but are not limited to:

  • Measurements for network incidents response, investigation, and evidence handling
  • Measurements of cyber attacks (e.g. DDoS, botnet, malware, and phishing campaigns)
  • Measurements for security of web-based applications and services (e.g. social networking)
  • Measurements for network anomalies detection
  • Measurements for economics of cybersecurity and privacy
  • Measurements of security and privacy for the Internet of Things
  • Measurements of Internet censorship
  • Measurement studies describing the impacts of regulations on cybersecurity and users' privacy (e.g. GDPR)
  • Network traffic analysis to discover the nature and evolution of the cybersecurity threats
  • Measurements of cyber-physical systems security
  • Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
  • Novel passive, active and hybrid measurements techniques for cybersecurity purposes
  • Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
  • Correlation of measurements across multiple layers, protocols or networks for cybersecurity purposes
  • Machine learning and data mining for analysis of network traffic measurements for cybersecurity
  • Novel approaches for large-scale measurements for cybersecurity (e.g. crowd-sourcing)
  • Novel visualization approaches to detect network attacks and other threats
  • Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
  • Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
  • Vulnerability measurements and notifications
  • Measurements for new cybersecurity settings
  • Ethical issues in measurements for cybersecurity
  • Reappraisal of previous empirical findings


Papers will be accepted based on single-blind peer review (3-4 per paper) and should contain original, high-quality work. All papers must be written in English.

Authors are invited to submit short papers (up to 4 pages +2 for appendices/references), regular papers (up to 6 pages +2 for appendices/references) and long papers (up to 10 pages +4 for appendices/references) via EasyChair. Reviewers are explicitly not expected to read the appendices while deciding whether to accept or reject the paper.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp-2022-template.zip. We recommend using LaTeX, and suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied. Then, write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Submissions failing to conform to the submission guidelines risk rejection without review.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Authors are encouraged to share developed software implementations, measurement datasets, simulation models, etc. used in articles allowing other researchers to build upon and extend current results. Authors may include a paragraph about reproducible research.

Submission page: https://easychair.org/conferences/?conf=wtmc2022

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper at the conference.

Papers accepted by the workshop will be published through IEEE Xplore in a volume accompanying the main IEEE Euro S&P conference proceedings. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and the quality of the presentation at WTMC 2022. The final decision will be made by co-chairs after the workshop.


March 27, 2022 (AoE, UTC -12) [Extended]: Paper Submission
April 14, 2022: Notification Date
April 20, 2022: Camera-Ready Paper Deadline (hard)


The workshop registration is now open. Please follow the instructions on the IEEE Euro S&P conference page here. IEEE Euro S&P WTMC workshop is a live event and authors are expected to present their work in person. Remote attendance is not supported. If you foresee any objective reasons preventing all the authors of your paper from traveling, please contact the IEEE Euro S&P General Chairs.


The 7th IEEE Euro S&P WTMC workshop will be held at the Grand Hotel Savoia, Via Arsenale di Terra, 5, Genova, Italy. Detailed venue information can be found here.

Time zone: Central European Summer Time (CEST)
9:00-9:15 Opening Remarks
9:15-10:15 Keynote: "The Unreasonable Effectiveness of Word Embeddings in Learning from Categorical Network Data: NLP Applications to Network Security and Beyond," Zied Ben Houidi, Principal Engineer in Network AI at HUAWEI Technologies
10:15-10:45 Coffee Break
10:45-12:30 Session I: Network Measurement for Security
"Got Sick and Tracked: Privacy Analysis of Hospital Websites," X. Yu, N. Samarasinghe, M. Mannan, A. Youssef
"SRv6: Is There Anybody Out There?," V. Pădurean, O. Gasser, R. Bush, A. Feldmann
"Temporal Analysis of X.509 Revocations and their Statuses," A. Halim, M. Danielsson, M. Arlitt, N. Carlsson
"No Time for Downtime: Understanding Post-Attack Behaviors by Customers of Managed DNS Providers," M.Y.M. Haq, M. Jonker, R. van Rijswijk-Deij, kc Claffy, L.J.M. Nieuwenhuis, A. Abhishta
12:30-14:00 Lunch Break
14:00-15:00 Keynote: "5 Years in a CyberSec Startup: Lessons Learned and Challenges," Stefano Traverso, Head of Research at ERMES Intelligent Web Protection
15:00-16:15 Session II: AI for Security
"Applying Machine Learning to Use Security Oracles: a Case Study in Virus and Malware Detection," D. Preuveneers, E. Lavens, W. Joosen
"DC-VAE, Fine-grained Anomaly Detection in Multivariate Time-Series with Dilated Convolutions and Variational Auto Encoders," G. García González, S. Martinez Tagliafico, A. Fernández, G. Gómez, J. Acuña, P. Casas
"Towards NLP-based Processing of Honeypot Logs," M. Boffa, G. Milan, L. Vassio, I. Drago, M. Mellia, Z. Ben Houidi
16:15-16:45 Coffee Break
16:45-18:00 Session III: Deceiving and Characterizing Attackers in the Wild
"What Scanners do at L7? Exploring Horizontal Honeypots for Security Monitoring," T. Favale, D. Giordano, I. Drago, M. Mellia
"Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet," F. Franzen, L. Steger, P. Sattler, J. Zirngibl
"Measuring and Clustering Network Attackers using Medium-Interaction Honeypots," Z. Shamsi, D. Zhang, D. Kyoung, A. Liu
18:00-18:15 Closing Remarks

Zied Ben Houidi, Principal Engineer in Network AI at HUAWEI Technologies
Stefano Traverso, Head of Research at ERMES Intelligent Web Protection

Maciej Korczyński, Grenoble Alps University, France
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Pedro Casas, Austrian Institute of Technology, Austria


Hadi Asghari, Humboldt Institute for Internet and Society
Giovane C. M. Moura, SIDN
Luca Caviglione, CNR - IMATI
Isabelle Chrisment, Université de Lorraine
Simon Fernandez, Université Grenoble Alpes
Romain Fontugne, Internet Initiative Japan
Paweł Foremski, IITiS PAN
Jérôme François, University of Luxembourg
Carlos Gañán, ICANN
Oliver Gasser, Max Planck Institute for Informatics
Artur Janicki, Warsaw University of Technology
Jörg Keller, FernUniversität in Hagen
Igor Kotenko, SPC RAS
Christian Kraetzer, Otto-von-Guericke University Magdeburg
Victor Le Pochat, Katholieke Universiteit Leuven
Matthew Luckie, University of Waikato
Moritz Müller, SIDN and University of Twente
Arman Noroozian, University of Amsterdam
Yevheniya Nosyk, Université Grenoble Alpes
Philippe Owezarski, LAAS-CNRS
Davy Preuveneers, Katholieke Universiteit Leuven
Ramin Sadre, Université catholique de Louvain
Oleksii Starov, Palo Alto Networks
Ewa Syta, Yale University
Samaneh Tajalizadehkhoob, ICANN
Rajat Tandon, USC
Tom Van Goethem, Katholieke Universiteit Leuven
Thomas Vissers, Cloudflare
Nur Zincir-Heywood, Dalhousie University




WTMC 2021 at IEEE S&P, Virtual Event
WTMC 2020 at IEEE Euro S&P, Virtual Event
WTMC 2019 at IEEE S&P, San Francisco, California, USA
WTMC 2018 at ACM SIGCOMM Budapest, Hungary
WTMC 2017 at IEEE S&P, San Jose, California, USA
WTMC 2016 at ACM ASIACCS, Xi'an, China

Contact WTMC 2022 chairs using this email address: wtmc2022@easychair.org.