International Workshop on Traffic Measurements for Cybersecurity (WTMC 2023)

Delft, The Netherlands
Friday, July 7, 2023

Overview

Current communication networks are increasingly becoming pervasive, complex, and ever-evolving due to factors like enormous growth in the number of network users, continuous appearance of network applications, increasing amount of data transferred, and diversity of user behavior. Understanding and measuring traffic in such networks is a challenging yet vital task for network management but recently also for cybersecurity purposes. Network traffic measurement and monitoring can, for example, enable the analysis of the spreading of malicious software and its capabilities or can help to understand the nature of various network threats, including those that exploit user's behavior and other user's sensitive information. On the other hand, network traffic investigation can also help to assess the effectiveness of the existing countermeasures or contribute to building new, better ones. Traffic measurements have been utilized in the area of economics of cybersecurity e.g., to assess ISP “badness” or to estimate the revenue of cybercriminals. Recent research has focused on measurements of fake news and the interplay between misinformation and user engagement in news postings using different online platforms.

The WTMC workshop aims to bring together the research accomplishments provided by researchers from academia and the industry. The other goal is to show the latest research results in the field of cybersecurity and understand how traffic measurements can influence it. We encourage prospective authors to submit related distinguished research papers on the subject of both theoretical approaches and practical case reviews. This workshop presents some of the most relevant ongoing research in cybersecurity seen from the traffic measurements perspective.

The workshop will be accessible to both non-experts interested in learning about this area and experts interested in hearing about new research and approaches.

Topics of interest include but are not limited to:

Measurements for network incidents response, investigation, and evidence handling
Measurements of cyber attacks (e.g., DDoS, botnet, malware, and phishing campaigns)
Measurements for the security of web-based applications and services (e.g., social networking)
Measurements for network anomalies detection
Measurements for the economics of cybersecurity and privacy
Measurements of security and privacy for the Internet of Things
Measurements of Internet censorship
Measurements of trends in the diffusion of misinformation on social media
Measurement studies describing the impacts of regulations on cybersecurity and users' privacy (e.g., GDPR)
Network traffic analysis to discover the nature and evolution of the cybersecurity threats
Measurements of cyber-physical systems security
Measurements for assessing the effectiveness of the threats detection/prevention methods and countermeasures
Novel passive, active, and hybrid measurements techniques and tools for cybersecurity purposes
Traffic classification and topology discovery tools for monitoring the evolving status of the network from the cybersecurity perspective
Correlation of measurements across multiple layers, protocols, or networks for cybersecurity purposes
Machine learning and data mining for analysis of network traffic measurements for cybersecurity
Novel approaches for large-scale measurements for cybersecurity (e.g., crowd-sourcing)
Novel visualization approaches to detect network attacks and other threats
Analysis of network traffic to provide new insights about network structure and behavior from the security perspective
Measurements of network protocol and applications behavior and its impact on cybersecurity and users' privacy
Vulnerability measurements and notifications
Measurements for new cybersecurity settings
Ethical issues in measurements for cybersecurity
Reappraisal of previous empirical findings

SUBMISSIONS

Papers will be accepted based on single-blind peer review (3-4 per paper) and should contain original, high-quality work. All papers must be written in English.

Authors are invited to submit short papers (up to 4 pages +2 for appendices/references), regular papers (up to 6 pages +2 for appendices/references), and long papers (up to 10 pages +4 for appendices/references) via EasyChair. Reviewers are explicitly not expected to read the appendices while deciding whether to accept or reject the paper.

Papers must be typeset in LaTeX in A4 format (not "US Letter") using the IEEE conference proceeding template we supply eurosp2023-template.zip. We recommend using LaTeX, and suggest you first compile the supplied LaTeX source as is, checking that you obtain the same PDF as the one supplied. Then, write your paper into the LaTeX template, replacing the boilerplate text. Please do not use other IEEE templates. Failure to adhere to the page limit and formatting requirements can be grounds for rejection.

Submissions must be in Portable Document Format (.pdf). Authors should pay special attention to unusual fonts, images, and figures that might create problems for reviewers. Your document should render correctly in Adobe Reader XI and when printed in black and white.

Submissions failing to conform to the submission guidelines risk rejection without review.

Papers describing cybersecurity measurement studies should include an ethical considerations paragraph, and where applicable reach out to their institutional ethics committee or institutional review board. For guidance see the Menlo Report and its companion document.

Authors are encouraged to share developed software implementations, measurement datasets, simulation models, etc. used in articles allowing other researchers to build upon and extend current results. Authors may include a paragraph about reproducible research.

Submission page: https://easychair.org/conferences/?conf=wtmc2023

Submission of a paper implies that should the paper be accepted, at least one of the authors will register and present the paper at the conference.

Papers accepted by the workshop will be published through IEEE Xplore in a volume accompanying the main IEEE Euro S&P conference proceedings. The extended versions of all accepted papers will be considered for publication in a special issue of the Journal of Cyber Security and Mobility (confirmed). The decision will depend on the quality of the paper and the quality of the presentation at WTMC 2023. The final decision will be made by co-chairs after the workshop.

IMPORTANT DATES

March 31, 2023 (AoE, UTC -12) [Extended]: Paper Submission
May 8, 2023: Notification Date
May 24, 2023: Camera-Ready Paper Deadline

WORKSHOP REGISTRATION

The workshop registration is now open. Please follow the instructions on the IEEE Euro S&P conference page here. IEEE Euro S&P WTMC workshop is a live event and authors are expected to present their work in person. Remote attendance is not supported.

VENUE

The 8th IEEE Euro S&P WTMC workshop will be held at TU Delft ECHO, Van Mourik Broekmanweg 5, 2628 XE Delft. Detailed venue information can be found here.

PROGRAM

Time zone: Central European Summer Time (CEST)

9:00-9:15	Opening Remarks
9:15-10:30	Keynote: "DNS: Unveiling the Critical Link in Internet Security and Exploring Diverse Use Cases" [PDF], Giovane Moura (SIDN Labs/TU Delft):
10:30-11:00	Coffee Break
11:00-12:30	Session I: AI and Privacy (Session Chair: Tom Van Goethem, KU Leuven, Belgium)
	"Fake it till you Detect it: Continual Anomaly Detection in Multivariate Time-Series using Generative AI," Gastón García González, Pedro Casas and Alicia Fernández
	"Lost in Translation: AI-based Generator of Cross-Language Sound-squatting," Rodolfo Valentim, Idilio Drago, Federico Cerutti and Marco Mellia
	"TLS → Post-Quantum TLS: Inspecting the TLS landscape for PQC adoption on Android," Dimitri Mankowski, Thom Wiggers and Veelasha Moonsamy
	"Detecting and Analyzing Mouse Tracking in the Wild," [SHORT] Marcel Urpí-Bricollé, Ismael Castell-Uroz and Pere Barlet-Ros
12:30-13:30	Lunch Break
13:30-15:00	Session II: Protocol Measurements for Security (Session Chair: Samaneh Tajalizadehkhoob, ICANN, the Netherlands)
	"Identifying and Differentiating Acknowledged Scanners in Network Traffic," Michael Collins, Alefiya Hussain and Stephen Schwab
	"Towards more rigorous domain-based metrics: quantifying the prevalence and implications of "Active" Domains," Siôn Lloyd, Carlos Gañán and Samaneh Tajalizadehkhoob
	"Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns," Elisa Chiapponi, Marc Dacier and Olivier Thonnard
	"Revisiting OAuth 2.0 Compliance: A Two-Year Follow-Up Study," [SHORT] Pieter Philippaerts, Davy Preuveneers and Wouter Joosen
15:00-15:30	Coffee Break
15:30-17:00	Session III: DNS Security Measurements and Analysis (Session Chair: Carlos Gañán, TU Delft, the Netherlands)
	"Unveiling the Weak Links: Exploring DNS Infrastructure Vulnerabilities and Fortifying Defenses," Yevheniya Nosyk, Olivier Hureau, Simon Fernandez, Andrzej Duda and Maciej Korczyński
	"Assessing Network Operator Actions to Enhance Digital Sovereignty and Strengthen Network Resilience: A Longitudinal Analysis during the Russia-Ukraine Conflict," Muhammad Yasir Muzayan Haq, Abhishta, Raffaele Sommese, Mattijs Jonker and Lambert J.M. Nieuwenhuis
	"Assessing and Exploiting Domain Name Misinformation," Blake Anderson and David McGrew
	"A First Look at SVCB and HTTPS DNS Resource Records in the Wild," [SHORT] Johannes Zirngibl, Patrick Sattler and Georg Carle
17:00	Closing Remarks

KEYNOTE

Giovane Moura, SIDN Labs and TU Delft

Title: "DNS: Unveiling the Critical Link in Internet Security and Exploring Diverse Use Cases" [PDF]

Abstract

The Domain Name System (DNS) is one of the core services on the Internet, translating domain names into IP addresses. Beyond its translation role, DNS plays a crucial part in ensuring Internet security and enabling various use cases. In this keynote, we will explore the profound connection between DNS and Internet security, examining its role in countering threats like phishing, malware, and DNS hijacking. Furthermore, we will delve into diverse applications of DNS, including content delivery optimization, load balancing, and network performance analysis. By uncovering these practical use cases, this presentation aims to emphasize the pervasive impact of DNS beyond security and underscore its versatility as a foundational technology in the digital landscape.

Short Bio

Giovane is a Data Scientist with SIDN Labs, the research arm of SIDN, the Netherland’s .nl top-level domain operator. He is also an Assisant Professor at TU Delft’s CyberSecurity group. His research focuses on bringing academic rigor to network operations, to improve performance, security and stability of networked systems.

ORGANIZING COMMITTEE

Maciej Korczyński, Grenoble Alps University, France
Wojciech Mazurczyk, Warsaw University of Technology, Poland
Pedro Casas, Austrian Institute of Technology, Austria

PROGRAM COMMITTEE

Abhishta, University of Twente
Zied Ben Houidi, Huawei Technologies Co. Ltd
Giovane C. M. Moura, SIDN Labs
Luca Caviglione, CNR - IMATI
Batyr Charyyev, University of Nevada Reno
Isabelle Chrisment, Université de Lorraine
Simon Fernandez, Université Grenoble Alpes
Romain Fontugne, Internet Initiative Japan
Paweł Foremski, IITiS PAN
Carlos Gañán, ICANN
Oliver Gasser, Max Planck Institute for Informatics
Artur Janicki, Warsaw University of Technology
Jörg Keller, FernUniversität in Hagen
Michał Król, City, University of London
Victor Le Pochat, Katholieke Universiteit Leuven
Shujun Li, University of Kent
Qasim Lone, RIPE NCC
Moritz Müller, SIDN and University of Twente
Arman Noroozian, University of Amsterdam
Yevheniya Nosyk, Université Grenoble Alpes
Philippe Owezarski, LAAS-CNRS
Davy Preuveneers, Katholieke Universiteit Leuven
Oleksii Starov, Palo Alto Networks
Ewa Syta, Yale University
Samaneh Tajalizadehkhoob, ICANN
Rajat Tandon, USC
Stefano Traverso, Ermes Cyber Security SRL
Jeroen van der Ham, NCSC-NL and University of Twente
Tom Van Goethem, Katholieke Universiteit Leuven
Thomas Vissers, Cloudflare
Thymen Wabeke, SIDN Labs
Steffen Wendzel, Worms University of Applied Sciences
Yury Zhauniarovich, Delft University of Technology
Nur Zincir-Heywood, Dalhousie University