A curation of awesome papers, datasets and tools about network traffic analysis.
- SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses
S&P 2023[paper] - SoK: Pragmatic Assessment of Machine Learning for Network Intrusion Detection,
EuroS&P 2023[paper] [code]
- TrafficFormer: An Efficient Pre-trained Model for Traffic Data,
S&P 2025[paper] [code] - NetMamba: Efficient Network Traffic Classification via Pre-training Unidirectional Mamba,
ICNP 2024[paper] [code] - PTU: Pre-trained Model for Network Traffic Understanding,
ICNP 2024 - TrafficGPT: Breaking the Token Barrier for Efficient Long Traffic Analysis and Generation,
arxiv 2024[paper] - Lens: A Foundation Model for Network Traffic in Cybersecurity,
arxiv 2024[paper] - Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic Classification,
RAID 2023[paper] [code] - Yet Another Traffc Classifer: A Masked Autoencoder Based Traffc Transformer with Multi-Level Flow Representation,
AAAI 2023[paper] [code] - ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification,
WWW 2022[paper][code] - PERT: Payload Encoding Representation from Transformer for Encrypted Traffic Classification,
ITU 2020[paper]
- TFE-GNN: A Temporal Fusion Encoder Using Graph Neural Networks for Fine-grained Encrypted Trafic Classification,
WWW 2023[paper] [code] - AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN,
WWW 2023[paper] [code] - Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation,
Security 2023[paper] [code] - Encrypted Malware Traffic Detection via Graph-based Network Analysis,
RAID 2022[paper] - Packet Representation Learning for Traffic Classification,
KDD 2022[paper] [code] - MT-FlowFormer: A Semi-Supervised Flow Transformer for Encrypted Traffic Classification,
KDD 2022[paper] - Accurate Decentralized Application Identification via Encrypted Traffic Analysis Using Graph Neural Networks,
TIFS 2021[paper] - FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic,
NDSS 2020[paper] [code] - FS-Net: A Flow Sequence Network For Encrypted Traffic Classification,
Infocom 2019[paper] [code] - Robust Smartphone App Identification via Encrypted Network Traffic Analysis,
TIFS 2018[paper] [code]
- Leo: Online ML-based Traffic Classification at Multi-Terabit Line Rate,
NSDI 2024[paper] [code] - Brain-on-Switch: Towards Advanced Intelligent Network Data Plane via NN-Driven Traffic Analysis at Line-Speed,
NSDI 2024[paper] [code] - LINC: Enabling Low-Resource In-network Classification and Incremental Model Update,
ICNP 2024 - IIsy: Hybrid In-Network Classification Using Programmable Switches,
ToN 2024[paper] [code] - Recursive Multi-Tree Construction With Efficient Rule Sifting for Packet Classification on FPGA,
ToN 2024[paper] [code]
- NetDiffusion: Network Data Augmentation Through Protocol-Constrained Traffic Generation,
SIGMETRICS 2023[paper] [code] - Datacenter Network Deserves Be!er Traffic Models,
Hotnets 2023[paper] - Practical GAN-based synthetic IP header trace generation using NetShare,
SIGCOMM 2022[paper] [code] - Locality Matters! Traffic Demand Modeling in Datacenter Networks,
APNET 2022[paper]
- Trident: A Universal Framework for Fine-Grained and Class-Incremental Unknown Traffic Detection,
WWW 2024[paper] [code] - ContraMTD: An Unsupervised Malicious Network Traffic Detection Method based on Contrastive Learning,
WWW 2024[paper] - Mateen: Adaptive Ensemble Learning for Network Anomaly Detection,
RAID 2024[paper] [code] - ReCDA: Concept Drift Adaptation with Representation Enhancement for Network Intrusion Detection,
KDD 2024[paper] - Proteus: A Difficulty-aware Deep Learning Framework for Real-time Malicious Traffic Detection,
ICNP 2024 - SPIDER: A Semi-Supervised Continual Learning-based Network Intrusion Detection System,
Infocom 2024[paper] - AOC-IDS: Autonomous Online Framework with Contrastive Learning for Intrusion Detection,
Infocom 2024[paper] [code] - Relative Frequency-Rank Encoding for Unsupervised Network Anomaly Detection,
ToN 2024[paper] - FOSS: Towards Fine-Grained Unknown Class Detection Against the Open-Set Attack Spectrum With Variable Legitimate Traffic,
ToN 2024[paper] - TMG-GAN: Generative Adversarial Networks-Based Imbalanced Learning for Network Intrusion Detection,
ToN 2024[paper] - RFG-HELAD: A Robust Fine-Grained Network Traffic Anomaly Detection Model Based on Heterogeneous Ensemble Learning,
TIFS 2024[paper] - ProGen: Projection-Based Adversarial Attack Generation Against Network Intrusion Detection,
TIFS 2024[paper] - Online Self-Supervised Deep Learning for Intrusion Detection Systems,
TIFS 2024[paper] - K-GetNID: Knowledge-Guided Graphs for Early and Transferable Network Intrusion Detection,
TIFS 2024[paper] - ECNet: Robust Malicious Network Traffic Detection With Multi-View Feature and Confidence Mechanism,
TIFS 2024[paper] - ProGraph: Robust Network Traffic Identification With Graph Propagation,
ToN 2023[paper] - Augmented Memory Replay-based Continual Learning Approaches for Network Intrusion Detection,
NeurIPS 2023[paper] - Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms,
CCS 2023[paper] - FARE: Enabling Fine-grained Attack Categorization under Low-quality Labeled Data,
NDSS 2021[paper] - Throwing Darts in the Dark? Detecting Bots with Limited Data using Neural Data Augmentation,
S&P 2020[paper]
- NetVigil: Robust and Low-Cost Anomaly Detection for East-West Data Center Security,
NSDI 2024[paper] [code] - RIDS: Towards Advanced IDS via RNN Model and Programmable Switches Co-Designed Approaches,
Infocom 2024[paper] [code] - Genos: General In-Network Unsupervised Intrusion Detection by Rule Extraction,
Infocom 2024[paper] - HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches,
Security 2023[paper] [code] - Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis,
NDSS 2023[paper] [code] - Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection,
NDSS 2018[paper] [code]
- Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic,
NDSS 2024[paper] [code] - BARS: Local Robustness Certification for Deep Learning based Traffic Analysis Systems,
NDSS 2023[paper] [code] - Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation,
NDSS 2023[paper] [code] - CADE: Detecting and Explaining Concept Drift Samples for Security Applications,
Security 2021[paper] [code]
- xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses,
Security 2023[paper] [code] - Towards Understanding Alerts raised by Unsupervised Network
Intrusion Detection Systems,
RAID 2023[paper] - AI/ML for Network Security: The Emperor has no Clothes,
CCS 2022[paper] [code]
TBD