Note:
- ⭐ Please leave a STAR if you like this project! ⭐
- If you find any incorrect / inappropriate / outdated content, please kindly consider opening an issue or a PR.
- We would greatly appreciate your contribution to this list, and you will appear in the contributors✨!
- About
- Dataset & Benchmark
- Survey
- Network Traffic Analysis
- Measurement
- Teams
- Blogs
- Libraries and Frameworks
This is a current list of resources related to the research and development of encrypted traffic analysis. We comb the field for relevant representative work and related resources, and pay more attention to typical studies and research teams.
Datasets for Challenging Tasks
- Canadian Institute for Cybersecurity Datasets (DNS, IDS, DoS, Darknet, Tor, VPN, Botnet, Malware)
- Information Security and Object Technology Research Lab Datasets (IoT, Botnet, Cloud Security)
- Cross-Platform (iOS and Android Apps)
- wangknn-dataset (Tor, Websites)
- DLWF (Tor, Websites, Concept Drift, Open World)
- Malware Capture Facility Project (Malware)
- CSTNET-TLS 1.3 (TLS 1.3 services)
- Network-based Intrusion Detection (AWID, Botnet, CIC DoS, CICIDS, CIDDS, CTU, DARPA, ISCX, IRSC)
- MobileTraffic (300+ Mobile Apps)
- Itc-Net-Blend-60 (Android applications in Diverse Environments)
- Network-Flow-of-QUIC (QUIC services)
- Network Multiflow Fingerprinting Datasets (User Activities (UAV), IoT Device Identification (IDI), Intrusion Detection (ISD), Keyword Searching (KWS), Shadowsocks Website Fingerprinting (SWF))
- CTU-13 (Botnet, Malware)
- ANT Datasets (Botnet, IoT, DNS, IP Geolocation)
- LFETT2021 Dataset (Tunnel, Proxy, VPN)
- AnonProxy2023 (Anonymous, Proxy, VPN)
- DataCon2021-Encrypted Proxy (Proxy, VPN)
Network Benchmark
- Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive Survey. Meng Shen. IEEE Communications Surveys & Tutorials 2023.
- Deep Learning for Encrypted Traffic Classification: An Overview. Shahbaz Rezaei. IEEE Communications Magazine 2019.
- Towards the Deployment of Machine Learning Solutions in Network Traffic Classification: A Systematic Survey. Fannia Pacheco. IEEE Communications Surveys & Tutorials 2019.
- Deep Learning in Mobile and Wireless Networking: A Survey. Chaoyun Zhang. IEEE Communications Surveys & Tutorials 2019.
- MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification. Xuyang Chen and Lu Han. AAAI 2025.
- Resolving Packets from Counters: Enabling Multi-scale Network Traffic Super Resolution via Composable Large Traffic Model. Xizheng Wang. NSDI 2025. [code]
- TrafficFormer: An Efficient Pre-trained Model for Traffic Data. Guangmeng Zhou. S&P 2025. [code]
- What Was Your Prompt? A Remote Keylogging Attack on AI Assistants. Roy Weiss. USENIX 2024. [code]
- NetLLM: Adapting Large Language Models for Networking. Duo Wu. SIGCOMM 2024. [code]
- CETP: A Novel Semi-Supervised Framework Based on Contrastive Pre-Training for Imbalanced Encrypted Traffic Classification. Xinjie Lin. Computers & Security (ComSec) 2024.
- A novel approach for application classification with encrypted traffic using BERT and packet headers. Jaehak Yu. Computer Networks 2024.
- Flow-MAE: Leveraging Masked AutoEncoder for Accurate, Efficient and Robust Malicious Traffic Classification. Zijun Hang. RAID 2023. [code]
- Listen to Minority: Encrypted Traffic Classification for Class Imbalance with Contrastive Pre-Training. Xiang Li. SECON 2023.
- Yet Another Traffic Classifier: A Masked Autoencoder Based Traffic Transformer with Multi-Level Flow Representation. Ruijie Zhao. AAAI 2023. [code]
- ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. Xinjie Lin. WWW 2022. [code] [Reproduce]
- CD-Net: Robust mobile traffic classification against apps updating. Yanan Chen. ComSec 2025.
- Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis. Xinhao Deng. CCS 2024. [code]
- Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. Yuqi Qing. NDSS 2024. [code]
- Identifying malicious traffic under concept drift based on intraclass consistency enhanced variational autoencoder. Xiang Luo. SCIENCE CHINA Information Sciences (SCIS) 2024.
- TrafCL: Robust Encrypted Malicious Traffic Detection via Contrastive Learning. Xiaodu Yang. CIKM 2024.
- MCRe: A Unified Framework for Handling Malicious Traffic With Noise Labels Based on Multidimensional Constraint Representation. Qingjun Yuan. TIFS 2024.
- Robust open-set classification for encrypted traffic fingerprinting. Thilini Dahanayaka. Computer Networks 2023.
- Few-shot encrypted traffic classification via multi-task representation enhanced meta-learning. Chen Yang. Computer Networks 2023.
- Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation. Renjie Xie. USENIX 2023. [code]
- Zero-relabelling mobile-app identification over drifted encrypted network traffic. Minghao Jiang. Computer Networks 2023.
- Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation. Dongqi Han. NDSS 2023. [code]
- Accurate mobile-app fingerprinting using flow-level relationship with graph neural networks. Minghao Jiang. Computer Networks 2022.
- Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam. CCS 2019. [code] (N-shot Learning)
Traditional Targets (Web, App, Malware, Gambling, User Activities, Intrusion Detection, IoT, Streaming Media)
- General
- FlowMiner: A Powerful Model Based on Flow Correlation Miningfor Encrypted Traffic Classification. Hongbo Xu. INFOCOM 2025.
- DE-GNN: Dual embedding with graph neural network for fine-grained encrypted traffic classification. Xinbo Han. Computer Networks 2024.
- TFE-GNN: A Temporal Fusion Encoder Using Graph Neural Networks for Fine-grained Encrypted Trafic Classification. Haozhen Zhang. WWW 2023. [code]
- An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting. Jian Qu. USENIX 2023. [code]
- Classifying encrypted traffic using adaptive fingerprints with multi-level attributes. Chang Liu. WWW Journal 2021.
- CETAnalytics: Comprehensive effective traffic information analytics for encrypted traffic classification (Generalization). Cong Dong. Computer Networks 2020.
- FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic. van Ede, Thijs. NDSS 2020. [code]
- FS-Net: A Flow Sequence Network For Encrypted Traffic Classification. Chang Liu. INFOCOM 2019. [code]
- MaMPF: Encrypted Traffic Classification Based on Multi-Attribute Markov Probability Fingerprints. Chang Liu. IWQoS 2018. [code]
- AppScanner: Automatic Fingerprinting of Smartphone Apps from Encrypted Network Traffic. Vincent F. Taylor. EuroS&P 2016. [code]
- Adaptive encrypted traffic fingerprinting with bi-directional dependence. Khaled Al-Naami. ACSAC 2016. [code]
- Malicious
- PETNet: Plaintext-aware encrypted traffic detection network for identifying Cobalt Strike HTTPS traffics. Xiaodu Yang. Computer Networks 2024. [code]
- Early Network Intrusion Detection Enabled by Attention Mechanisms and RNNs. Taki Eddine Toufik Djaidja. TIFS 2024.
- TMG-GAN: Generative Adversarial Networks-Based Imbalanced Learning for Network Intrusion Detection. Hongwei Ding. TIFS 2024.
- Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms. Chuanpu Fu. CCS 2023.
- Detecting Unknown Encrypted Malicious Traffic in Real Time via Flow Interaction Graph Analysis. Chuanpu Fu. NDSS 2023.
- Gambling
- Let gambling hide nowhere: Detecting illegal mobile gambling apps via heterogeneous graph-based encrypted traffic analysis. Zheyuan Gu. Computer Networks 2024.
- Gambling Domain Name Recognition via Certificate and Textual Analysis. GuoYing Sun. The Computer Journal 2023.
- Analyzing Ground-Truth Data of Mobile Gambling Scams. Geng Hong. Symposium on Security and Privacy (S&P) 2022.
- IoT
- HorusEye: A Realtime IoT Malicious Traffic Detection Framework using Programmable Switches. Yutao Dong. USENIX 2023.
- Vedio (Streaming Media)
- Breaking Through the Diversity: Encrypted Video Identification Attack Based on QUIC Features. Nan Hu. ESORICS 2024.
- Traffic spills the beans: A robust video identification attack against YouTube. Xiyuan Zhang. ComSec 2024.
- Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming. Jiaxi Gu. IEEE INFOCOM 2018.
- Real-Time Website Fingerprinting Defense via Traffic Cluster Anonymization. Meng Shen. S&P 2024.
- Defending Against Deep Learning-Based Traffic Fingerprinting Attacks With Adversarial Examples. Blake Hayden. ACM Transactions on Privacy and Security (TOPS) 2024.
- Subverting Website Fingerprinting Defenses with Robust Traffic Representation. Meng Shen. USENIX 2023.
- Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes. Diwen Xue. USENIX 2024.
- On Precisely Detecting Censorship Circumvention in Real-World Networks. Ryan Wails. NDSS 2024.
- Rules Refine the Riddle: Global Explanation for Deep Learning-Based Anomaly Detection in Security Applications. DongqiHan. CCS 2024. [code]
- Towards Fine-Grained Webpage Fingerprinting at Scale. Xiyuan Zhao and Xinhao Deng. CCS 2024. [code]
- Detecting Tunneled Flooding Traffic via Deep Semantic Analysis of Packet Length Patterns. Chuanpu Fu. CCS 2024. [code] [video]
- ProxyKiller: An Anonymous Proxy Traffic Attack Model Based on Traffic Behavior Graphs. Hongbo Xu. ESORICS 2024.
- HSDirSniper: A New Attack Exploiting Vulnerabilities in Tor's Hidden Service Directories. Qingfeng Zhang. WWW 2024.
- VPNSniffer: Identifying VPN Servers Through Graph-Represented Behaviors. Chenxu Wang. WWW 2024.
- AppSniffer: Towards Robust Mobile App Fingerprinting Against VPN. Sanghak Oh. WWW 2023.
- Transformer-based Model for Multi-tab Website Fingerprinting Attack. Zhaoxin Jin. CCS 2023.
- Online Website Fingerprinting: Evaluating Website Fingerprinting Attacks on Tor in the Real World. Giovanni Cherubin. USENIX 2022.
- BAPM: Block Attention Profiling Model for Multi-tab Website Fingerprinting Attacks on Tor. Zhong Guan. ACSAC 2021.
- Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning. Payap Sirinam. CCS 2019. [code]
- Automated Website Fingerprinting through Deep Learning. Vera Rimmer. NDSS 2018. [code]
- Deep Fingerprinting: Undermining Website Fingerprinting Defenses with Deep Learning. Payap Sirinam. CCS 2018. [code]
- Domain Name System
- A Worldwide View on the Reachability of Encrypted DNS Services. Ruixuan Li. WWW 2024.
- Investigating Deployment Issues of DNS Root Server Instances from a China-wide View. Fenglu Zhang. IEEE Transactions on Dependable and Secure Computing (TDSC) 2024.
- Privacy and Security
- IPv6
- IPv6 Prefix Target Generation through Pattern and Distribution Learning using Vision-Transformer and Guided-Diffusion. Yaochen Ren. INFOCOM 2025.
- 6GAN: IPv6 Multi-Pattern Target Generation via Generative Adversarial Nets with Reinforcement Learning. Tianyu Cui. INFOCOM 2021. [code]
- SiamHAN: IPv6 Address Correlation Attacks on TLS Encrypted Traffic via Siamese Heterogeneous Graph Attention Network. Tianyu Cui. USENIX 2021. [code]
- 6VecLM: Language Modeling in Vector Space for IPv6 Target Generation. Tianyu Cui. ECML/PKDD 2020. [code]
Chinese Academy of Sciences, University of Chinese Academy of Sciences/China
- Gang Xiong (Institute of Information Engineering)
- Kai Chen (Institute of Information Engineering)
- Qixu Liu (Institute of Information Engineering)
- Guozhu Meng (Institute of Information Engineering)
- Qingyun Liu (Institute of Information Engineering)
- Zhigang Lu (Institute of Information Engineering)
- Xiaodong Li (Institute of Computing Technology)
- Zhenyu Li (Institute of Computing Technology)
- Yujun Zhang (Institute of Computing Technology)
- Yuqing Zhang (School of Computer Science and Technology)
Tsinghua University/China
Zhejiang University/China
Beijing University of Posts and Telecommunications/China
Beijing Institute of Technology/China
Xi'an Jiaotong University/China
Shanghai Jiao Tong University/China
Others
- Guang Cheng (Southeast University/China)
- Fengwei Zhang (Southern University of Science and Technology/China)
- Qian Wang (Wuhan University/China)
- Min Yang (Fudan University/China)
- Shuguang Cui (The Chinese University of Hong Kong/China)
Overseas
- Xuemin (Sherman) Shen (University of Waterloo/Canada)
- Xiaofeng Wang (Indiana University Bloomington/United States)
- Tao Wang (Simon Fraser University/Canada)
- Ivan Martinovic (University of Oxford/United Kingdom)
- Amir Houmansadr (University of Massachusetts Amherst/United States)
- Giuseppe Aceto (Università di Napoli Federico II/Italy)
- Antonio Pescapè (Università di Napoli Federico II/Italy)
- Thorsten Holz (CISPA Helmholtz Center for Information Security/Germany)
- Mohammad Saidur Rahman (University of Texas at El Paso/United States)
- Yue Zhang (Drexel University/United States)
- Xinyu Xing (Northwestern University/United States)
- Yang Liu (Nanyang Technological University/Singapore)
- Alessandro Finamore (Huawei Technologies/France)
- flowcontainer
- scapy
- wireshark
- pyshark
- Cisco Talos
- Joy
- Proxifier
- traffic_classification_utils
- Website-Fingerprinting-Library (WFlib)
Version 1.0
April 15, 2022
- Welcome to the Ph.Ds from IIE,CAS.
Thanks goes to these wonderful people!
 Xinjie Lin 🎯 📝 📔 |
 Tianyu Cui 🎯 |
 Minghao Jiang 🎯 |
 Zhong Guan 🎯 📝 |
 Wei Cai 🎯 |
 Xiyuan Zhang 🎯 📝 |
