{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T04:32:01Z","timestamp":1773117121832,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":69,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,11,7]]},"DOI":"10.1145\/3548606.3560604","type":"proceedings-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T11:41:28Z","timestamp":1667821288000},"page":"875-889","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":30,"title":["Exposing the Rat in the Tunnel"],"prefix":"10.1145","author":[{"given":"Priyanka","family":"Dodia","sequence":"first","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]},{"given":"Mashael","family":"AlSabah","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]},{"given":"Omar","family":"Alrawi","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Tao","family":"Wang","sequence":"additional","affiliation":[{"name":"Simon Fraser University, Vancouver, BC, Canada"}]}],"member":"320","published-online":{"date-parts":[[2022,11,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2013. How to Handle Millions of New Tor Clients. https:\/\/blog.torproject.org\/ how-handle-millions-new-tor-clients\/#comment-34624.  2013. How to Handle Millions of New Tor Clients. https:\/\/blog.torproject.org\/ how-handle-millions-new-tor-clients\/#comment-34624."},{"key":"e_1_3_2_1_2_1","unstructured":"2016. Tor-nonTor Dataset (ISCXTor2016). https:\/\/www.unb.ca\/cic\/datasets\/tor. html.  2016. Tor-nonTor Dataset (ISCXTor2016). https:\/\/www.unb.ca\/cic\/datasets\/tor. html."},{"key":"e_1_3_2_1_3_1","unstructured":"2017. WannaCry Ransomware Campaign: Threat Details and Risk Management. https:\/\/www.fireeye.com\/blog\/products-and-services\/2017\/05\/wannacryransomware- campaign.html.  2017. WannaCry Ransomware Campaign: Threat Details and Risk Management. https:\/\/www.fireeye.com\/blog\/products-and-services\/2017\/05\/wannacryransomware- campaign.html."},{"key":"e_1_3_2_1_4_1","unstructured":"2021. Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/.  2021. Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/."},{"key":"e_1_3_2_1_5_1","unstructured":"2021. Tor Hidden Services Deprecation Timeline. https:\/\/blog.torproject.org\/v2- deprecation-timeline\/.  2021. Tor Hidden Services Deprecation Timeline. https:\/\/blog.torproject.org\/v2- deprecation-timeline\/."},{"key":"e_1_3_2_1_6_1","unstructured":"2021. Tor Metrics. https:\/\/metrics.torproject.org.  2021. Tor Metrics. https:\/\/metrics.torproject.org."},{"key":"e_1_3_2_1_7_1","unstructured":"2022. Ahmia - Search Tor Hidden Services. https:\/\/ahmia.fi\/.  2022. Ahmia - Search Tor Hidden Services. https:\/\/ahmia.fi\/."},{"key":"e_1_3_2_1_8_1","unstructured":"2022. Autogluon Predictors. https:\/\/auto.gluon.ai\/stable\/api\/autogluon.predictor. html?highlight=p_value.  2022. Autogluon Predictors. https:\/\/auto.gluon.ai\/stable\/api\/autogluon.predictor. html?highlight=p_value."},{"key":"e_1_3_2_1_9_1","unstructured":"2022. Autogluon Tabular Models (Documentation). https:\/\/auto.gluon.ai\/stable\/ api\/autogluon.tabular.models.html?highlight=weighted%20ensemble%20l2.  2022. Autogluon Tabular Models (Documentation). https:\/\/auto.gluon.ai\/stable\/ api\/autogluon.tabular.models.html?highlight=weighted%20ensemble%20l2."},{"key":"e_1_3_2_1_10_1","unstructured":"2022. AutoGluon Tasks. https:\/\/auto.gluon.ai\/stable\/api\/autogluon.task.html.  2022. AutoGluon Tasks. https:\/\/auto.gluon.ai\/stable\/api\/autogluon.task.html."},{"key":"e_1_3_2_1_11_1","unstructured":"2022. BinaryRelevance: scikit-multilearn. http:\/\/scikit.ml\/api\/skmultilearn. problem_transform.br.html.  2022. BinaryRelevance: scikit-multilearn. http:\/\/scikit.ml\/api\/skmultilearn. problem_transform.br.html."},{"key":"e_1_3_2_1_12_1","unstructured":"2022. ClassifierChains: scikit-multilearn. https:\/\/scikit-learn.org\/stable\/auto_ examples\/multioutput\/plot_classifier_chain_yeast.html.  2022. ClassifierChains: scikit-multilearn. https:\/\/scikit-learn.org\/stable\/auto_ examples\/multioutput\/plot_classifier_chain_yeast.html."},{"key":"e_1_3_2_1_13_1","unstructured":"2022. EternnalRocks-The Malware Wiki. https:\/\/malwiki.org\/index.php?title= EternalRocks.  2022. EternnalRocks-The Malware Wiki. https:\/\/malwiki.org\/index.php?title= EternalRocks."},{"key":"e_1_3_2_1_14_1","unstructured":"2022. Grayware- The Malware Wiki. https:\/\/malwiki.org\/index.php?title= Grayware.  2022. Grayware- The Malware Wiki. https:\/\/malwiki.org\/index.php?title= Grayware."},{"key":"e_1_3_2_1_15_1","unstructured":"2022. LabelPowerset: scikit-multilearn. http:\/\/scikit.ml\/api\/skmultilearn. problem_transform.lp.html#skmultilearn.problem_transform.LabelPowerset.  2022. LabelPowerset: scikit-multilearn. http:\/\/scikit.ml\/api\/skmultilearn. problem_transform.lp.html#skmultilearn.problem_transform.LabelPowerset."},{"key":"e_1_3_2_1_16_1","unstructured":"2022. Python dpkt. https:\/\/dpkt.readthedocs.io\/en\/latest\/.  2022. Python dpkt. https:\/\/dpkt.readthedocs.io\/en\/latest\/."},{"key":"e_1_3_2_1_17_1","unstructured":"2022. Spyware- The Malware Wiki. https:\/\/malwiki.org\/index.php?title= Spyware.  2022. Spyware- The Malware Wiki. https:\/\/malwiki.org\/index.php?title= Spyware."},{"key":"e_1_3_2_1_18_1","unstructured":"2022. SystemBC -- a RAT in the Pipeline. https:\/\/blogs.blackberry.com\/en\/2021\/ 06\/threat-thursday-systembc-a-rat-in-the-pipeline.  2022. SystemBC -- a RAT in the Pipeline. https:\/\/blogs.blackberry.com\/en\/2021\/ 06\/threat-thursday-systembc-a-rat-in-the-pipeline."},{"key":"e_1_3_2_1_19_1","unstructured":"2022. Top 1M Alexa. http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip.  2022. Top 1M Alexa. http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip."},{"key":"e_1_3_2_1_20_1","unstructured":"2022. Trojan- The Malware Wiki. https:\/\/malwiki.org\/index.php?title=Adware.  2022. Trojan- The Malware Wiki. https:\/\/malwiki.org\/index.php?title=Adware."},{"key":"e_1_3_2_1_21_1","unstructured":"2022. Zeek An Open Source Network Security Monitoring Tool. https:\/\/zeek. org\/.  2022. Zeek An Open Source Network Security Monitoring Tool. https:\/\/zeek. org\/."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3372202"},{"key":"e_1_3_2_1_23_1","volume-title":"Forecasting Malware Capabilities From Cyber Attack Memory Images. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Alrawi Omar","year":"2021","unstructured":"Omar Alrawi , Moses Ike , Matthew Pruett , Ranjita Pai Kasturi , Srimanta Barua , Taleb Hirani , Brennan Hill , and Brendan Saltaformaggio . 2021 . Forecasting Malware Capabilities From Cyber Attack Memory Images. In 30th USENIX Security Symposium (USENIX Security 21) . 3523--3540. Omar Alrawi, Moses Ike, Matthew Pruett, Ranjita Pai Kasturi, Srimanta Barua, Taleb Hirani, Brennan Hill, and Brendan Saltaformaggio. 2021. Forecasting Malware Capabilities From Cyber Attack Memory Images. In 30th USENIX Security Symposium (USENIX Security 21). 3523--3540."},{"key":"e_1_3_2_1_24_1","volume-title":"30th USENIX Security Symposium (USENIX Security . 3505--3522","author":"Alrawi Omar","year":"2021","unstructured":"Omar Alrawi , Charles Lever , Kevin Valakuzhy , Kevin Snow , Fabian Monrose , Manos Antonakakis , 2021 . The Circle Of Life: A {Large-Scale} Study of The {IoT} Malware Lifecycle . In 30th USENIX Security Symposium (USENIX Security . 3505--3522 . Omar Alrawi, Charles Lever, Kevin Valakuzhy, Kevin Snow, Fabian Monrose, Manos Antonakakis, et al. 2021. The Circle Of Life: A {Large-Scale} Study of The {IoT} Malware Lifecycle. In 30th USENIX Security Symposium (USENIX Security . 3505--3522."},{"key":"e_1_3_2_1_25_1","volume-title":"Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Avgetidis Athanasios","year":"2023","unstructured":"Athanasios Avgetidis , Omar Alrawi , Kevin Valakuzhy , Charles Lever , Paul Burbage , Angelos Keromytis , Fabian Monrose , and Manos Antonakakis . 2023 . Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators. In 32nd USENIX Security Symposium (USENIX Security 23) . Athanasios Avgetidis, Omar Alrawi, Kevin Valakuzhy, Charles Lever, Paul Burbage, Angelos Keromytis, Fabian Monrose, and Manos Antonakakis. 2023. Beyond The Gates: An Empirical Analysis of HTTP-Managed Password Stealers and Operators. In 32nd USENIX Security Symposium (USENIX Security 23)."},{"key":"e_1_3_2_1_26_1","volume-title":"Albert Hyukjae Kwon, and Srinivas Devadas","author":"Bhat Sanjit","year":"2019","unstructured":"Sanjit Bhat , David Lu , Albert Hyukjae Kwon, and Srinivas Devadas . 2019 . Varcnn : A Data-efficient Website Fingerprinting Attack based on Deep Learning . (2019). Sanjit Bhat, David Lu, Albert Hyukjae Kwon, and Srinivas Devadas. 2019. Varcnn: A Data-efficient Website Fingerprinting Attack based on Deep Learning. (2019)."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382260"},{"key":"e_1_3_2_1_28_1","volume-title":"Tor Traffic Classification Based on Encrypted Payload Characteristics. In 2021 National Computing Colleges Conference (NCCC). IEEE, 1--6.","author":"Choorod Pitpimon","year":"2021","unstructured":"Pitpimon Choorod and GeorgeWeir. 2021 . Tor Traffic Classification Based on Encrypted Payload Characteristics. In 2021 National Computing Colleges Conference (NCCC). IEEE, 1--6. Pitpimon Choorod and GeorgeWeir. 2021. Tor Traffic Classification Based on Encrypted Payload Characteristics. In 2021 National Computing Colleges Conference (NCCC). IEEE, 1--6."},{"key":"e_1_3_2_1_29_1","unstructured":"Lucian Constantin. 2012. Tor Network Used to Command Skynet Botnet. https:\/\/www.computerworld.com\/article\/2493980\/tor-network-used-tocommand- skynet-botnet.html.  Lucian Constantin. 2012. Tor Network Used to Command Skynet Botnet. https:\/\/www.computerworld.com\/article\/2493980\/tor-network-used-tocommand- skynet-botnet.html."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/BigData.2017.8258487"},{"key":"e_1_3_2_1_31_1","volume-title":"Tor: The Second- Generation Onion Router. In 13th USENIX Security Symposium (USENIX Security . USENIX Association","author":"Dingledine Roger","year":"2004","unstructured":"Roger Dingledine , Nick Mathewson , and Paul Syverson . 2004 . Tor: The Second- Generation Onion Router. In 13th USENIX Security Symposium (USENIX Security . USENIX Association , San Diego, CA. https:\/\/www.usenix.org\/conference\/ 13th-usenix-security-symposium\/tor-second-generation-onion-router Roger Dingledine, Nick Mathewson, and Paul Syverson. 2004. Tor: The Second- Generation Onion Router. In 13th USENIX Security Symposium (USENIX Security . USENIX Association, San Diego, CA. https:\/\/www.usenix.org\/conference\/ 13th-usenix-security-symposium\/tor-second-generation-onion-router"},{"key":"e_1_3_2_1_32_1","volume-title":"AutoGluon-Tabular: Robust and Accurate AutoML for Structured Data. arXiv preprint arXiv:2003.06505","author":"Erickson Nick","year":"2020","unstructured":"Nick Erickson , Jonas Mueller , Alexander Shirkov , Hang Zhang , Pedro Larroy , Mu Li , and Alexander Smola . 2020. AutoGluon-Tabular: Robust and Accurate AutoML for Structured Data. arXiv preprint arXiv:2003.06505 ( 2020 ). Nick Erickson, Jonas Mueller, Alexander Shirkov, Hang Zhang, Pedro Larroy, Mu Li, and Alexander Smola. 2020. AutoGluon-Tabular: Robust and Accurate AutoML for Structured Data. arXiv preprint arXiv:2003.06505 (2020)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2018.8548313"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2846740"},{"key":"e_1_3_2_1_35_1","volume-title":"Botminer: Clustering Analysis of Network Traffic for Protocol-and Structure-independent Botnet Detection.","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Roberto Perdisci , Junjie Zhang , and Wenke Lee . 2008 . Botminer: Clustering Analysis of Network Traffic for Protocol-and Structure-independent Botnet Detection. (2008). Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 2008. Botminer: Clustering Analysis of Network Traffic for Protocol-and Structure-independent Botnet Detection. (2008)."},{"key":"e_1_3_2_1_36_1","volume-title":"25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203.","author":"Hayes Jamie","unstructured":"Jamie Hayes and George Danezis . 2016. k-fingerprinting: A Robust ScalableWebsite Fingerprinting Technique . In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203. Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust ScalableWebsite Fingerprinting Technique. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203."},{"key":"e_1_3_2_1_37_1","volume-title":"25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203.","author":"Hayes Jamie","unstructured":"Jamie Hayes and George Danezis . 2016. k-fingerprinting: A Robust ScalableWebsite Fingerprinting Technique . In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203. Jamie Hayes and George Danezis. 2016. k-fingerprinting: A Robust ScalableWebsite Fingerprinting Technique. In 25th {USENIX} Security Symposium ({USENIX} Security 16). 1187--1203."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655008.1655013"},{"key":"e_1_3_2_1_39_1","volume-title":"Darknet Traffic Classification Using Machine Learning Techniques. In 2021 10th International Conference on Modern Circuits and Systems Technologies (MOCAST). IEEE, 1--4.","author":"Iliadis Lazaros Alexios","year":"2021","unstructured":"Lazaros Alexios Iliadis and Theodoros Kaifas . 2021 . Darknet Traffic Classification Using Machine Learning Techniques. In 2021 10th International Conference on Modern Circuits and Systems Technologies (MOCAST). IEEE, 1--4. Lazaros Alexios Iliadis and Theodoros Kaifas. 2021. Darknet Traffic Classification Using Machine Learning Techniques. In 2021 10th International Conference on Modern Circuits and Systems Technologies (MOCAST). IEEE, 1--4."},{"key":"e_1_3_2_1_40_1","volume-title":"USENIX Security Symposium","volume":"2011","author":"Jacob Gregoire","year":"2011","unstructured":"Gregoire Jacob , Ralf Hund , Christopher Kruegel , and Thorsten Holz . 2011 . JACKSTRAWS: Picking Command and Control Connections from Bot Traffic .. In USENIX Security Symposium , Vol. 2011 . San Francisco, CA, USA. Gregoire Jacob, Ralf Hund, Christopher Kruegel, and Thorsten Holz. 2011. JACKSTRAWS: Picking Command and Control Connections from Bot Traffic.. In USENIX Security Symposium, Vol. 2011. San Francisco, CA, USA."},{"key":"e_1_3_2_1_41_1","volume-title":"Mohammad Saiful Islam Mamun, and Ali A Ghorbani","author":"Lashkari Arash Habibi","year":"2017","unstructured":"Arash Habibi Lashkari , Gerard Draper-Gil , Mohammad Saiful Islam Mamun, and Ali A Ghorbani . 2017 . Characterization of Tor Traffic using Time Based Features.. In ICISSp . 253--262. Arash Habibi Lashkari, Gerard Draper-Gil, Mohammad Saiful Islam Mamun, and Ali A Ghorbani. 2017. Characterization of Tor Traffic using Time Based Features.. In ICISSp. 253--262."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2015.2465934"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15497-3_13"},{"key":"e_1_3_2_1_44_1","volume-title":"Dark Web Traffic Detection Method Based on Deep Learning. In 2021 IEEE 10th Data Driven Control and Learning Systems Conference (DDCLS). IEEE, 842--847","author":"Ma Haoyu","year":"2021","unstructured":"Haoyu Ma , Jianqiu Cao , Bo Mi , Darong Huang , Yang Liu , and Zhenyuan Zhang . 2021 . Dark Web Traffic Detection Method Based on Deep Learning. In 2021 IEEE 10th Data Driven Control and Learning Systems Conference (DDCLS). IEEE, 842--847 . Haoyu Ma, Jianqiu Cao, Bo Mi, Darong Huang, Yang Liu, and Zhenyuan Zhang. 2021. Dark Web Traffic Detection Method Based on Deep Learning. In 2021 IEEE 10th Data Driven Control and Learning Systems Conference (DDCLS). IEEE, 842--847."},{"key":"e_1_3_2_1_45_1","volume-title":"I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis. ArXiv abs\/1403.0297","author":"Miller Brad","year":"2014","unstructured":"Brad Miller , Ling Huang , Anthony D. Joseph , and J. Doug Tygar . 2014. I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis. ArXiv abs\/1403.0297 ( 2014 ). Brad Miller, Ling Huang, Anthony D. Joseph, and J. Doug Tygar. 2014. I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis. ArXiv abs\/1403.0297 (2014)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487788.2488056"},{"key":"e_1_3_2_1_47_1","volume-title":"Av-meter: An Evaluation of Antivirus Scans and Labels. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 112--131","author":"Mohaisen Aziz","year":"2014","unstructured":"Aziz Mohaisen and Omar Alrawi . 2014 . Av-meter: An Evaluation of Antivirus Scans and Labels. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 112--131 . Aziz Mohaisen and Omar Alrawi. 2014. Av-meter: An Evaluation of Antivirus Scans and Labels. In International conference on detection of intrusions and malware, and vulnerability assessment. Springer, 112--131."},{"key":"e_1_3_2_1_48_1","volume-title":"InternationalWorkshop on Information Security Applications","author":"Mohaisen Aziz","unstructured":"Aziz Mohaisen , Omar Alrawi , Matt Larson , and Danny McPherson . 2013. Towards a Methodical Evaluation of Antivirus Scans and Labels . In InternationalWorkshop on Information Security Applications . Springer , 231--241. Aziz Mohaisen, Omar Alrawi, Matt Larson, and Danny McPherson. 2013. Towards a Methodical Evaluation of Antivirus Scans and Labels. In InternationalWorkshop on Information Security Applications. Springer, 231--241."},{"key":"e_1_3_2_1_49_1","volume-title":"AMAL: High-fidelity, Hehavior-based Automated Malware Analysis and Classification. computers & security 52","author":"Mohaisen Aziz","year":"2015","unstructured":"Aziz Mohaisen , Omar Alrawi , and Manar Mohaisen . 2015 . AMAL: High-fidelity, Hehavior-based Automated Malware Analysis and Classification. computers & security 52 (2015), 251--266. Aziz Mohaisen, Omar Alrawi, and Manar Mohaisen. 2015. AMAL: High-fidelity, Hehavior-based Automated Malware Analysis and Classification. computers & security 52 (2015), 251--266."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2013.6682751"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997496"},{"key":"e_1_3_2_1_52_1","volume-title":"Threat Assessment: Egregor Ransomware. https: \/\/unit42.paloaltonetworks.com\/egregor-ransomware-courses-of-action\/.","author":"Networks Palo Alto","year":"2012","unstructured":"Palo Alto Networks . 2012 . Threat Assessment: Egregor Ransomware. https: \/\/unit42.paloaltonetworks.com\/egregor-ransomware-courses-of-action\/. Palo Alto Networks. 2012. Threat Assessment: Egregor Ransomware. https: \/\/unit42.paloaltonetworks.com\/egregor-ransomware-courses-of-action\/."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046556.2046570"},{"key":"e_1_3_2_1_54_1","volume-title":"A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures. 54, 6","author":"Papadogiannaki Eva","year":"2021","unstructured":"Eva Papadogiannaki and Sotiris Ioannidis . 2021. A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures. 54, 6 ( 2021 ). https:\/\/doi.org\/10.1145\/3457904 10.1145\/3457904 Eva Papadogiannaki and Sotiris Ioannidis. 2021. A Survey on Encrypted Network Traffic Analysis Applications, Techniques, and Countermeasures. 54, 6 (2021). https:\/\/doi.org\/10.1145\/3457904"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308897.3308961"},{"key":"e_1_3_2_1_56_1","volume-title":"Detecting and Blocking Onion Router Traffic Using Deep Packet Inspection. In 2016 International Electronics Symposium (IES). IEEE, 283--288","author":"Saputra Ferry Astika","year":"2016","unstructured":"Ferry Astika Saputra , Isbat Uzzin Nadhori , and Balighani Fathul Barry . 2016 . Detecting and Blocking Onion Router Traffic Using Deep Packet Inspection. In 2016 International Electronics Symposium (IES). IEEE, 283--288 . Ferry Astika Saputra, Isbat Uzzin Nadhori, and Balighani Fathul Barry. 2016. Detecting and Blocking Onion Router Traffic Using Deep Packet Inspection. In 2016 International Electronics Symposium (IES). IEEE, 283--288."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1109\/AICCSA50499.2020.9316533"},{"key":"e_1_3_2_1_58_1","volume-title":"Beauty and the Burst: Remote Identification of Encrypted Video Streams. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Schuster Roei","year":"2017","unstructured":"Roei Schuster , Vitaly Shmatikov , and Eran Tromer . 2017 . Beauty and the Burst: Remote Identification of Encrypted Video Streams. In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, 1357-- 1374. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/ presentation\/schuster Roei Schuster, Vitaly Shmatikov, and Eran Tromer. 2017. Beauty and the Burst: Remote Identification of Encrypted Video Streams. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1357-- 1374. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/ presentation\/schuster"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427261"},{"key":"e_1_3_2_1_60_1","first-page":"230","article-title":"AVclass","volume":"9854","author":"Sebasti\u00e1n Marcos","year":"2016","unstructured":"Marcos Sebasti\u00e1n , Richard Rivera , Platon Kotzias , and Juan Caballero . 2016 . AVclass : A Tool for Massive Malware Labeling , Vol. 9854. 230 -- 253 . https: \/\/doi.org\/10.1007\/978--3--319--45719--2_11 10.1007\/978--3--319--45719--2_11 Marcos Sebasti\u00e1n, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. AVclass: A Tool for Massive Malware Labeling, Vol. 9854. 230--253. https: \/\/doi.org\/10.1007\/978--3--319--45719--2_11","journal-title":"A Tool for Massive Malware Labeling"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243768"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354217"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.5555\/829514.830535"},{"key":"e_1_3_2_1_64_1","volume-title":"23rd {USENIX} Security Symposium ({USENIX} Security 14). 143--157.","author":"Wang Tao","unstructured":"Tao Wang , Xiang Cai , Rishab Nithyanand , Rob Johnson , and Ian Goldberg . 2014. Effective Attacks and Provable Defenses for Website Fingerprinting . In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 143--157. Tao Wang, Xiang Cai, Rishab Nithyanand, Rob Johnson, and Ian Goldberg. 2014. Effective Attacks and Provable Defenses for Website Fingerprinting. In 23rd {USENIX} Security Symposium ({USENIX} Security 14). 143--157."},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517840.2517851"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2517840.2517851"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2016-0027"},{"key":"e_1_3_2_1_68_1","volume-title":"Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium","author":"Wright Charles V.","unstructured":"Charles V. Wright , Lucas Ballard , Fabian Monrose , and Gerald M. Masson . 2007. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? . In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium ( Boston, MA) (SS'07). USENIX Association, USA, Article 4, 12 pages. Charles V. Wright, Lucas Ballard, Fabian Monrose, and Gerald M. Masson. 2007. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob?. In Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (Boston, MA) (SS'07). USENIX Association, USA, Article 4, 12 pages."},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274697"}],"event":{"name":"CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security","location":"Los Angeles CA USA","acronym":"CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560604","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3548606.3560604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:48:58Z","timestamp":1750182538000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3548606.3560604"}},"subtitle":["Using Traffic Analysis for Tor-based Malware Detection"],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":69,"alternative-id":["10.1145\/3548606.3560604","10.1145\/3548606"],"URL":"https:\/\/doi.org\/10.1145\/3548606.3560604","relation":{},"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-07","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}