Sitemap
A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.
Pages
Posts
Future Blog Post
Published:
This post will show up by default. To disable scheduling of future posts, edit config.yml and set future: false.
Blog Post number 4
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 3
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 2
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
Blog Post number 1
Published:
This is a sample blog post. Lorem ipsum I can’t remember the rest of lorem ipsum and don’t have an internet connection right now. Testing testing testing this blog post. Blog posts are cool.
portfolio
Portfolio item number 1
Short description of portfolio item number 1
Portfolio item number 2
Short description of portfolio item number 2
publications
Understanding Feature Discovery in Website Fingerprinting Attacks
Published in IEEE Western New York Image and Signal Processing Workshop (WNYISPW), 2018
This paper explores how convolutional neural networks discover and exploit features in website fingerprinting attacks on the Tor network.
Recommended citation: Nate Mathews, Payap Sirinam, Matthew Wright. (2018). "Understanding Feature Discovery in Website Fingerprinting Attacks." IEEE Western New York Image and Signal Processing Workshop (WNYISPW), 2018. DOI: 10.1109/WNYIPW.2018.8576379.
Download Paper | Download Slides
Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning
Published in ACM SIGSAC Conference on Computer and Communications Security (CCS), 2019
This paper introduces Triplet Fingerprinting (TF), a novel website fingerprinting attack that uses N-shot learning to reduce training data requirements while remaining effective under varying network conditions.
Recommended citation: Payap Sirinam, Nate Mathews, Mohammad Saidur Rahman, Matthew Wright. (2019). "Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning." ACM SIGSAC Conference on Computer and Communications Security (CCS), 2019. DOI: 10.1145/3319535.3354217.
Download Paper | Download Slides
Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks
Published in Proceedings on Privacy Enhancing Technologies (PoPETS), 2020
This paper explores the use of packet timing in website fingerprinting (WF) attacks, showing that timing information significantly improves the accuracy of WF classifiers in both closed-world and open-world settings.
Recommended citation: Mohammad Saidur Rahman, Payap Sirinam, Nate Mathews, Kantha Girish Gangadhara, Matthew Wright. (2020). "Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks." Proceedings on Privacy Enhancing Technologies (PoPETS), 2020. DOI: 10.2478/popets-2020-0043.
Download Paper
Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks With Adversarial Traces
Published in IEEE Transactions on Information Forensics and Security (TIFS), 2020
This paper presents Mockingbird, a novel website fingerprinting defense that uses adversarial traces to significantly reduce the accuracy of deep-learning-based attacks while maintaining reasonable bandwidth overhead.
Recommended citation: Mohammad Saidur Rahman, Mohsen Imani, Nate Mathews, Matthew Wright. (2020). "Mockingbird: Defending Against Deep-Learning-Based Website Fingerprinting Attacks With Adversarial Traces." IEEE Transactions on Information Forensics and Security (TIFS), 2020. DOI: 10.1109/TIFS.2020.3039691.
Download Paper
GANDaLF: GAN for Data-Limited Fingerprinting
Published in Proceedings on Privacy Enhancing Technologies (PoPETS), 2021
This paper introduces GANDaLF, a novel deep-learning-based Website Fingerprinting (WF) attack using Generative Adversarial Networks (GANs) designed to work effectively with limited training data.
Recommended citation: Se Eun Oh, Nate Mathews, Mohammad Saidur Rahman, Matthew Wright, Nicholas Hopper. (2021). "GANDaLF: GAN for Data-Limited Fingerprinting." Proceedings on Privacy Enhancing Technologies (PoPETS), 2021. DOI: 10.2478/popets-2021-0029.
Download Paper | Download Slides
What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning
Published in 20th Workshop on Privacy in the Electronic Society (WPES), 2021
This paper introduces SHAME, a deep learning-based voice command fingerprinting attack model that leverages packet metadata to infer voice commands issued to smart assistants like Amazon Echo and Google Home.
Recommended citation: Jack Hyland, Conrad Schneggenburger, Nick Lim, Jake Ruud, Nate Mathews, Matthew Wright. (2021). "What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning." 20th Workshop on Privacy in the Electronic Society (WPES), 2021. DOI: 10.1145/3463676.3485615.
Download Paper | Download Slides
DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification
Published in IEEE Symposium on Security and Privacy (SP), 2022
This paper presents DeepCoFFEA, a novel end-to-end flow correlation attack that significantly improves the accuracy of flow correlation on the Tor network by using deep metric learning and amplification techniques.
Recommended citation: Se Eun Oh, Taiji Yang, Nate Mathews, James K. Holland, Mohammad Saidur Rahman, Nicholas Hopper, Matthew Wright. (2022). "DeepCoFFEA: Improved Flow Correlation Attacks on Tor via Metric Learning and Amplification." IEEE Symposium on Security and Privacy (SP), 2022. DOI: 10.1109/SP46214.2022.9833801.
Download Paper
SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses
Published in IEEE Symposium on Security and Privacy (SP), 2023
This paper provides a critical evaluation of nine recent efficient website fingerprinting defenses, utilizing deep-learning-based attacks and considering their real-world deployability in Tor.
Recommended citation: Nate Mathews, James K. Holland, Se Eun Oh, Mohammad Saidur Rahman, Nicholas Hopper, Matthew Wright. (2023). "SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses." IEEE Symposium on Security and Privacy (SP), 2023. DOI: 10.1109/SP46215.2023.10179289.
Download Paper | Download Slides
WhisperVoiceTrace: A Comprehensive Analysis of Voice Command Fingerprinting
Published in ACM Asia Conference on Computer and Communications Security (ASIA CCS), 2024
This paper presents WhisperVoiceTrace (WhiVo), a comprehensive analysis of voice command fingerprinting, proposing new features and methods for improved voice command traffic analysis in smart speakers like Amazon Alexa and Google Assistant.
Recommended citation: Minji Jo, Hyojin Kim, Jiwoo Hong, Hosung Kang, Nate Mathews, Se Eun Oh. (2024). "WhisperVoiceTrace: A Comprehensive Analysis of Voice Command Fingerprinting." ACM Asia Conference on Computer and Communications Security (ASIA CCS), 2024. DOI: 10.1145/3634737.3657017.
Download Paper
LASERBEAK: Evolving Website Fingerprinting Attacks with Attention and Multi-Channel Feature Representation
Published in IEEE Transactions on Information Forensics and Security (TIFS), 2024
This paper introduces LASERBEAK, a novel website fingerprinting attack that combines multi-channel feature representations and transformer-based attention mechanisms to significantly improve performance against defended Tor traffic.
Recommended citation: Nate Mathews, James K. Holland, Nicholas Hopper, Matthew Wright. (2024). "LASERBEAK: Evolving Website Fingerprinting Attacks with Attention and Multi-Channel Feature Representation." IEEE Transactions on Information Forensics and Security (TIFS), 2024. DOI: 10.1109/TIFS.2024.3468171.
Download Paper
talks
Triplet Fingerprinting: N-shot Learning for Website Fingerprinting
Published:
Presented research on “Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning” at ACM CCS 2019. The talk introduced the novel triplet learning-based approach to website fingerprinting, significantly reducing the data requirements while maintaining effectiveness across different network conditions.
Deanonymizing Internet Traffic with Website Fingerprinting
Published:
Gave an invited talk on the topic of “Deanonymizing Internet Traffic with Website Fingerprinting” for the Privacy Enhancements and Assessments Research Group (PEARG) at IETF-108. This presentation discussed new techniques and research directions for analyzing traffic and compromising privacy in encrypted network environments.
GANDaLF: GAN for Data-Limited Fingerprinting
Published:
Presented research on “GANDaLF: GAN for Data-Limited Fingerprinting” at PETS 2021. This talk highlighted the novel use of Generative Adversarial Networks (GANs) to improve website fingerprinting attacks in data-limited scenarios, outperforming existing methods in subpage fingerprinting.
Critical Evaluation of Efficient Website Fingerprinting Defenses
Published:
Presented research on the paper “SoK: A Critical Evaluation of Efficient Website Fingerprinting Defenses” at the IEEE S&P 2023. This talk covered the comprehensive evaluation of nine recent defenses and their performance against deep-learning-based website fingerprinting attacks.
Harnessing AI for Advanced Network Security: From Attacks on Privacy to Defensive Innovations
Published:
In this talk, myself and my advisor, Dr. Matthew Wright, explored the AI techniques we used to develop a novel stepping-stone identification method. A key focus was on Flow Correlation attacks, a class of attacks that target anonymity networks but can be adapted to defense, particularly for detecting pivoting in network intrusion attacks.
Colloquium Talk: Harnessing AI for Advanced Network Security
Published:
This is a repeat of the same talk presented a few days prior at Rochester Security Summit, with modifications for an academic crowd as part of WashU’s graduate colloquium series.
Teaching Generative AI for Cybersecurity: A Project-Based Learning Approach
Published:
At the 28th Colloquium for Information Systems Security Education (CISSE), I presented our work on teaching Generative AI for cybersecurity through a hands-on, project-based learning approach. The course explores the application of large language models (LLMs) to automate cybersecurity tasks, emphasizing real-world case studies, prompt engineering, fine-tuning, and retrieval-augmented generation (RAG).
teaching
CSEC 520/620 Cyber Analytics & Machine Learning
Graduate/Undergraduate course, Rochester Institute of Technology, Department of Computing Security, 2022
This course provides students with the opportunity to explore methods and applications in cyber analytics using advanced machine learning algorithms, including deep learning. The course covers both foundational machine learning techniques and their applications to real-world cybersecurity problems, such as network anomaly detection, malware analysis, and intrusion detection.
Download SyllabusCSEC-559/659 Generative AI in Cybersecurity
Graduate/Undergraduate course, Rochester Institute of Technology, Department of Computing Security, 2024
In this project-based course, students explore the application of generative AI models, such as large language models (LLMs), to various cybersecurity tasks. Students gain hands-on experience working with AI tools, critiquing their application in real-world scenarios, and understanding the implications of using generative AI in cybersecurity.
Download SyllabusCSEC-759 Graduate Seminar in Computing Security
Graduate course, Rochester Institute of Technology, Department of Computing Security, 2025
This research-oriented seminar explores the latest advancements in malware analysis, focusing on techniques to detect, analyze, and counteract malicious software. Students engage with state-of-the-art research, apply malware analysis tools, and examine strategies used by attackers to evade detection. The course emphasizes hands-on experience with tools such as Cuckoo Sandbox, Volatility, and Google Rapid Response (GRR) while fostering critical analysis of recent research papers.
Download Syllabus