Publications
Academic publications and workshops
View bib file2025
- When simple model just works: Is network traffic classification in crisis? Investigation of simple baseline models matching deep learning performance in traffic classification, questioning dataset quality and advocating for redundancy-aware evaluation protocols. arXiv preprint arXiv:2506.08655 10.48550/arXiv.2506.08655
- Lightweight traffic classification: A simple baseline matching deep learning performance 1-nearest neighbor classifier using compact feature vector from first 10 packets achieves deep learning-comparable performance, suggesting dataset redundancy inflates reported DL gains. Network Traffic Measurement and Analysis Conference 2025 10.23919/TMA66427.2025.11096965 URL
- Towards building network outlier detection system for network traffic monitoring Network outlier detection system for traffic monitoring. Experience paper. NOMS 2025 IEEE network operations and management symposium 10.1109/NOMS57970.2025.11073727
- Interpretable threat detection with evidential classifier: The MQTT case Universal threat detection using Dempster-Shafer theory with deep learning. Provides interpretable outputs and minimizes false positive rate. NOMS 2025 IEEE network operations and management symposium 10.1109/NOMS57970.2025.11073686
- Explainable anomaly detection in network traffic using LLM LLM integration for interpreting detected network anomalies rather than direct detection. Improves situational awareness and reduces false positives for security analysts. NOMS 2025 IEEE network operations and management symposium 10.1109/NOMS57970.2025.11073574
2024
- NetTiSA: Extended IP flow with time-series features for universal bandwidth-constrained high-speed network traffic classification Novel extended IP flow (NetTiSA) analyzing time series of packet sizes with 20 bandwidth-constrained features for high-speed network traffic classification. Tested on 25 classification tasks. Computer Networks 10.1016/j.comnet.2023.110147
- TCI: A system for distributed network monitoring, troubleshooting and dataset creation Traffic Capture Infrastructure (TCI) for network packet capture, investigation, and dataset creation. Deployed in CESNET3 network. Experience paper. NOMS 2024 IEEE network operations and management symposium 10.1109/NOMS59830.2024.10575262
- CESNET-TLS-Year22: A year-spanning TLS network traffic dataset from backbone lines Year-spanning TLS traffic dataset from ISP backbone with 180 web service labels. Enables evaluation of traffic classification model robustness and data drift studies. Nature Scientific Data 10.1038/s41597-024-04055-9
2023
- Active learning framework for long-term network traffic classification A novel Active Learning Framework (ALF) to address limited labeled datasets and data drift in ML-based network traffic classification. Evaluated over 8 months on 100 Gbps backbone networks. 2023 IEEE 13th annual computing and communication workshop and conference (CCWC) 10.1109/CCWC57344.2023.10099065 Best Presenter Award
- Augmenting monitoring infrastructure for dynamic software-defined networks Concept for automatic on-demand deployment of monitoring probes in SDN environments, enabling correlation of network data with infrastructure state for IoT and anomaly detection use cases. 2023 8th international conference on smart and sustainable technologies (SpliTech) 10.23919/SpliTech58164.2023.10193216
- Look at my network: An insight into the ISP backbone traffic Long-term aggregated dataset and monitoring architecture for ISP backbone traffic analysis, supporting performance tuning and security detection in high-speed networks. 2023 19th international conference on network and service management (CNSM) 10.23919/CNSM59352.2023.10327823
- How to measure high-speed network: A case study Case study on monitoring high-speed ISP networks using scalar aggregation on IP flows, enabling detection of operational outages and security threats. 11th prague embedded systems workshop URL Abstract paper at PhD Workshop, not peer-reviewed