ACM SIGCOMM 2020, New York City, USA

ACM SIGCOMM 2020 Workshop on Traffic Manipulation (ManTra 2020)

The workshop has an associated Slack channel for discussions. Click on the link below to visit it. If you're asked to sign in, use the workspace name "" to sign up or sign in.

Go to workshop Slack channel
  • Friday, August 14, 2020 EDT

  • 10:30 - 11:00 am EDT Welcome and Introduction

  • 10:30 - 11:00 am EDT

    Welcome and Introduction

    ManTra workshop chairs (Haya Shulman & Radia Perlman)

    Haya Shulman        Radia Perlman       
  • 11:00 - 11:45 am EDT Invited Talk 1

  • 11:00 - 11:30 am EDT

    Securing Internet Applications From Routing Attacks

    Jennifer Rexford

    • Abstract: Attacks on Internet routing are typically viewed through the lens of availability and confidentiality, assuming an adversary that either discards traffic or performs eavesdropping. Yet, a strategic adversary can use routing attacks to compromise the security of critical Internet applications like Tor, certificate authorities, and the bitcoin network. In this talk, we survey such application-specific routing attacks and argue that both application-layer and network-layer defenses are essential and urgently needed. While application-layer defenses are easier to deploy in the short term, we hope that greater awareness of strategic attacks on important applications can provide much needed momentum for the deployment of network-layer defenses like secure routing protocols.

      Bio: Jennifer Rexford is the Gordon Y.S. Wu Professor of Engineering and the Chair of Computer Science at Princeton University. She served as the chair of ACM SIGCOMM from 2003 to 2007, and received the ACM SIGCOMM Award for lifetime contributions in 2018.


  • 11:30 - 11:45 am EDT

    Q & A session

  • 11:45 - 11:59 am EDT Break

  • 12:00 - 12:45 pm EDT Invited Talk 2

  • 12:00 - 12:30 pm EDT

    New directions for high-throughput and high-security communication

    Adrian Perrig

    • Abstract: Recent research in future Internet architectures has enabled several new opportunities that enable not only high security for communication, but also higher performance than traditional Internet approaches. In particular, new global symmetric key derivation systems can enable high-speed packet authentication at routers and firewalls at less than 100 ns on commodity hardware. The Path Aware Networking (PAN) concept empowers end hosts to obtain information about end-to-end network paths and select the optimal path for each packet, enabling multipath communication which can further speed up communication. We will discuss these and other directions to move toward a highly secure and efficient next-generation academic research network.

      Bio: Adrian Perrig is a Professor at the Department of Computer Science at ETH Zürich, Switzerland, where he leads the network security group. He is also a Distinguished Fellow at CyLab, and an Adjunct Professor of Electrical and Computer Engineering at Carnegie Mellon University.

      From 2002 to 2012, he was a Professor of Electrical and Computer Engineering, Engineering and Public Policy, and Computer Science (courtesy) at Carnegie Mellon University, becoming Full Professor in 2009. From 2007 to 2012, he served as the technical director for Carnegie Mellon's Cybersecurity Laboratory (CyLab). He earned his MS and PhD degrees in Computer Science from Carnegie Mellon University, and spent three years during his PhD at the University of California at Berkeley. He received his BSc degree in Computer Engineering from EPFL. Adrian's research revolves around building secure systems -- in particular his group is working on the SCION secure Internet architecture.

      He is a recipient of the NSF CAREER award in 2004, IBM faculty fellowships in 2004 and 2005, the Sloan research fellowship in 2006, the Security 7 award in the category of education by the Information Security Magazine in 2009, the Benjamin Richard Teare teaching award in 2011, the ACM SIGSAC Outstanding Innovation Award in 2013. He is an IEEE senior member and became an ACM Fellow in 2017.


  • 12:30 - 12:45 pm EDT

    Q & A session

  • 12:45 - 1:00 pm EDT Break

  • 1:00 - 1:45 pm EDT Invited Talk 3

  • 1:00 - 1:30 pm EDT

    When Off-Path TCP Injection Attack Meets Side Channels

    Zhiyun Qian

    • Abstract: In this talk, I will introduce network side channels and how they can exploited by remote attackers to launch off-path TCP packet injection attacks. As side channels were never really considered when network protocols are designed, and they are difficult to change for interoperability and backward-compatibility reasons. I will demonstrate how a blind off-path attacker can hijack a remote TCP connection (without the ability to eavesdrop and being man-in-the-middle). The talk will conclude with some early effort in systematically discovering this class of flaws.

      Bio: Dr. Zhiyun Qian is an associate professor at University of California, Riverside. He received his PhD from University of Michigan, Ann Arbor. His research interest is on system and network security, including vulnerability discovery, system building, applied program analysis, Internet security (e.g., TCP/IP), and Android security. His research has resulted in real-world impact on the design and implementation of Linux kernel, Android, FreeBSD, macOS, and firewall products. He is a recipient of the NSF CAREER Award, Applied Networking Research Prize 2019, Facebook Internet Defense Prize Finalist 2016, and the most creative idea award in GeekPwn 2016.


  • 1:30 - 1:45 pm EDT

    Q & A session

  • 1:45 - 2:00 pm EDT Break

  • 2:00 - 2:45 pm EDT Invited Talk 4

  • 2:00 - 2:30 pm EDT

    Reality of HTTPS deployments online

    Nick Sullivan

    • Abstract: In this talk, I’ll explore the unpleasant but true reality of HTTPS deployment online. We have made some great progress in moving the web from a primarily unencrypted and insecure medium for information transfer to one that has certain cryptographic assurances and protection. However, the reality is not as clear cut as many would assume. HTTPS does not provide end-to-end security in a significant percentage of connections online. This talk will explore the role of forward and reverse proxies and their effect on web security, while doing a deeper dive into several instances in which attacks were made using traffic manipulation against web properties that were nominally protected by HTTPS.

      Bio: Nick Sullivan is Head of Research at Cloudflare, a leading Internet security, performance, and reliability company. He leads research efforts in the fields of security and privacy, cryptography, Internet measurement, and emerging networking paradigms. Nick is also the co-chair of the Crypto Forum Research Group, which sets international standards in cryptography for the Internet Engineering Task Force. Prior to working at Cloudflare, he developed encryption technology for Apple’s Internet Services division, co-wrote Symantec’s Internet Security Threat Report, and completed degrees in both Computer Science and Pure Mathematics. He is passionate about improving the Internet through cutting-edge research and the development of open standards.


  • 2:30 - 2:45 pm EDT

    Q & A session

  • 2:45 - 3:00 pm EDT Break

  • 3:00 - 3:45 pm EDT Invited Talk 5

  • 3:00 - 3:30 pm EDT

    Using Deep Learning to Detect IP Hijack Attack

    Yuval Shavit

    • Abstract: IP hijack attack is a growing and serious security risk. In such attacks, traffic is diverted to the attacker network and then forwarded to the original destination, forming a man-in-the-middle attack. The attack was first introduced over a daced ago as a BGP attack. Thus to detect BGP hijack attacks monitoring services are examining BGP announcements for suspicious routes.

      Recently, we discovered that many such attacks are done in a stealth manner that is not detected by BGP monitoring. Such techniques use injection of /25 to a large ISP, so the route is not exported; inserting static route to ISPs; or by manipulating traffic at the data-plane in IXPs.

      To detect such stealth attacks, we suggest to use active monitoring with traceroute like monitoring of the route, which brings many analysis challenges. With data plane data, we can now analyze not only the BGP chaining rules, but also look at geography, reachability, delay and other data-plane aspects of the route.

      In the talk I present deflection examples and show how deep learning technology can help with the route analysis. In particular I would look at BGP level and geographic route classification, and on finding Type of relationship (ToR) between ASes to aid with classical valley-free analysis.

      Bio: Professor of Electrical Engineering at Tel Aviv University. Before joining Tel Aviv University, he worked for four years at the Networking Center of Bell Labs, Holmdel, NJ. Has published seminal papers in the fields of caching, routing, security, and network measurements.

      In 2004 he incepted the DIMES project for mapping the Internet infrastructure using thousands of lightweight software agents, which revolutionized the field of Internet measurement and mapping. Data gathered by DIMES have been used by academians worldwide.In 2014 he established BGProtect, a company that uses the DIMES approach to protect nations and large organizations against IP hijack attacks and provide network infrastructure intelligence.


  • 3:30 - 3:45 pm EDT

    Q & A session

  • 3:45 - 4:00 pm EDT


    ManTra workshop chairs

Call for Papers

Network attacks using traffic manipulation can have profound societal consequences. These attacks are increasing in frequency, sophistication, and stealthiness. Motivations behind these attacks vary from financial, political, terrorism, and more. These attacks can be performed by off-path or by on-path (Man-in-the-Middle (MitM)) attackers or by malicious operators. Traffic manipulations include attacks injecting malicious packets into the communication stream (e.g., injecting malicious scripts into TCP connections), manipulating time over NTP, attacking the IP layer by exploiting IP fragmentation for DNS cache poisoning, as well as redirecting communication, e.g., via BGP prefix hijacks. Traffic manipulation attacks aim to cause various types of denial of service, theft of crypto-currency, distribution of malware, disruption of governmental or financial organisations, censorship or surveillance.

The ManTra workshop provides a forum for researchers, practitioners, network operators, and the Internet standards community to present and discuss the state of the art in traffic manipulation attacks and countermeasures. The workshop considers different types of attackers, from very strong ones such as the corrupt operators and MitM adversaries to weak off-path attackers and different type of attacks, all that utilise manipulation of traffic for achieving the attack goal, as well as the defences against them. The attacks can be sophisticated, utilising corruption of multiple building blocks in concert, or simple, against one specific system or protocol.

The goal of the ManTra workshop is to provide a venue that focuses exclusively on traffic manipulation attacks in the Internet and countermeasures against them, presenting a broad view of technologies and approaches for manipulating traffic (from injections into the communication stream to hijacking communication), evaluations and simulations thereof, identification of new techniques and vulnerabilities, bringing together researchers and practitioners in all areas of computer, networks and systems security for studying the problems and paving the ways towards deployment of defences. Works which identify new vulnerabilities allowing traffic manipulation attacks, works which evaluate attacks in the wild, or works that perform measurements to understand the scope or extent of the attacks as well as techniques used to launch them in the wild are all welcome.

Download this call as a PDF

Topics of Interest

Refereed paper submissions are solicited in all areas relating to research in traffic manipulations (incl. injections into all layers of TCP/IP and traffic hijacks) and defences, including but not limited to:

  • Inter/Intra-domain routing security
  • BGP/DNS security
  • Privacy aspects of defences against traffic manipulation attacks
  • Deployment of defences for routing against traffic hijacks (RPKI, BGPsec, ...)
  • Deployment of defences against DNS cache poisoning (DNSSEC, ...)
  • Internet measurements and simulations of attacks and defences
  • Attacks against Internet Exchange Points
  • In-network defences (e.g., in the data plane)
  • Practical crypto-based defences
  • Deployability and usability studies
  • Leveraging traffic hijacks for sophisticated attacks against other systems and applications
  • IP spoofing
  • TCP/UDP/IP injection attacks
  • Techniques for bypassing challenge-response authentication (ports, sequence numbers, ...)
  • Sensor/Ad-hoc networks
  • TCP/IP layers including link and physical layers
  • Software Defined Networks (SDN)
  • SDN data/control plane injections/hijacks

Submission Instructions

Mantra’20 welcomes original submissions of unpublished work from academia, independent researchers, students, hackers, industry. The submissions must not be under consideration at another conference or journal. Submitted papers must use the new ACM template (using sigconf document type) from the 2018 ACM consolidated template package The font size must be 10 points. Submitted papers must be in PDF format, at most six (6) pages long, including all figures, tables, and unlimited number of pages for references. Papers must include authors names and affiliations for single-blind peer reviewing by the PC. Authors of accepted papers are expected to present their papers at the workshop. The proceedings will be included in the ACM Digital Library.

Papers must include author’s names and affiliations for single-blind peer reviewing by the PC. Authors of accepted papers are expected to present their papers at the workshop.

Paper Submission:

Please submit your paper via

Authors Take Note

The official publication date is the date the proceedings are made available in the ACM Digital Library. This date may be up to TWO WEEKS prior to the first day of the conference. The official publication date affects the deadline for any patent filings related to published work.

Systematisation of Knowledge

ManTra’20 welcomes also Systematisation of Knowledge (SoK) papers that evaluate and systemise state of the art in traffic manipulation. Such works include surveys and taxonomy of aspects related to traffic manipulation as well as papers that provide validation (through simulations or evaluations) of theories or folklore beliefs.

Workshop Format

The workshop will consist of presentations of peer-reviewed papers accepted for publication, of invited talks, mini-tutorials, and a panel discussion to encourage interaction among attendees. Everyone can register to participate in the workshop.


Attendance of the workshop is by open registration and subject to the same registration fees and rules as all the other SIGCOMM 2019 workshops. The registrants of the workshop may freely attend any workshop on the same day.

Camera-ready instructions

For the final paper to be published, please refer to Camera-ready instructions for workshops.

Important Dates

  • May 1, 2020

    Submission deadline (firm)

  • May 31, 2020

    Paper acceptance notification

  • June 10, 2020

    Camera-ready deadline

  • August 14, 2020

    Workshop date


  • Program Co-Chairs
  • Radia Perlman


  • Haya Shulman

    Fraunhofer Institute for Secure Information Technology (SIT)

  • Program Committee Chairs
  • Mark Allman

    International Computer Science Institute (ICSI)

  • Steven Bellovin

    Columbia University

  • Danny Dolev

    The Hebrew University of Jerusalem

  • Nick Feamster

    University of Chicago

  • Amir Herzberg

    University of Connecticut

  • Trent Jaeger

    The Pennsylvania State University

  • Charlie Kaufman


  • Adrian Perrig

    ETH Zurich

  • Zhiyun Qian

    UC Riverside

  • Jennifer Rexford


  • Michael Waidner

    Technische Universität Darmstadt

  • Bing Wang

    University of Connecticut

  • Web and HotCRP Chair
  • Markus Brandt

    Fraunhofer Institute for Secure Information Technology (SIT)