2026
- Analyzing Unsolicited Internet Traffic: Measuring IoT Security Threats via Network Telescopes
Shereen Ismail, Taelyn Dyer, Raul Martinez, Garrett Gastman, Yozelyn Chavez, and Asma Jodeiri Akbarfam
Analyzes unsolicited network telescope traffic to identify large-scale IoT scanning behavior, reconnaissance campaigns, and persistent Telnet-based threats targeting vulnerable Internet-connected devices. (arXiv)
- Bridging High-Level Intent and Network Execution: Detecting Violations and Intent Drift Through Low-Level Traffic Analysis
Tonia Haikal, Shereen Ismail, and Eman Hammad
Examines how AI-assisted bot activity has evolved in darknet traffic and demonstrates how modern reconnaissance techniques can evade traditional intrusion detection systems. (arXiv)
- Characterizing AI-Assisted Bot Traffic in Darknet Data: Implications for ICS and IIoT Security
Alex Carbajal, Caleb Faultersack, Jonathan Vasquez, Shereen Ismail, and Asma Jodeiri Akbarfam
Examines how AI-assisted bot activity has evolved in darknet traffic and demonstrates how modern reconnaissance techniques can evade traditional intrusion detection systems. (arXiv)
2025
- Merit Network Telescope: Processing and Initial Insights from Nearly 20 Years of Darknet Traffic for Cybersecurity Research
S. Ismail, E. Hammad, W. Hatcher, S. Dandan, A. Alomari, M. Spratt
Presents the design and processing pipeline of the Merit Network Telescope and demonstrates how nearly two decades of darknet traffic support large-scale cybersecurity research.
- A Comparative Study of Packet Capture Tools for Reliable Network Telescope Traffic
S. Ismail, E. Hammad, S. Dandan, W. Hatcher, A. Alomari
Evaluates packet capture tools to determine their reliability, performance, and suitability for accurately collecting high-volume network telescope traffic.
- Characterizing Large-Scale Adversarial Activities Through Large-Scale Honey-Nets
T. Haikal, E. Hammad, S. Ismail
Investigates attacker behavior observed across distributed honeynets to characterize large-scale malicious activity and improve cyber threat intelligence.
- Machine Learning for Anomalous Unsolicited Network Traffic Detection by Observing ORION Network Telescopes
S. Ismail, S. Dandan, M. King, 2025
Applies machine learning techniques to identify anomalous unsolicited traffic captured by the ORION Network Telescope, improving automated threat detection.
- Understanding Honeypots: Observing Malicious Activities Over Telnet
S. Ismail, S. Dandan, M. King, 2025
Examines Telnet honeypot data to better understand attacker behavior, common exploitation techniques, and trends in malicious Internet activity.
- Beyond Access and Infrastructure: Evaluating the Impact of Local Contexts on Digital Equity Strategies Through the Lens of the Digital Opportunities Compass
Pierrette Renée Dagg, Megan Knittel, Colin Rhinesmith, Joon Oh, Journal of Information Policy, Volume 15, 2025
Explores how local community conditions influence digital equity planning and demonstrates how the Digital Opportunities Compass framework supports place-based broadband strategies.
- Among the DLTs: Holochain for the Security of IoT Distributed Networks—A Review and Conceptual Framework
S. Ismail, R. Mehannaoui, E.T. Hunde, H. Reza, Sensors, 25(13), 3864, 2025
Reviews Holochain as a distributed ledger technology for IoT networks and proposes a framework for improving decentralized security, scalability, and resilience.
- MBMRF: A Modified Bidirectional IPv6 Multicast Protocol with Mixed Upward and Downward Forwarding for TSCH-Enabled WSANs
E.T. Hunde, S. Ismail, Simulation Modelling Practice and Theory, 103172, 2025
Introduces an enhanced IPv6 multicast routing protocol that improves communication efficiency and packet delivery in TSCH-enabled wireless sensor and actuator networks.
- Intrusion Detection in IoT and IIoT: Comparing Lightweight Machine Learning Techniques Using TON_IoT, WUSTL-IIOT-2021, and EdgeIIoTset Datasets
S. Ismail, S. Dandan, A. Qushou, IEEE Access, 2025
Compares lightweight machine learning algorithms across multiple benchmark datasets to identify effective intrusion detection approaches for IoT and industrial IoT environments.
2024
- Towards An Intelligent Blockchain-Enabled IoMT Framework for Telemedicine
S. Ismail, D.W. Dawoud, S. Dandan, Y. Himeur, IEEE Future Networks World Forum (FNWF), 636-641, 2024
Reviews blockchain-enabled Internet of Medical Things technologies and proposes an intelligent framework to strengthen security, privacy, and trust in telemedicine systems. (ResearchGate)
- Community Labeling and Sharing of Security and Networking Test datasets (CLASSNET)
J. Mirkovic, J. Heidemann, W. Hardaker, P. Kurian, J. Aleem, R. Stovall, S. Ismail, P. Dagg, M. King, December 2024
Develops a community-driven framework for labeling, documenting, and sharing cybersecurity and networking datasets to improve research reproducibility and collaboration.
- Machine Learning for Anomalous Unsolicited Network Traffic Detection by Observing ORION Network Telescopes
S. Ismail, S. Dandan, M. King, P. Dagg, December 2024
Applies machine learning techniques to ORION Network Telescope data to identify anomalous unsolicited traffic and improve automated cyber threat detection.
- A Blockchain-Based Fish Supply Chain Framework for Maintaining Fish Quality and Authenticity
S. Ismail, M. Nouman, H. Reza, F. Vasefi and H. K. Zadeh, October 2024
Proposes a blockchain-enabled supply chain framework that improves seafood traceability, quality assurance, and product authenticity from harvest through distribution.
- A Comparative Study of Lightweight Machine Learning Techniques for Cyber-Attacks Detection in Blockchain-Enabled Industrial Supply Chain
S. Ismail, S. Dandan, D. W. Dawoud and H. Reza, July 2024
Compares lightweight machine learning algorithms for detecting cyberattacks in blockchain-enabled industrial supply chains, balancing detection accuracy with computational efficiency.
- The Horus Project Whitepaper
Muhammad Akhdhor, Shawn McKee, Bob Stovall, Pierrette Renee Dagg, Andrew Keen, Michael Thompson, Rob Thompson, Matthew Lessins, Michael Parks, Wendy Dronen, Shereen Ismail, July 2024
Describes the HORUS cyberinfrastructure initiative, providing scalable computing and data resources that expand research capabilities for underserved institutions.
- Evolving Teacher Education in an AI World
Pierrette Renée Dagg, June 2024
Explores how artificial intelligence is reshaping teacher preparation and identifies strategies for integrating AI into educator training and instructional practice.
- Understanding What Makes Broadband Champions
Pierrette Renée Dagg, February 2024
Examines the leadership qualities, partnerships, and community engagement strategies that enable local broadband champions to successfully advance connectivity initiatives.
- Out of the Box Thinking in Livingston County
Pierrette Renée Dagg, February 2024
Highlights innovative local collaboration and community-driven approaches that accelerated broadband planning and digital opportunity efforts in Livingston County.
2023
- Paying It Forward in Washtenaw County
Pierrette Renée Dagg, December 2023
Examines how local broadband champions helped Washtenaw County organize, fund, and advance countywide high-speed broadband expansion.
- The Multiplier: Connecting to Community to Connect to Networks
Pierrette Renée Dagg, October 2023
Profiles how Eastern Upper Peninsula leadership used education partnerships, local demand, and storytelling to attract broadband investment.
- A Passion for Community Drives Broadband Forward in Holland, Michigan
Pierrette Renée Dagg, August 2023
Highlights how Holland’s broadband leadership helped secure support for a publicly owned, open-access fiber network.
- Building Broadband Momentum in Berrien County
Pierrette Renée Dagg, June 2023
Describes how Berrien County leaders combined planning, resident engagement, and funding opportunities to move broadband expansion forward.
- How to Operate a Meta-Telescope in your Spare Time
Daniel Wagner, Sahil Ranadive, Harm Griffioen, Michalis Kallitsis, Alberto Dainotti, Georgios Smaragdakis, Anja Feldmann, 2023 Internet Measurement Conference (IMC) (IMC 2023), Montreal, Canada, October 2023.
Introduces a novel “meta-telescope” approach that captures unsolicited Internet traffic across unused address space to improve large-scale monitoring of cyber threats and Internet activity.
- Cloud Watching: Understanding Attacks Against Cloud-Hosted Services
Liz Izhikevich, Manda Tran, Michalis Kallitsis, Aurore Fass, Zakir Durumeric, 2023 Internet Measurement Conference (IMC) (IMC 2023), Montreal, Canada, October 2023.
Analyzes cloud honeypot, education network, and telescope data to show how attackers selectively target cloud-hosted services.
- Fingerprinting Obfuscated Proxy Traffic with Encapsulated TLS Handshakes
Diwen Xue, Michalis Kallitsis, Amir Houmansadr, Roya Ensafi, 33rd USENIX Security Symposium (USENIX 2024), Philadelphia, PA, August 2024.
Develops a protocol-agnostic approach for detecting obfuscated proxy traffic by fingerprinting encapsulated TLS handshakes, improving identification of censorship circumvention tools.
- Labeling Network Telescope Data: Challenges and New Directions (Abstract)
Michalis Kallitsis, DINR 2023 (slides)
Describes ORION Network Telescope efforts to annotate darknet activity and apply machine learning to improve threat intelligence.
- Aggressive Internet-Wide Scanners: Network Impact and Longitudinal Characterization
Aniket Anand, Michalis Kallitsis, Jackson Sippe, Alberto Dainotti, To appear at the ACM 19th International Conference on emerging Networking EXperiments and Technologies (ACM CoNext 2023), Paris, France, December 2023.
Characterizes persistent IPv4 scanners using telescope and ISP data, showing their measurable impact on real network infrastructure.
- Report for NSF Workshop on Community Research Infrastructure for Integrated AI-Enabled Malware and Network Data Analytics
Michalis Kallitsis, Forough Ghahramani, Vasant Honavar, Dinghao Wu, and John Yen, April 2023.
Publications and Presentations Archives
2022
- Detecting and Interpreting Changes in Scanning Behavior in Large Network Telescopes by Michalis Kallitsis, Rupesh Prajapati, Vasant Honavar, Dinghao Wu, John Yen, IEEE Transactions on Information Forensics and Security, October 2022.
- OpenVPN is Open to VPN Fingerprinting by Diwen Xue, Reethika Ramesh, and Arham Jain, Michalis Kallitsis, J. Alex Halderman, Jedidiah R. Crandall, Roya Ensafi. 31st USENIX Security Symposium (USENIX Security 22). Distinguished Paper Award Winner and First Prize Winner of the 2022 Internet Defense Prize.
- AMON-SENSS: Scalable and Accurate Detection of Volumetric DDoS Attacks at ISPs, Rajat Tandon, Pithayuth Charnsethikul, Michalis Kallitsis, Jelena Mirkovic, GLOBECOM 2022-2022 IEEE Global Communications Conference.
2021
-
Speeding up post-quantum TLS handshakes by suppressing intermediate CA certificates by Panos Kampanakis, Michael Kallitsis, International Cryptographic Module Conference (ICMC), 2021
-
Collecting, Labeling, and Using Networking Data: the Intersection of AI and Networking by John Heidemann, Jelena Mirkovic, Wes Hardaker and Michalis Kallitsis, NSF Workshop on AI for Networking, Virtual Event, Oct. 2021
-
Shedding Light Into the Darknet: Scanning Characterization and Detection of Temporal Changes by Rupesh Prajapati, Vasant Honavar, Dinghao Wu, John Yen, and Michalis Kallitsis, In Proceedings of the 17th International Conference on emerging Networking EXperiments and Technologies, CoNEXT, 2021. Association for Computing Machinery, New York, NY, USA, 469–470
2020
- Running Refraction Networking for Real by Benjamin VanderSloot, Sergey Frolov, Jack Wampler, Sze Chuen Tan, Irv Simpson, Michalis Kallitsis, J Alex Halderman, Nikita Borisov, Eric Wustrow, Proceedings on Privacy Enhancing Technologies, 2020
2019
- Data-adaptive trimming of the Hill estimator and detection of outliers in the extremes of heavy-tailed data by Shrijita Bhattacharya, Michael Kallitsis, Stilian Stoev The Institute of Mathematical Statistics and the Bernoulli Society 2019
2018
- Detection of False Data Injection Attacks in Smart Grids Based on Forecasts by Michael G Kallitsis, Shrijita Bhattacharya, George Michailidis 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids, October 2018
- A Next Generation Repository for Sharing Sensitive Network and Security Data by Michael Kallitsis University of Michigan Ann Arbor United States, January 2018
2017
- Understanding the Mirai Botnet by Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou, Proc. 26th USENIX Security Symposium (Sec ’17), August 2017
- An ISP-Scale Deployment of TapDance by Sergey Frolov, Fred Douglas, Will Scott, Allison McDonald, Benjamin VanderSloot, Rod Hynes, Adam Kruger, Michalis Kallitsis, David Robinson, Nikita Borisov, J. Alex Halderman, and Eric Wustrow Proc. 7th USENIX Workshop on Free and Open Communications on the Internet (FOCI ’17), August 2017
- Using Cyber-Security Exercises to Study Adversarial Intrusion Chains, Decision-Making, and Group Dynamics by Rege, A., Adams, J., et. al., in the Proceedings of the 16th European Conference on Cyber Warfare and Security, University College Dublin, IE, 29-30 June 2017.
- Diagnosing False Data Injection Attacks in the Smart Grid: a Practical Framework for Home-area Networks by Adrian Padin, Yeabsera Kebede, Maxwell Morgan, Davis Vorva, Atman Fozdar, Richard Kalvaitis, Nikolas Remley, Samir Tout, Michael Kallitsis, accepted at the 1st EAI International Conference on Smart Grid Assisted Internet of Things, July 2017.
2016
- Adaptive Statistical Detection of False Data Injection Attacks in Smart Grids by M. G. Kallitsis, S. Bhattacharya, S. A. Stoev, and G. Michailidis, published at the 2016 IEEE Global Conference on Signal and Information Processing, Washington, DC, December 2016.
- AMON: An Open Source Architecture for Online Monitoring, Statistical Analysis and Forensics of Multi-gigabit Streams by Michael Kallitsis, Stilian Stoev, Shrijita Bhattacharya, George Michailidis. Merit Technical Report (Merit-TR-2016-01), March 2016.
- AMON: An Open Source Architecture for Online Monitoring, Statistical Analysis and Forensics of Multi-gigabit Streams (presentation slides) Presented by Abhishek Balaji Radhakrishnan. ACM Internet Measurement Conference 2016, Work-in-Progress, Tools, and Datasets (WIP) session, Santa Monica, California, November 2016.
- AMON: An Open Source Architecture for Online Monitoring, Statistical Analysis and Forensics of Multi-gigabit Streams by Michael Kallitsis, Stilian Stoev, Shrijita Bhattacharya, George Michailidis. in IEEE Journal on Selected Areas in Communications, vol. 34, no. 6, pp. 1834-1848, June 2016. doi: 10.1109/JSAC.2016.2558958
AMON’s source code is on github
2015
- Leveraging Internet Background Radiation for Opportunistic Network Analysis Presented by K. Benson, A. Dainotti, K. Claffy, A. Snoeren, and M. Kallitsis. Internet Measurement Conference (IMC), October 2015.
- Correlative Monitoring for Detection of False Data Injection Attacks in Smart Grids By Michael Kallitsis, George Michailidis and Samir Tout. Appearing in IEEE SmartGridComm 2015, Miami, Florida, November 2015.
- Correlative Monitoring for Detection of False Data Injection Attacks in Smart Grids Presentation Presented by Michael Kallitsis, George Michailidis and Samir Tout. IEEE SmartGridComm 2015, Miami, Florida, November 2015.
2014
- Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks By Jakub Czyz, Michael Kallitsis, Manish Karir, Manaf Gharaibeh, Christos Papadopoulos, Michael Bailey. Published in IMC ’14 Proceedings of the 2014 Conference on Internet Measurement Conference, November 2014.
2013
- Estimating Internet Address Space Usage through Passive Measurements By Alberto Dainotti, Karyn Benson, Alistair King, Michael Kallitsis, Eduard Glatz, Xenofontas Dimitropoulos. Published in ACM SIGCOMM Computer Communication Review, December 31, 2013.
- Understanding IPv6 Internet Background Radiation By Jakub Czyz, Kyle Lady, Sam Miller, Michael Bailey, Michael Kallitsis, and Manish Karir. In Proceedings of the 13th ACM SIGCOMM Conference on Internet Measurement (IMC ’13), Barcelona, Spain, October 2013.
- IPv6 Pollution Traffic Analysis Presented by Manish Karir, Jake Czyz, Kyle Lady, Sam Miller, Michael Kallitsis, Michael Bailey. Presented at RIPE66, Dublin, Ireland, May 2013.
2011
- The Reputation of Networks: RIPE Region; ARIN Region; LACNIC Region Presented by Manish Karir and Kyle Creyts. RIPE 63, NANOG53, LACNIC2011 in October 2011.
- ARMD Statistics By Manish Karir and Jim Rees. IETF 81, Quebec City, Canada, July 2011.
- ARP Traffic Study Presented by Jim Rees and Manish Karir. NANOG52, Colorado, June 2011.
- Towards Network Reputation – Analyzing the Makeup of RBLs Presented by Manish Karir, Kyle Creyts, Nathan Mentley. NANOG52, Colorado, June 2011.
- Internet Routing Registry Presented by Larry Blunk. NANOG51, Miami, February 2011.
- Internet Pollution – Part 2 Presented by Scott Walls and Manish Karir. NANOG51, Miami, February 2011.
- Doing More with Less: End-to-End Consistent IPv4 Address Sharing By Manish Karir, Eric Wustrow, and Jim Rees. Poster Paper in Proceedings of IFIP/IEEE International Symposium on Integrated Network Management, Dublin, Ireland, May 2011.
2010
- Internet Background Radiation Revisited By Eric Wustrow, Manish Karir, Michael Bailey, Farnam Jahanian, and Geoff Houston. In Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC ’10), Melbourne, Australia, November 2010.
- Regional Botnet Detection By Jake Czyz and Manish Karir, Merit Network; Micheal Bailey, University of Michigan; Dave Dittrich, APL – University of Washington; Michael K. Hamilton, City of Seattle. Presented at NANOG49 Security BOF, San Francisco, June 2010.
- 1.0.0.0/8 By Manish Karir and Eric Wustrow, Merit Network; George Michaelson and Geoff Huston, APNIC; Micheal Bailey and Farnam Jahanian, University of Michigan. Presented at NANOG49, San Francisco, June 2010.
- An ARP Based Approach for Port Scavenging and IPv4 Address Sharing By Manish Karir, Eric Wustrow, and James Rees. Merit Technical Report, April 2010.
2009
- BGPBotz: IM Based Route View Bot By Eric Wustrow and Manish Karir. Presentation at North American Network Operators Group (NANOG 47), Dearborn, MI, October 2009.
- PE-ARP: Port Enhanced ARP for IPv4 Address Sharing By Manish Karir, Eric Wustrow, and Jim Rees. Presentation at North American Network Operators Group (NANOG 47), Dearborn, MI, October 2009.
- A Survey of Botnet Technology and Defenses By Michael D. Bailey, Evan Cooke, Farnam Jahanian, Yunjing Xu, and Manish Karir.. In Proceedings of the Cybersecurity Applications & Technology Conference For Homeland Security (CATCH ’09), Washington, District of Columbia, March 2009.
2008
- Improving the Accuracy of Routing Registry Data By Manish Karir, Larry Blunk, Todd White, Kevin Chan, and Pat Pannuto. Presentation at North American Network Operators Group (NANOG 44), Los Angeles, CA, October 2008.
2007
- Characterizing Dark DNS Behavior By Jonathan Oberheide, Manish Karir, and Z. Morley Mao. Presented at the 4th International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA), July 2007.
2006
- Honeyd Detection via Packet Fragmentation By Jon Oberheide and Manish Karir. Merit Technical Report, January 2006.
- Analyzing BGP ASPATH Behavior in the Internet By Dionysus Blazakis, Manish Karir, and John S. Baras. Presented at the 9th IEEE Global Internet Symposium, April 2006.
- BGP-Inspect: Extracting Information from Raw BGP Data By Dionysus Blazakis, Manish Karir, and John S. Baras. Presented at the IEEE/IFIP Network Operations & Management Symposium (NOMS), April 2006.
- Flamingo: Visualizing Internet Traffic By Jon Oberheide, Michael Goff, and Manish Karir. Presented at the EEE/IFIP Network Operations & Management Symposium (NOMS), April 2006.
- Extracting Information from Network Data By Manish Karir. Presented at the IFIP Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks, June 2006.
- VAST: Visualizing Autonomous System Topology By Jon Oberheide, Manish Karir, and Dionysus Blazakis. Presented at the ACM 3rd International Workshop on Visualization for Computer Security(VizSEC,) Nov 2006.
2005
- New BGP Analysis Tools and a Look at the AS9121 Incident By Larry Blunk and Manish Karir. Presented at the Internet Engineering and Planning Group (IEPG) – 62nd IETF, Minneapolis, March 2005.
- Internet Hardening via Routing Registries By Larry Blunk and Manish Karir. Merit Technical Report, April 2005.
- Tools and Techniques for the Analysis of Large Scale BGP Datasets By Dionysus Blazakis, Manish Karir, and John S. Baras. Presented at the North American Network Operators Group (NANOG-34), Seattle, May 2005.
- The BGP-Inspect Project By Manish Karir, Jon Oberheide, Dionysus Blazakis, John Baras. Presented at the North American Network Operators Group (NANOG-35), Los Angeles, October 2005.
2004
- RPSLng Status Update By Larry Blunk. Presented at the North American Network Operators Group (NANOG), Reston, VA, October 2004.
- ATEMU: A Fine-grained Sensor Network Simulator By Manish Karir. Presented at First IEEE International Conference on Sensor and Ad Hoc Communication Networks, (SECON’04), Santa Clara, CA, October 2004.
- Inter-domain Routing Security and the Role of Internet Routing Registries By Larry Blunk. Presented at the Internet Engineering and Planning Group (IEPG), San Diego, August 2004.
- Towards a Cohesive Internet Routing Registry System By Larry Blunk. Presented at the Inter-domain Routing Workshop (IDRWS ’04), Amsterdam, May 2004.
- Lambda Grid, Grid Computing and AAA By John Vollbrecht. Merit Techical Report, April 2004.
- Predicting Bandwidth Demand and Network Planning Implications on the Internet By Mary Eileen McLaughlin and Jim Moran. March 2004.