Charles V Wright

Department of Computer Science
Johns Hopkins University
3400 N. Charles
Baltimore, MD 21218
cwright cs jhu edu


I recently finished my PhD in the Department of Computer Science at the Johns Hopkins University.  I worked in the Security and Privacy Applied Research Lab at the Hopkins Information Security Institute. I had a lot of good times working on interesting projects with my fellow students Lucas Ballard and Scott Coull and with our professors Fabian Monrose and Gerald Masson.

Starting late summer 2008, I'll be joining the Technical Staff at MIT Lincoln Laboratory.


My dissertation research focused on applying Machine Learning techniques to infer "hidden" information from encrypted network traffic based on observable patterns in packet size and timing of various protocols. We initially had some success in performing traffic classification (ie, "which application generated this TCP connection?"), in the scenario where the contents of the connection are protected by a cryptographic protocol like SSL or TLS. We later expanded the focus of this work to include traffic that's encrypted lower in the protocol stack (at the network layer or below), as well as focusing on specific applications (ie VoIP) that can leak information about the traffic they carry. Somewhat to our surprise, our work on analysis of encrypted VoIP has received a bit of attention from the press, with mentions on Slashdot and the MIT Technology Review.

Along the way, we've developed some new techniques for visualizing network traffic based on the same extremely lean data used in our machine learning approaches. Despite the relative simplicity of the ideas behind these graphs, they make for some stunning images which also clearly illustrate the differences between common application protocols.

I've also been involved in an ongoing effort to assess the threat posed by similar inference techniques to anonymized network traces.


  • C.V. Wright, L. Ballard, S.E. Coull, F. Monrose, and G.M. Masson. Spot Me if You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations. In Proceedings of the 2008 IEEE Symposium on Security and Privacy, May 2008.

  • S.E. Coull, C.V. Wright, A.D. Keromytis, F. Monrose, and M.K. Reiter. Taming the Devil: Techniques for Evaluating Anonymized Network Data. In Proceedings of the 15th Annual Network & Distributed System Security Symposium, February 2008.

  • C.V. Wright, L. Ballard, F. Monrose, and G.M. Masson. Language Identification of Encrypted VoIP Traffic: Alejandra y Roberto or Alice and Bob? In Proceedings of the 16th Annual USENIX Security Symposium, August 2007.

  • S.E. Coull, M.P. Collins, C.V. Wright, F. Monrose, and M.K. Reiter. On Web Browsing Privacy in Anonymized NetFlows. In Proceedings of the 16th Annual USENIX Security Symposium, August 2007.

  • S.E. Coull, C.V. Wright, F. Monrose, M.P. Collins, and M.K. Reiter. Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Network Traces. In Proceedings of the 14th Annual Network and Distributed System Security Symposium, February 2007.

  • C.V. Wright, F. Monrose, and G.M. Masson. On Inferring Application Protocol Behaviors in Encrypted Network Traffic. Journal of Machine Learning Research Special Topic on Machine Learning for Computer Security. Volume 7, December 2006.

  • C.V. Wright, F. Monrose, and G.M. Masson. Using Visual Motifs to Classify Encrypted Traffic . In Proceedings of the 3rd International Workshop on Visualization for Computer Security (VizSEC'06) , November 2006. (slides)

  • C. Wright, F. Monrose, and G. Masson. HMM Profiles for Network Traffic Classification (Extended Abstract) . In Proceedings of the Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC) , October 2004. (slides)


    C.V. Wright, F. Monrose, and G.M. Masson. Toward Better Protocol Identification using Profile HMMs . JHU Technical Report JHU-SPAR051201, June 2005.

    Professional Service

    Paper Review Committee, Annual Computer Security Applications Conference 2006

    External Reviewer for:
  • ACM Transactions on Information and System Security (2007)
  • IEEE Symposium on Security & Privacy (2007, 2008)
  • Network & Distributed System Security Symposium (2006-08)
  • USENIX Security Symposium (2005-07)