Dr Sebastian Zander
PhD; Dipl.-Ing. (Technical Informatics)


About me

I am a Lecturer and the Academic Chair for the Cyber Security and Forensics Major in the School of Engineering and Information Technology. I’m also an Adjunct Research Fellow at Swinburne University. Previously, I was a Research Fellow and Lecturer at Swinburne University of Technology, Melbourne.

I teach undergrad and postgrad students and conduct research in the areas of network measurement / network data analysis, network security (e.g. covert channels), security mechanisms for the Internet of Things (IoT), IPv4 to IPv6 transition, machine learning network traffic classification, transport mechanisms (TCP performance, Less-than-best-effort TCP) and Software Defined Networks (SDN).

I’m looking for Master/PhD students. Please contact me, if you are interested in one of the research topics I’m currently working on.

Teaching area

I currently teach:

  • ICT169 – Foundations of Data Communications
  • ICT546 – Local Area Network Design and Implementation

These undergraduate and postgraduate units aims to give an understanding of data communications principles and protocols. It covers the different layers of the network stack according to the ISO OSI model, different network technologies (e.g. wireless, Ethernet), IPv6/NAT, routing and Internet security. It also introduces students to data communication devices, their roles and basic configuration.

  • ICT287 – Computer Security
This aim of this undergraduate unit is for students to learn about computer security. The focus is on applied aspects of securing a system and ethical hacking. It covers: security models, security vulnerabilities, cryptography, authentication&authorisation, network security, web security, covert channels and human factors in security.

In the past I also taught:

  • ICT623 – Networking Group Project
This aim of this postgraduate unit is for students to work in teams to undertake a real world information technology networking project, applying the skills and knowledge developed during their degree. The unit emphasises participation in a practical development project and disciplined management.

Research areas

My research covers various topics in the area of computer networks. My research is mainly applied and experimental research, so I use experimental testbeds and running code to test and evaluate new mechanisms. Currently, I am working on the following topics:

  • Covert Channels (Network Steganography)
    • Countermeasures against covert channels
    • New types of covert channels
  • Network security (SSL/TLS vulnerabilities, Pfishing, …)
  • Transport protocol performance
    • TCP performance measurements and improvements
    • Less-than-best-effort (LBE) TCP
  • Network traffic classification using Machine Learning
  • IPv4 to IPv6 transition
  • Authentication, Authorization & Accounting systems and architectures
  • Security and AAA for the Internet of Things (IoT)
In the past I have also done some research into:
  • Multiplayer network game traffic characterization
  • Network Quality of Service measurement techniques

Current projects

I have worked on a number of software projects relevant to my research and some of these are still under active development:

  • NetMate (Network Measurement and Accounting Meter) is a tool for measuring network traffic generating various statistics based on the traffic for AI-based network traffic classification (http://sourceforge.net/projects/netmate-meter/).
  • KUTE (Kernel-based UDP Traffic Engine) is a tool for high-speed generation of UDP packets from within the Linux kernel (http://caia.swin.edu.au/genius/tools/kute/).
  • CCHEF (Covert CHannels Evaluation Framework) creates network covert channels for evaluating the properties of these channels or using them as input for the evaluation of detection methods (https://sourceforge.net/projects/cchef/).
  • DIFFUSE (DIstributed Firewall and Flow-shaper Using Statistical Evidence) is an extension of FreeBSD’s IPFW to classify network traffic based on statistical properties (http://caia.swin.edu.au/urp/diffuse/).
  • SPING (Scalable Ping) is a high-speed pinging tool designed to ping large address ranges, e.g. the whole IPv4 Internet, and it also collects DNS information for the probed range (http://caia.swin.edu.au/mapping/tools.html).
  • TEACUP (TCP Experiment Automation Controlled Using Python) is a framework for automating TCP performance tests in experimental testbeds (https://sourceforge.net/projects/teacup/).
  • SPP (Synthetic Packet Pairs) is a tool for passively measuring round trip time of network packets observed which does not require accurate time synchronisation and works with TCP and UDP (https://bitbucket.org/caia-swin/spp).
  • SeFaSI (Secure Fast Set Intersection) is a tool that allows multiple parties to securely compute the set intersection cardinality of datasets while keeping the data items private (http://caia.swin.edu.au/mapping/sefasi/).
  • BroCCaDe (Bro Covert Channels Detection Framework) is an extension for the Bro IDS which implements several metrics and a decision tree classifier for the detection of covert channels (https://github.com/BroCCaDe/BroCCaDe).

Awards and grants


Murdoch University, School of Engineering and Information Technology, AJ Parker Award for Outstanding Early Career Researcher (2017)

Best paper award at IFIP Networking 2017 for the paper “Alternative Backoff: Achieving Low Latency and High Throughput with ECN and AQM”



Automated Application Quality of Service Using Software Defined Networks”, Murdoch University School of Engineering and IT Research Startup Grant ($20,000).The project’s aim is to build and evaluate a unified, practical solution for automated application Quality of Service (QoS) based on software defined networks (SDNs). A short description of the testbed is here: http://www.it.murdoch.edu.au/nsrg/research-lab.html


“Surveying the State of IPv6 Deployment in Australia and China”, APNIC Internet Operations Research Grant managed by ISIF Asia ($25,000). The project will investigate the state of deployment of IPv6, the Internet’s next generation core protocol, in organisations in Australia and China. For more information and results visit the home page of the project: http://www.it.murdoch.edu.au/nsrg/ipv6_deployment_survey/introduction.html


“Adding Covert Channel Detection to an Open Source Intrusion Detection System (IDS)”, Comcast Tech Fund Open Source Grant (US$50,000=AU$65,500). The project will develop practical mechanisms for the detection of covert channels, integrate the mechanisms into an open source IDS tool and evaluate the efficiency of the implemented solution. For more information and results visit the home page of the project: http://www.it.murdoch.edu.au/nsrg/cc_detection_ids/introduction.html













Events and speaking engagements

  • S. Zander, “My Journey in Computer Science”, ConocoPhillips Science Experience Dec 2016.
  • Interview with ABC news regarding the Jim’s group cyber attacks, Nov 2016, http://www.abc.net.au/news/2016-11-23/jim’s-group-customers-targeted-by-internet-scam/8051198
  • Interview with The NewDaily on the Apple source code leak, Feb 2018, https://thenewdaily.com.au/life/tech/2018/02/09/apple-source-code-leak-risk/

Professional and community service

I am a member of the program committee of the following conferences/workshops:

  • Local Computer Networks (LCN)
  • Workshop on Network Measurements (WNM)
  • International Workshop on Cyber Crime (IWCC)
  • Interactive Entertainment (IE)

I regularly review papers for several IEEE and ACM journals, such as IEEE Transactions of Networking, IEEE Transactions on Information Forensics and Security, Elsevier Computer Networks, ACM Sigcomm CCR.

I was the Treasurer of the IEEE Western Australia Section (2016-2017) and I’m currently the web and e-notice master of the IEEE Western Australia Section (2018).

Since 2017 I’m a member of the School for Engineering and IT’s board and a member of Murdoch University’s research committee.

Doctoral and masters supervisions

Current Students

  • Kevin Ong (PhD), Topic: TCP Congestion Control
  • Eliza Singh (RMT), Topic: Network Security
  • Alan Thompson (RMT), Topic: Systems Engineering of Blockchain Systems

I’m looking for Master/PhD students. Please contact me, if you are interested in one of the research topics I’m currently working on.



  • Mazurczyk, W., Wendzel, S., Zander, S., Houmansadr, A., Szczpiorski, K., (2016),Information Hiding in Communication Networks: Fundamentals, Mechanisms, Applications, and Countermeasures,John Wiley & Sons, Inc..


  • Zander, S., Andrew, L., Armitage, G., (2017), Collaborative and privacy-preserving estimation of IP address space utilisation, Computer Networks, 119, 2017, pages 56 - 70.
  • Wendzel, S., Mazurczyk, W., Zander, S., (2016), Unified Description for Network Information Hiding Methods, Journal of Universal Computer Science, 22, 11, pages 1456 - 1486.


  • Ong, K., Zander, S., Murray, D., McGill, T., (2017),Experimental Evaluation of Less-Than-Best-Effort TCP Congestion Control Mechanisms,In: IEEE Local Computer Networks (LCN).
  • Zander, S., Murray, D., (2017),Share or Not: Investigating the Presence of Large-Scale Address Sharing in the Internet,In: IEEE Local Computer Networks (LCN).
  • Zander, S., (2017),Detecting Covert Channels in FPS Online Games,In: IEEE Local Computer Networks (LCN).
  • Khademi, N., Armitage, G., Welzl, M., Zander, S., Fairhurst, G., Ros, D., (2017),Alternative Backoff: Achieving Low Latency and High Throughput with ECN and AQM,In: IFIP Networking.
Accepted papers
  • S. Zander, X. Wang, Are We There Yet? IPv6 in Australia and China, (to appear) ACM Transactions on Internet Technology (TOIT) 18, 3, March 2018.
  • X. Wang, S. Zander, Extending the model of internet standards adoption: A cross-country comparison of IPv6 adoption, (to appear) Elsevier Information & Management, https://www.sciencedirect.com/science/article/pii/S0378720616304487
  • D. E. Murray, T. Koziniec, S. Zander, M. Dixon, P. Koutsakis,  An Analysis of Changing Enterprise Network Traffic Characteristics, 23rd Asia-Pacific Conference on Communications (APCC), December 2017.
  • K. Ong, S. Zander, D. Murray, T. McGill, Experimental Evaluation of Less-than-Best-Effort TCP over 802.11 Wireless Networks, 23rd Asia-Pacific Conference on Communications (APCC), December 2017.
Publications prior to Murdoch
Journal Papers
  1. S. Wendzel, S. Zander, B. Fechner, C. Herdin, “ A Pattern-based Survey and Categorization of Network Covert Channel Techniques”, ACM Computing Surveys, volume 47, issue 3, 2015. (arXiv version)
  2. T. T. T. Nguyen, G. Armitage, P. Branch, S. Zander, “ Timely and Continuous Machine-Learning-Based Classification for Interactive IP Traffic“, IEEE/ACM Transactions on Networking, volume 20, issue 6, pages 1880-1894, December 2012.
  3. S. Zander, L. L. H. Andrew, G. Armitage, G. Huston, G. Michaelson, “ Investigating the IPv6 Teredo Tunnelling Capability and Performance of Internet Clients“, SIGCOMM CCR, volume 42, issue 5, pages 13–20, October 2012.
  4. S. Zander, P. Branch, G. Armitage, “Capacity of Temperature-based Covert Channels“, IEEE Communications Letters, vol. 15, no. 1, pp. 82-84, January 2011.
  5. S. Zander, G. Armitage, P. Branch, “Covert Channels and Countermeasures in Computer Network Protocols“,  (invited)  IEEE Communications Magazine, vol. 45, no. 12, pp. 136-142, December 2007.
  6. S. Zander, G. Armitage, P. Branch, “A Survey of Covert Channels and Countermeasures in Computer Network Protocols“, IEEE Communications Surveys and Tutorials, vol. 9, no. 3, pp. 44-57, October 2007.
  7. N. Williams, S. Zander, G. Armitage, “A Preliminary Performance Comparison of Five Machine Learning Algorithms for Practical IP Traffic Flow Classification“, SIGCOMM Computer Communication Review, Volume 36, October 2006.
  8. J. Jähnert, J. Zhou, R. L. Aguiar, V. Marques, M. Wetterwald, E. Melin, J. I. Moreno, A. Cuevas, M. Liebsch, R. Schmitz, P. Pacyna, T. Melia, P. Kurtansky, Hasan, D. Singh, S. Zander, H. J. Einsiedler, B. Stiller, “The ‘pure-IP’ Moby Dick 4G architecture“, Computer Communications 28(9), pp. 1014-1027, Elsevier, June 2005.
  9. J. Tiemann, S. Zander, M. Jonas, “Gigamedia – Film + Video im Netz“, DFN Journal, Heft 54, November 2000.
Internationally Reviewed Conference Papers
  1. S. Zander, L. L. H. Andrew, G. Armitage, “ Capturing Ghosts: Predicting the Used IPv4 Space by Inferring Unobserved Addresses”, Internet Measurement Conference (IMC), Vancouver, Canada, November 2014.
  2. S. Zander, L. L. H. Andrew, G. Armitage, G. Huston, “ Estimating IPv4 Address Space Usage with Capture-Recapture“, 7th IEEE Workshop on Network Measurements in conjunction with the 38th IEEE Conference on Local Computer Networks (LCN), Sydney, Australia, October 2013.
  3. S. Zander, G. Armitage, “ Minimally-Intrusive Frequent Round Trip Time Measurements Using Synthetic Packet-Pairs”, (short paper) 38th IEEE Conference on Local Computer Networks (LCN), Sydney, Australia, October 2013.
  4. S. Zander, L. L. H. Andrew, G. Armitage, “ Estimating the Used IPv4 Address Space with Secure Multi-Party Capture-recapture“, (poster) IEEE INFOCOM, Turin, Italy, April 2013.
  5. S. Zander, L. L. H. Andrew, G. Armitage, G. Huston, G. Michaelson, “ Mitigating Sampling Error when Measuring Internet Client IPv6 Capabilities“, Internet Measurement Conference (IMC), Boston, USA, November 2012. (best paper candidate)
  6. S. Zander, T. T. T. Nguyen, G. Armitage, “ Sub-flow Packet Sampling for Scalable ML Classification of Interactive Traffic“,  37th Annual IEEE Conference on Local Computer Networks (LCN), Clearwater, Florida, USA, October 2012.
  7. S. Wendzel, S. Zander, “ Detecting Protocol Switching Covert Channels“,  (poster) 37th Annual IEEE Conference on Local Computer Networks (LCN), Clearwater, Florida, USA, October 2012.
  8. S. Zander, G. Armitage, “Practical Machine Learning Based Multimedia Traffic Classification for Distributed QoS Management“,  36th Annual IEEE Conference on Local Computer Networks (LCN), Bonn, Germany, October 2011.
  9. S. Zander, G. Armitage, P. Branch, “Stealthier Inter-packet Timing Covert Channels“, IFIP Networking, Valencia, Spain, 9-13 May 2011.
  10. S. Zander, G. Armitage, P. Branch, “Reliable Transmission Over Covert Channels in First Person Shooter Multiplayer Games“, 34th Annual IEEE Conference on Local Computer Networks (LCN), Zurich, Switzerland, 20-23 October 2009.
  11. S. Zander, G. Armitage, P. Branch, “Covert Channels in Multiplayer First Person Shooter Online Games“, 33rd Annual IEEE Conference on Local Computer Networks (LCN), Montreal, Canada, 14-17 October 2008.
  12. S. Zander, S. Murdoch, “An Improved Clock-skew Measurement Technique for Revealing Hidden Services“,  17th Usenix Security Symposium, San Jose, USA, July/August 2008.
  13. S. Zander, G.Armitage, P.Branch,  “An Empirical Evaluation of IP Time To Live Covert Channels“, 15th IEEE International Conference on Networks (ICON2007),  Adelaide, Australia, 19-21 November 2007.
  14. S. Zander, P.Branch, G.Armitage, “Error Probability Analysis of IP Time To Live Covert Channels“, IEEE 7th International Symposium on Communications and Information Technologies (ISCIT 2007), Sydney, Australia, October 16-19, 2007.
  15. S. Zander, G. Armitage, P. Branch, ”Covert Channels in the IP Time To Live Field“, Australian Telecommunication Networks and Application Conference (ATNAC 2006), Melbourne, Australia, 4-6 December 2006.
  16. G. Armitage, C. Javier, S. Zander, ”Topological Optimisation for Online First Person Shooter Game Server Discovery“, (poster) Australian Telecommunication Networks and Application Conference (ATNAC 2006), Melbourne, Australia, 4-6 December 2006.
  17. J. But, N. Williams, S. Zander, L. Stewart, G. Armitage, “ANGEL – Automated Network Games Enhancement Layer”, NetGames 2006, Singapore, November 2006.
  18. G. Armitage, C. Javier, S. Zander, ”Post-game Estimation of Game Client RTT and Hop Count Distributions”, (poster) NetGames 2006, Singapore, November 2006.
  19. S. Zander, N. Williams, G. Armitage, “Internet Archeology: Estimating Individual Application Trends in Incomplete Historic Traffic Traces“, (poster)  Passive and Active Measurement Workshop (PAM 2006),  Adelaide, Australia, March 30 – 31, 2006.
  20. L. Stewart, G. Armitage, P. Branch, S. Zander, “An Architecture for Automated Network Control of QoS over Consumer  Broadband Links”, (poster)  IEEE Tencon 2005, Melbourne, Australia, 21-24 November 2005.
  21. S. Zander, T.T.T. Nguyen, G. Armitage, “Automated Traffic Classification and Application  Identification using Machine Learning“, Proc. IEEE 30th Conference on Local Computer Networks (LCN 2005), Sydney, Australia, 15-17 November 2005.
  22. S. Zander, D. Kennedy, G. Armitage, “Dissecting Server-Discovery Traffic Patterns Generated By Multiplayer First Person Shooter Games“, NetGames 2005, New York, USA, 10-11 October 2005.
  23. S.Zander, I.Leeder, G.Armitage, “Achieving Fairness in Multiplayer Network Games through Automated Latency Balancing“, ACM SIGCHI International Conference on Advances in Computer Entertainment Technology (ACE 2005), Valencia, Spain, June 2005.
  24. S. Zander, G. Armitage, “A Traffic Model for the XBOX Game Halo 2“, 15th ACM International Workshop on Network and Operating System Support for DIgital Audio and Video (NOSSDAV 2005), Washington (USA), June 2005.
  25. S. Zander, T. Nguyen, G. Armitage, “Self-learning IP Traffic Classification based on Statistical Flow Characteristics“, (poster) Passive Active Measurement Workshop (PAM 2005), Boston, USA, March/April 2005.
  26. S. Zander, G. Armitage, “Empirically Measuring the QoS Sensitivity of Interactive Online Game Players“, Australian Telecommunications Networks & Applications Conference 2004  (ATNAC 2004), Sydney, Australia December 8-10 2004.
  27. P. Kurtansky, Hasan, D. Singh, S. Zander, A. Cuevas, J. Jähnert, J. Zhou, B. Stiller, “Extensions of AAA for Future IP Networks“, IEEE Wireless Communications and Networking Conference (WCNC 2004), Atlanta, USA, March 2004.
  28. S. Zander, G. Armitage, C. Malcolm, “Dynamics and Cachability of Web Sites: Implications for Inverted Capacity Networks“, IEEE International Conference on Networks (ICON 2003), Sydney, Australia, September/October 2003.
  29. S. Zander, G. Carle, “High Quality IP Video Streaming with Adaptive Packet Marking“, International Workshop on Quality of Future Internet Services (Qofis) 2002, Zürich, Switzerland, October 2002.
  30. Hasan, D. Singh, S. Zander, M. Kuhlbach, J. Jaehnert, B. Stiller, “The Design of an Extended AAAC Architecture“, IST Mobile & Wireless Telecommunications Summit 2002, Thessaloniki, Greece, June 2002.
  31. J. Quittek, T. Zseby, G. Carle, S. Zander, “Traffic Flow Measurements within IP Networks: Requirements, Technologies, and Standardization“, IEEE SAINT Symposium on Applications and the Internet Workshops (SAINT 2002 Workshops), Nara City, Nara, Japan, January/February, 2002.
  32. G. Carle, H. Sanneck, S. Zander, L. Le, “Deploying an Active Voice Application on a Three-Level Active Network Node Architecture“, International Working Conference On Active Networks (IWAN 2001), Philadelphia, USA, September/October 2001.
  33. M. Berg, C. Huck, R. Schaefer, J. Tiemann, S. Zander, “Kooperative Postproduktion von Film und Video in High-Speed Netzwerken”, ITG/FKTG-Fachtagung Elektronische Medien: Technologien, Systeme, Anwendungen, Dortmund, Germany, September 2001.
  34. Hasan, J. Jähnert, S. Zander, B. Stiller, “Authentication, Authorization, Accounting and Charging for the Mobile Internet“, IST Mobile Communications Summit, Barcelona, Spain, September 2001.
  35. T. Zseby, S. Zander, G. Carle, “Evaluation of Building Blocks for Passive One-way-delay Measurements“, (poster) Passive Active Measurement Workshop (PAM 2001), Amsterdam, Netherlands, April 2001.
  36. G. Carle, S. Zander, T. Zseby, “Policy-basiertes Metering für IP Netze“, Kommunikation in Verteilten Systemen (KiVS), Hamburg, Germany, February 2001.
  1. J. Quittek, B. Claise, T. Zseby, S. Zander, “Requirements for IP Flow Information Export”, Informational RFC, RFC 3917, October 2004.
  2. G. Carle, S. Zander, T. Zseby, “Policy-based Accounting“, Experimental RFC, RFC 3334, October 2002.