diff --git a/README.md b/README.md
index e8da0be..1f851c2 100644
--- a/README.md
+++ b/README.md
@@ -258,6 +258,7 @@
 - A Comprehensive Approach to Intrusion Detection Alert Correlation ([Paper](https://www.cs.ucsb.edu/~vigna/publications/2004_valeur_vigna_kruegel_kemmerer_TDSC_Correlation.pdf), [Dissertation](http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.115.8310&rep=rep1&type=pdf))
 - [On Botnets that use DNS for Command and Control](http://www.few.vu.nl/~herbertb/papers/feederbot_ec2nd11.pdf)
 - [Intelligent, Automated Red Team Emulation](https://dl.acm.org/citation.cfm?id=2991111)
+- [Machine Learning for Encrypted Malware Traffic Classification](https://dl.acm.org/doi/pdf/10.1145/3097983.3098163)
 
 #### Blogs