{"id":"https://openalex.org/W4385444612","doi":"https://doi.org/10.1109/tifs.2023.3300521","title":"CBSeq: A Channel-Level Behavior Sequence for Encrypted Malware Traffic Detection","display_name":"CBSeq: A Channel-Level Behavior Sequence for Encrypted Malware Traffic Detection","publication_year":2023,"publication_date":"2023-01-01","ids":{"openalex":"https://openalex.org/W4385444612","doi":"https://doi.org/10.1109/tifs.2023.3300521"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2023.3300521","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3300521","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022355020","display_name":"Susu Cui","orcid":"https://orcid.org/0000-0001-5249-5699"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Susu Cui","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054446049","display_name":"Cong Dong","orcid":"https://orcid.org/0000-0001-7581-7160"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cong Dong","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047030842","display_name":"Meng Shen","orcid":"https://orcid.org/0000-0002-1867-0972"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Meng Shen","raw_affiliation_strings":["School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyberspace Science and Technology, Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5031905258","display_name":"Yuling Liu","orcid":"https://orcid.org/0000-0002-2740-9362"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuling Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102920589","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0002-7185-990X"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5012305916","display_name":"Zhigang L\u00fc","orcid":"https://orcid.org/0000-0001-5102-6217"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5022355020"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":8.9495,"has_fulltext":false,"cited_by_count":45,"citation_normalized_percentile":{"value":0.98267189,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"18","issue":null,"first_page":"5011","last_page":"5025"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8343944549560547},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8097186088562012},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5271275639533997},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5242552757263184},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5091258883476257},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.4744863510131836},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.45451802015304565},{"id":"https://openalex.org/keywords/traffic-classification","display_name":"Traffic classification","score":0.42946210503578186},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.38765525817871094},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.28159600496292114}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8343944549560547},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8097186088562012},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5271275639533997},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5242552757263184},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5091258883476257},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.4744863510131836},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.45451802015304565},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.42946210503578186},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.38765525817871094},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28159600496292114},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2023.3300521","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2023.3300521","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.5799999833106995,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3390532264","display_name":null,"funder_award_id":"XDC02040100","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G3505716934","display_name":null,"funder_award_id":"Z201100006820006","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"},{"id":"https://openalex.org/G3511899757","display_name":null,"funder_award_id":"2021YFB3101400","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G4500761528","display_name":null,"funder_award_id":"L222098","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"},{"id":"https://openalex.org/G5019637111","display_name":null,"funder_award_id":"61902376","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5871401038","display_name":null,"funder_award_id":"M23020","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"},{"id":"https://openalex.org/G595233080","display_name":null,"funder_award_id":"61972039","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6835493808","display_name":null,"funder_award_id":"7232041","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"},{"id":"https://openalex.org/G7082687","display_name":null,"funder_award_id":"20220484174","funder_id":"https://openalex.org/F4320334978","funder_display_name":"Beijing Nova Program"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"},{"id":"https://openalex.org/F4320334978","display_name":"Beijing Nova Program","ror":"https://ror.org/034k14f91"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W149523093","https://openalex.org/W1614298861","https://openalex.org/W1976383685","https://openalex.org/W2056524697","https://openalex.org/W2149600645","https://openalex.org/W2293388233","https://openalex.org/W2343828539","https://openalex.org/W2537766808","https://openalex.org/W2566050683","https://openalex.org/W2591712613","https://openalex.org/W2605422749","https://openalex.org/W2743556905","https://openalex.org/W2897924986","https://openalex.org/W2902215642","https://openalex.org/W2951527505","https://openalex.org/W2958285686","https://openalex.org/W2963065250","https://openalex.org/W2963197901","https://openalex.org/W2981978050","https://openalex.org/W2994979990","https://openalex.org/W3000027147","https://openalex.org/W3007562398","https://openalex.org/W3016987480","https://openalex.org/W3035950449","https://openalex.org/W3046070630","https://openalex.org/W3087697243","https://openalex.org/W3090762552","https://openalex.org/W3108671495","https://openalex.org/W3110894687","https://openalex.org/W3111088413","https://openalex.org/W3116203245","https://openalex.org/W3120227884","https://openalex.org/W3135091917","https://openalex.org/W3152517439","https://openalex.org/W3153407530","https://openalex.org/W3167885837","https://openalex.org/W3173040539","https://openalex.org/W3180847185","https://openalex.org/W3181277865","https://openalex.org/W3208097639","https://openalex.org/W4206076658","https://openalex.org/W4211242407","https://openalex.org/W4213221353","https://openalex.org/W4214835615","https://openalex.org/W4223587185","https://openalex.org/W4230857879","https://openalex.org/W4285358121","https://openalex.org/W4367858557","https://openalex.org/W4385245566","https://openalex.org/W6606098666","https://openalex.org/W6636510571","https://openalex.org/W6644516687","https://openalex.org/W6682137061","https://openalex.org/W6739901393","https://openalex.org/W6758993734","https://openalex.org/W6783971406"],"related_works":["https://openalex.org/W2383698455","https://openalex.org/W4211242407","https://openalex.org/W4385749929","https://openalex.org/W2366221835","https://openalex.org/W2968586400","https://openalex.org/W4285358121","https://openalex.org/W3006050125","https://openalex.org/W4308409926","https://openalex.org/W3009377061","https://openalex.org/W1973444126"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"and":[2,17,30,41,49,62,110,127,143,190],"neural":[3],"networks":[4],"have":[5,38],"become":[6],"increasingly":[7],"popular":[8],"solutions":[9],"for":[10,67],"encrypted":[11],"malware":[12,28,69,80,112,142,172,187,196],"traffic":[13,20,29,70,81,102,113,146,173,188,197],"detection.":[14,71,82,114],"They":[15],"mine":[16],"learn":[18],"complex":[19],"patterns,":[21],"enabling":[22],"detection":[23,125,189],"by":[24,45],"fitting":[25],"boundaries":[26],"between":[27],"benign":[31,136,175],"traffic.":[32,176],"Compared":[33],"with":[34,120],"signature-based":[35],"methods,":[36],"they":[37],"higher":[39],"scalability":[40],"flexibility.":[42],"However,":[43],"affected":[44],"the":[46,91,118,124,138,154,164],"frequent":[47],"variants":[48],"updates":[50],"of":[51,141,167],"malware,":[52],"current":[53],"methods":[54],"suffer":[55],"from":[56,174],"a":[57,74,96,100,156],"high":[58],"false":[59],"positive":[60],"rate":[61],"do":[63],"not":[64],"work":[65],"well":[66],"unknown":[68,195],"It":[72,162],"remains":[73],"critical":[75],"task":[76],"to":[77,89,106,131],"achieve":[78,111],"effective":[79],"In":[83],"this":[84],"paper,":[85],"we":[86,152],"introduce":[87],"CBSeq":[88,94,181],"address":[90],"above":[92],"problems.":[93],"is":[95],"method":[97],"that":[98,180],"constructs":[99],"stable":[101],"representation,":[103],"behavior":[104,122,133,139,168],"sequence,":[105,169],"characterize":[107],"attacking":[108],"intent":[109],"We":[115],"novelly":[116],"propose":[117],"channels":[119],"similar":[121],"as":[123],"object":[126],"extract":[128],"side-channel":[129],"content":[130],"construct":[132],"sequence.":[134],"Unlike":[135],"activities,":[137],"sequences":[140],"its":[144],"variant\u2019s":[145],"exhibit":[147],"solid":[148],"internal":[149,165],"correlations.":[150],"Moreover,":[151],"design":[153],"MSFormer,":[155],"powerful":[157],"Transformer-based":[158],"multi-sequence":[159],"fusion":[160],"classifier.":[161],"captures":[163],"similarity":[166],"thereby":[170],"distinguishing":[171],"Our":[177],"evaluations":[178],"demonstrate":[179],"performs":[182],"effectively":[183],"in":[184,194],"various":[185],"known":[186],"exhibits":[191],"superior":[192],"performance":[193],"detection,":[198],"outperforming":[199],"state-of-the-art":[200],"methods.":[201]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":27},{"year":2024,"cited_by_count":13}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}