{"id":"https://openalex.org/W4414463352","doi":"https://doi.org/10.1109/tifs.2025.3613971","title":"Flow Microelement-Driven Traffic Relationship Analysis: Robust Detection of Malicious Encrypted Traffic","display_name":"Flow Microelement-Driven Traffic Relationship Analysis: Robust Detection of Malicious Encrypted Traffic","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4414463352","doi":"https://doi.org/10.1109/tifs.2025.3613971"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2025.3613971","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3613971","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Hao Fu","orcid":"https://orcid.org/0009-0001-6873-2609"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hao Fu","raw_affiliation_strings":["Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0001-6873-2609","affiliations":[{"raw_affiliation_string":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Degang Sun","orcid":"https://orcid.org/0009-0007-6408-2032"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Degang Sun","raw_affiliation_strings":["Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0007-6408-2032","affiliations":[{"raw_affiliation_string":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068234732","display_name":"Jinxia Wei","orcid":"https://orcid.org/0000-0002-2190-3845"},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jinxia Wei","raw_affiliation_strings":["Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103496136","display_name":"Wei Wan","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Wan","raw_affiliation_strings":["Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7179-140X","affiliations":[{"raw_affiliation_string":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5112356577","display_name":"Chun Long","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108629","display_name":"Computer Network Information Center","ror":"https://ror.org/01s0wyf50","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210108629"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chun Long","raw_affiliation_strings":["Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-0351-6486","affiliations":[{"raw_affiliation_string":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I4210108629","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":1.3517,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.8592678,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":"20","issue":null,"first_page":"10604","last_page":"10619"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9592999815940857,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9592999815940857,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9174000024795532,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7796000242233276},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.7365999817848206},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7235999703407288},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6003999710083008},{"id":"https://openalex.org/keywords/construct","display_name":"Construct (python library)","score":0.5133000016212463},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.46970000863075256},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4318000078201294},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.4185999929904938}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8593999743461609},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7796000242233276},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.7365999817848206},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7235999703407288},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6003999710083008},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5830000042915344},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.5133000016212463},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.46970000863075256},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4318000078201294},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.4185999929904938},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37380000948905945},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.37209999561309814},{"id":"https://openalex.org/C207512268","wikidata":"https://www.wikidata.org/wiki/Q3074551","display_name":"Traffic flow (computer networking)","level":2,"score":0.35569998621940613},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.352400004863739},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3158999979496002},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.30239999294281006},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.3019999861717224},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2888999879360199},{"id":"https://openalex.org/C77618280","wikidata":"https://www.wikidata.org/wiki/Q1155772","display_name":"Scheme (mathematics)","level":2,"score":0.28540000319480896},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.27970001101493835},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.27730000019073486},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.25589999556541443},{"id":"https://openalex.org/C176715033","wikidata":"https://www.wikidata.org/wiki/Q2080768","display_name":"Traffic generation model","level":2,"score":0.25110000371932983},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2025.3613971","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2025.3613971","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4275676790","display_name":null,"funder_award_id":"2022170","funder_id":"https://openalex.org/F4320322847","funder_display_name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences"},{"id":"https://openalex.org/G6736256340","display_name":null,"funder_award_id":"CAS-WX2022GC-04","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"},{"id":"https://openalex.org/G6840637175","display_name":null,"funder_award_id":"2022170","funder_id":"https://openalex.org/F4320321133","funder_display_name":"Chinese Academy of Sciences"}],"funders":[{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"},{"id":"https://openalex.org/F4320322847","display_name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","ror":"https://ror.org/031141b54"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":42,"referenced_works":["https://openalex.org/W1918994707","https://openalex.org/W2000756828","https://openalex.org/W2026621111","https://openalex.org/W2097565277","https://openalex.org/W2116341502","https://openalex.org/W2133590498","https://openalex.org/W2243752967","https://openalex.org/W2296509296","https://openalex.org/W2343004508","https://openalex.org/W2606697812","https://openalex.org/W2740924709","https://openalex.org/W2789828921","https://openalex.org/W2962703433","https://openalex.org/W2963197901","https://openalex.org/W2969295985","https://openalex.org/W2988790801","https://openalex.org/W2998313947","https://openalex.org/W3003265726","https://openalex.org/W3048804154","https://openalex.org/W3116203245","https://openalex.org/W3128341305","https://openalex.org/W3136284412","https://openalex.org/W3171007011","https://openalex.org/W3173170122","https://openalex.org/W3181596493","https://openalex.org/W3194668998","https://openalex.org/W4224315052","https://openalex.org/W4253053708","https://openalex.org/W4313378981","https://openalex.org/W4320713315","https://openalex.org/W4324007233","https://openalex.org/W4361289962","https://openalex.org/W4385245566","https://openalex.org/W4387007222","https://openalex.org/W4388505134","https://openalex.org/W4396723284","https://openalex.org/W4396757496","https://openalex.org/W4396949749","https://openalex.org/W4397000408","https://openalex.org/W4405109490","https://openalex.org/W4405183428","https://openalex.org/W4411337269"],"related_works":[],"abstract_inverted_index":{"Encryption":[0],"technologies":[1],"randomize":[2],"network":[3],"communication":[4],"to":[5,14,90,98,149],"protect":[6],"user":[7],"privacy.":[8],"However,":[9],"attackers":[10],"exploit":[11],"encrypted":[12,58,76,165],"traffic":[13,25,60,78,84,94,117,135,166],"conceal":[15],"malicious":[16,59,77],"activities.":[17],"The":[18,86],"existing":[19],"detection":[20,61,79,167],"methods":[21,32,226],"rely":[22],"primarily":[23],"on":[24,83,139,184],"content":[26],"or":[27],"interactive":[28],"patterns.":[29],"Nevertheless,":[30],"static":[31],"can":[33],"be":[34],"easily":[35],"obfuscated":[36],"by":[37],"advanced":[38],"attacks.":[39,56],"Since":[40],"the":[41,114,127,140,151,209,224],"set":[42],"of":[43,116,203,232],"potential":[44],"attacks":[45],"is":[46],"open":[47],"and":[48,97,154,173,187],"infinite,":[49],"models":[50],"regularly":[51],"lose":[52],"effectiveness":[53],"against":[54],"novel":[55,176],"Robust":[57],"remains":[62],"a":[63,73,92,134,162],"valuable":[64],"research":[65],"area.":[66],"In":[67],"this":[68],"paper,":[69],"we":[70,111,132,160,215],"propose":[71],"BSTS-Net,":[72],"robust":[74,158],"unsupervised":[75],"model":[80],"based":[81,138],"entirely":[82],"relations.":[85,124,156],"key":[87],"motivations":[88],"are":[89,147],"construct":[91,133],"relation-based":[93],"contextual":[95],"representation":[96],"establish":[99],"dynamic":[100,164,171],"baselines":[101,172],"for":[102,220],"anomaly":[103],"detection.":[104],"To":[105,125],"represent":[106],"local":[107],"relations":[108],"within":[109],"flows,":[110,131],"innovatively":[112],"introduce":[113,161],"concept":[115],"microelements,":[118],"which":[119],"capture":[120],"fine-grained":[121],"interaction":[122],"pattern":[123],"integrate":[126],"global":[128],"relationships":[129],"between":[130],"microelement":[136],"space":[137],"Siamese":[141],"neural":[142],"network.":[143],"Three":[144],"optimization":[145],"functions":[146],"proposed":[148],"optimize":[150],"intraservice,":[152],"interservice":[153],"internode":[155],"For":[157],"detection,":[159],"reputation-enhanced":[163],"algorithm":[168],"that":[169],"constructs":[170],"continuously":[174],"detects":[175],"anomalies.":[177],"We":[178],"evaluate":[179],"BSTS-Net":[180,234],"through":[181],"extensive":[182],"experiments":[183],"three":[185,217],"datasets":[186,210],"compare":[188],"it":[189],"with":[190,199,238],"seven":[191],"SOTA":[192],"methods.":[193],"Our":[194],"results":[195],"demonstrate":[196],"its":[197],"superiority,":[198],"an":[200,228],"F1":[201,229],"score":[202,230],"more":[204],"than":[205],"99.63%":[206],"across":[207],"all":[208],"in":[211],"multiclassification":[212],"scenarios.":[213],"Additionally,":[214],"simulate":[216],"adversarial":[218],"scenarios":[219],"robustness":[221],"analysis.":[222],"Although":[223],"baseline":[225],"experience":[227],"degradation":[231],"32.21%,":[233],"achieves":[235],"high":[236],"performance,":[237],"only":[239],"1%":[240],"degradation.":[241]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}