{"id":"https://openalex.org/W7084580662","doi":"https://doi.org/10.1109/ton.2025.3610853","title":"REAPER: Real-Time Detection of Malicious Traffic via Deep Time-Series Embedding Analysis","display_name":"REAPER: Real-Time Detection of Malicious Traffic via Deep Time-Series Embedding Analysis","publication_year":2025,"publication_date":"2025-10-03","ids":{"openalex":"https://openalex.org/W7084580662","doi":"https://doi.org/10.1109/ton.2025.3610853"},"language":"en","primary_location":{"id":"doi:10.1109/ton.2025.3610853","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ton.2025.3610853","pdf_url":null,"source":{"id":"https://openalex.org/S5407042750","display_name":"IEEE Transactions on Networking","issn_l":"2998-4157","issn":["2998-4157"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Networking","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Dan Tang","orcid":"https://orcid.org/0000-0002-0062-0213"},"institutions":[{"id":"https://openalex.org/I4210156400","display_name":"Department of Science and Technology of Hunan Province","ror":"https://ror.org/04qgr7x96","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210156400"]},{"id":"https://openalex.org/I56934997","display_name":"Changsha University of Science and Technology","ror":"https://ror.org/03yph8055","country_code":"CN","type":"education","lineage":["https://openalex.org/I56934997"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dan Tang","raw_affiliation_strings":["College of Cyber Science and Technology, Hunan University (HNU), Changsha, China"],"affiliations":[{"raw_affiliation_string":"College of Cyber Science and Technology, Hunan University (HNU), Changsha, China","institution_ids":["https://openalex.org/I56934997","https://openalex.org/I4210156400"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Boru Liu","orcid":"https://orcid.org/0009-0007-3865-0315"},"institutions":[{"id":"https://openalex.org/I16609230","display_name":"Hunan University","ror":"https://ror.org/05htk5m33","country_code":"CN","type":"education","lineage":["https://openalex.org/I16609230"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Boru Liu","raw_affiliation_strings":["College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China"],"affiliations":[{"raw_affiliation_string":"College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China","institution_ids":["https://openalex.org/I16609230"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zheng Qin","orcid":"https://orcid.org/0000-0003-0877-3887"},"institutions":[{"id":"https://openalex.org/I4210156400","display_name":"Department of Science and Technology of Hunan Province","ror":"https://ror.org/04qgr7x96","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210156400"]},{"id":"https://openalex.org/I56934997","display_name":"Changsha University of Science and Technology","ror":"https://ror.org/03yph8055","country_code":"CN","type":"education","lineage":["https://openalex.org/I56934997"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zheng Qin","raw_affiliation_strings":["College of Cyber Science and Technology, Hunan University (HNU), Changsha, China"],"affiliations":[{"raw_affiliation_string":"College of Cyber Science and Technology, Hunan University (HNU), Changsha, China","institution_ids":["https://openalex.org/I56934997","https://openalex.org/I4210156400"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Wei Liang","orcid":"https://orcid.org/0000-0002-5074-1363"},"institutions":[{"id":"https://openalex.org/I121296143","display_name":"Hunan University of Science and Technology","ror":"https://ror.org/02m9vrb24","country_code":"CN","type":"education","lineage":["https://openalex.org/I121296143"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei Liang","raw_affiliation_strings":["School of Computer Science and Engineering, Hunan University of Science and Technology (HNUST), Xiangtan, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Hunan University of Science and Technology (HNUST), Xiangtan, China","institution_ids":["https://openalex.org/I121296143"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Keqin Li","orcid":"https://orcid.org/0000-0001-5224-4048"},"institutions":[{"id":"https://openalex.org/I157455823","display_name":"SUNY New Paltz","ror":"https://ror.org/03j3dv688","country_code":"US","type":"education","lineage":["https://openalex.org/I157455823"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Keqin Li","raw_affiliation_strings":["Department of Computer Science, The State University of New York, New Paltz, NY, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, The State University of New York, New Paltz, NY, USA","institution_ids":["https://openalex.org/I157455823"]}]},{"author_position":"last","author":{"id":null,"display_name":"Wenqiang Jin","orcid":"https://orcid.org/0000-0002-7610-3677"},"institutions":[{"id":"https://openalex.org/I4210156400","display_name":"Department of Science and Technology of Hunan Province","ror":"https://ror.org/04qgr7x96","country_code":"CN","type":"government","lineage":["https://openalex.org/I4210156400"]},{"id":"https://openalex.org/I56934997","display_name":"Changsha University of Science and Technology","ror":"https://ror.org/03yph8055","country_code":"CN","type":"education","lineage":["https://openalex.org/I56934997"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wenqiang Jin","raw_affiliation_strings":["College of Cyber Science and Technology, Hunan University (HNU), Changsha, China"],"affiliations":[{"raw_affiliation_string":"College of Cyber Science and Technology, Hunan University (HNU), Changsha, China","institution_ids":["https://openalex.org/I56934997","https://openalex.org/I4210156400"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I4210156400","https://openalex.org/I56934997"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.6711248,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"34","issue":null,"first_page":"872","last_page":"887"},"is_retracted":false,"is_paratext":false,"is_xpac":true,"primary_topic":{"id":"https://openalex.org/T14115","display_name":"Legal processes and jurisprudence","score":0.20329999923706055,"subfield":{"id":"https://openalex.org/subfields/3308","display_name":"Law"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T14115","display_name":"Legal processes and jurisprudence","score":0.20329999923706055,"subfield":{"id":"https://openalex.org/subfields/3308","display_name":"Law"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12332","display_name":"Comparative constitutional jurisprudence studies","score":0.11020000278949738,"subfield":{"id":"https://openalex.org/subfields/3320","display_name":"Political Science and International Relations"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T14168","display_name":"Occupational Health and Global Justice","score":0.04089999943971634,"subfield":{"id":"https://openalex.org/subfields/3306","display_name":"Health"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/autoencoder","display_name":"Autoencoder","score":0.7682999968528748},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6420999765396118},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5601999759674072},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.5260000228881836},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.5095999836921692},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.49729999899864197},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.4927000105381012},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.41290000081062317},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4065000116825104}],"concepts":[{"id":"https://openalex.org/C101738243","wikidata":"https://www.wikidata.org/wiki/Q786435","display_name":"Autoencoder","level":3,"score":0.7682999968528748},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7644000053405762},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6420999765396118},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5601999759674072},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.5260000228881836},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.5095999836921692},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5051000118255615},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.49729999899864197},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.4927000105381012},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.42989999055862427},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.41290000081062317},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4065000116825104},{"id":"https://openalex.org/C4679612","wikidata":"https://www.wikidata.org/wiki/Q866298","display_name":"Aggregate (composite)","level":2,"score":0.392300009727478},{"id":"https://openalex.org/C79337645","wikidata":"https://www.wikidata.org/wiki/Q779824","display_name":"Outlier","level":2,"score":0.392300009727478},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3682999908924103},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.34880000352859497},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.32679998874664307},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.32420000433921814},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3158999979496002},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.31540000438690186},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.31060001254081726},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.2985999882221222},{"id":"https://openalex.org/C207512268","wikidata":"https://www.wikidata.org/wiki/Q3074551","display_name":"Traffic flow (computer networking)","level":2,"score":0.29750001430511475},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.2939000129699707},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.29260000586509705},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.28769999742507935},{"id":"https://openalex.org/C2777667771","wikidata":"https://www.wikidata.org/wiki/Q926331","display_name":"Ransomware","level":3,"score":0.28519999980926514},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.2851000130176544},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.27129998803138733},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.2653000056743622}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ton.2025.3610853","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ton.2025.3610853","pdf_url":null,"source":{"id":"https://openalex.org/S5407042750","display_name":"IEEE Transactions on Networking","issn_l":"2998-4157","issn":["2998-4157"],"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Networking","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1034202334","display_name":null,"funder_award_id":"2025JJ50350","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3797785422","display_name":null,"funder_award_id":"62472153","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":45,"referenced_works":["https://openalex.org/W1994926493","https://openalex.org/W2012549717","https://openalex.org/W2022844530","https://openalex.org/W2963197901","https://openalex.org/W3006503311","https://openalex.org/W3131541364","https://openalex.org/W3136284412","https://openalex.org/W3173170122","https://openalex.org/W3193293525","https://openalex.org/W3206007427","https://openalex.org/W3206674745","https://openalex.org/W3214071552","https://openalex.org/W4213060442","https://openalex.org/W4220692398","https://openalex.org/W4283205460","https://openalex.org/W4283219743","https://openalex.org/W4290991228","https://openalex.org/W4290991406","https://openalex.org/W4290991422","https://openalex.org/W4313378981","https://openalex.org/W4313423370","https://openalex.org/W4319994093","https://openalex.org/W4322588479","https://openalex.org/W4324007233","https://openalex.org/W4352976871","https://openalex.org/W4360995354","https://openalex.org/W4365790450","https://openalex.org/W4376481072","https://openalex.org/W4382119071","https://openalex.org/W4385080328","https://openalex.org/W4385444612","https://openalex.org/W4386243284","https://openalex.org/W4386260561","https://openalex.org/W4386260575","https://openalex.org/W4387011098","https://openalex.org/W4388505134","https://openalex.org/W4388856929","https://openalex.org/W4388867311","https://openalex.org/W4389332300","https://openalex.org/W4390571282","https://openalex.org/W4391097191","https://openalex.org/W4404884150","https://openalex.org/W4405800338","https://openalex.org/W4407361734","https://openalex.org/W4408920463"],"related_works":[],"abstract_inverted_index":{"Existing":[0],"malicious":[1,32,50,78],"traffic":[2,33,51,153],"detection":[3,10,48],"methods":[4],"face":[5],"challenges":[6],"in":[7,11,70],"achieving":[8],"real-time":[9,47],"high-bandwidth":[12],"networks,":[13],"suffer":[14],"from":[15],"information":[16],"loss":[17],"due":[18],"to":[19,28,65,94,150,157],"conventional":[20],"discrete":[21],"statistical":[22],"feature":[23],"extraction,":[24],"and":[25,138,147],"remain":[26],"vulnerable":[27],"evasion":[29],"by":[30,103],"short-flow-based":[31],"resembling":[34],"benign":[35],"behavior.":[36],"To":[37],"this":[38],"end,":[39],"we":[40],"present":[41],"REAPER,":[42],"a":[43,82],"high-performance":[44],"system":[45],"for":[46,128],"of":[49,77,117,136,140],"at":[52],"the":[53,91,107,125],"network":[54,97],"flow":[55,98],"level,":[56],"built":[57],"on":[58,106],"Intel":[59],"DPDK.":[60],"REAPER":[61,123],"leverages":[62,81],"an":[63,110,133],"IP-trie":[64],"dynamically":[66],"aggregate":[67],"short":[68],"flows":[69],"real":[71],"time,":[72],"exposing":[73],"hidden":[74],"sending":[75],"patterns":[76],"traffic.":[79],"It":[80],"deep":[83],"time-series":[84],"embedding":[85],"analysis":[86,105],"(DTEA)":[87],"method,":[88],"which":[89],"uses":[90],"RNN":[92],"algorithm":[93],"directly":[95],"convert":[96],"data":[99],"into":[100],"embeddings,":[101],"followed":[102],"outlier":[104],"embeddings":[108],"using":[109],"unsupervised":[111],"variational":[112],"autoencoder":[113],"(VAE)":[114],"algorithm,":[115],"capable":[116],"detecting":[118],"zero-day":[119],"attacks.":[120],"Experiments":[121],"show":[122],"outperforms":[124],"baseline,":[126],"especially":[127],"encrypted":[129],"malware":[130],"traffic,":[131],"achieves":[132],"average":[134],"AUC":[135],"0.9429":[137],"EER":[139],"0.0348":[141],"under":[142],"evolving":[143],"cyber":[144],"attack":[145],"patterns,":[146],"supports":[148],"up":[149],"5":[151],"Gbps":[152],"throughput,":[154],"with":[155],"scalability":[156],"higher":[158],"rates.":[159]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}