{"id":"https://openalex.org/W3000440607","doi":"https://doi.org/10.1145/3371676.3371705","title":"A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics","display_name":"A Method of Detecting the Abnormal Encrypted Traffic Based on Machine Learning and Behavior Characteristics","publication_year":2019,"publication_date":"2019-11-15","ids":{"openalex":"https://openalex.org/W3000440607","doi":"https://doi.org/10.1145/3371676.3371705","mag":"3000440607"},"language":"en","primary_location":{"id":"doi:10.1145/3371676.3371705","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3371676.3371705","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 9th International Conference on Communication and Network Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101560782","display_name":"Bin Kong","orcid":null},"institutions":[{"id":"https://openalex.org/I21193070","display_name":"Beijing Jiaotong University","ror":"https://ror.org/01yj56c84","country_code":"CN","type":"education","lineage":["https://openalex.org/I21193070"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Bin Kong","raw_affiliation_strings":["School of Economics and Management, Beijing Jiaotong University"],"affiliations":[{"raw_affiliation_string":"School of Economics and Management, Beijing Jiaotong University","institution_ids":["https://openalex.org/I21193070"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038501563","display_name":"Zhangpu Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhangpu Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034610167","display_name":"Guangming Zhou","orcid":"https://orcid.org/0000-0002-7427-1781"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Guangming Zhou","raw_affiliation_strings":["China National Salt Industry Group Co., Ltd, Beijing, China"],"affiliations":[{"raw_affiliation_string":"China National Salt Industry Group Co., Ltd, Beijing, China","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100695163","display_name":"Xiaoyan Yu","orcid":"https://orcid.org/0000-0003-0351-8393"},"institutions":[{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaoyan Yu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China, School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5101560782"],"corresponding_institution_ids":["https://openalex.org/I21193070"],"apc_list":null,"apc_paid":null,"fwci":0.28,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.67553702,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"47","last_page":"50"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10388","display_name":"Advanced Steganography and Watermarking Techniques","score":0.9851999878883362,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8258942365646362},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.8205897808074951},{"id":"https://openalex.org/keywords/traffic-classification","display_name":"Traffic classification","score":0.7795380353927612},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5776805877685547},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.57733154296875},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5359621047973633},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.530623197555542},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.5293049812316895},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5290970802307129},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.5205156207084656},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48840540647506714},{"id":"https://openalex.org/keywords/traffic-generation-model","display_name":"Traffic generation model","score":0.4627769887447357},{"id":"https://openalex.org/keywords/data-stream-mining","display_name":"Data stream mining","score":0.4450068175792694},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.28437528014183044}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8258942365646362},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.8205897808074951},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.7795380353927612},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5776805877685547},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.57733154296875},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5359621047973633},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.530623197555542},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.5293049812316895},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5290970802307129},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.5205156207084656},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48840540647506714},{"id":"https://openalex.org/C176715033","wikidata":"https://www.wikidata.org/wiki/Q2080768","display_name":"Traffic generation model","level":2,"score":0.4627769887447357},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.4450068175792694},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.28437528014183044},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3371676.3371705","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3371676.3371705","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 9th International Conference on Communication and Network Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W1964234701","https://openalex.org/W2010716466","https://openalex.org/W2041855183","https://openalex.org/W2096118443","https://openalex.org/W2105259927","https://openalex.org/W2122226347","https://openalex.org/W3139611398","https://openalex.org/W3150719513"],"related_works":["https://openalex.org/W2127561666","https://openalex.org/W2949949254","https://openalex.org/W2964663688","https://openalex.org/W3171671300","https://openalex.org/W3163756987","https://openalex.org/W4399181772","https://openalex.org/W2062731068","https://openalex.org/W4293901154","https://openalex.org/W4293088549","https://openalex.org/W3174245262"],"abstract_inverted_index":{"Classification":[0],"of":[1,29,81,106,142],"network":[2,94],"traffic":[3,49,85,95,145],"using":[4,18,98],"port-based":[5],"or":[6],"deep":[7],"packet-based":[8],"analysis":[9],"is":[10],"becoming":[11],"increasingly":[12],"difficult":[13],"with":[14,97],"many":[15],"peer-to-peer(P2P)":[16],"applications":[17],"dynamic":[19,41],"port":[20],"numbers,":[21],"especially":[22],"in":[23,40,73,113],"massive":[24],"data":[25,96,120],"streams.":[26],"In":[27,88],"view":[28],"the":[30,79,82,93,108,114,117,140],"problem":[31,141],"that":[32,112],"traditional":[33],"method":[34,51,123],"cannot":[35],"be":[36],"self-learning":[37],"and":[38,56,128,135],"self-evolving":[39],"networks,":[42],"this":[43,59,89],"paper":[44],"proposed":[45],"an":[46],"abnormally":[47,143],"encrypted":[48,84,119,144],"detection":[50,86,122],"based":[52,124],"on":[53,125],"machine":[54,100,126],"learning":[55,101,127],"behavior":[57,104,129],"characteristics,":[58],"approach":[60,102],"can":[61,76,136],"not":[62],"only":[63],"identify":[64],"unknown":[65],"abnormal":[66,83,118],"traffic,":[67],"but":[68],"eliminate":[69],"specific":[70],"feature":[71],"extraction":[72],"advance,":[74],"which":[75],"effectively":[77,138],"improve":[78],"accuracy":[80,134],"system.":[87],"paper,":[90],"we":[91],"processed":[92],"a":[99],"combined":[103],"characteristics":[105,130],"applications,":[107],"experimental":[109],"results":[110],"show":[111],"complex":[115],"network,":[116],"stream":[121],"has":[131],"higher":[132],"recognition":[133],"more":[137],"solve":[139],"identification.":[146]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}