{"id":"https://openalex.org/W3173170122","doi":"https://doi.org/10.1145/3460120.3484585","title":"Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis","display_name":"Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis","publication_year":2021,"publication_date":"2021-11-12","ids":{"openalex":"https://openalex.org/W3173170122","doi":"https://doi.org/10.1145/3460120.3484585","mag":"3173170122"},"language":"en","primary_location":{"id":"doi:10.1145/3460120.3484585","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2106.14707","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072990224","display_name":"Chuanpu Fu","orcid":"https://orcid.org/0000-0003-4568-6125"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Chuanpu Fu","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100350165","display_name":"Qi Li","orcid":"https://orcid.org/0000-0001-8776-8730"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Li","raw_affiliation_strings":["Tsinghua University &amp; Beijing National Research Center for Information Science and Technology (BNRist), Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Beijing National Research Center for Information Science and Technology (BNRist), Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047030842","display_name":"Meng Shen","orcid":"https://orcid.org/0000-0002-1867-0972"},"institutions":[{"id":"https://openalex.org/I125839683","display_name":"Beijing Institute of Technology","ror":"https://ror.org/01skt4w74","country_code":"CN","type":"education","lineage":["https://openalex.org/I125839683","https://openalex.org/I890469752"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Meng Shen","raw_affiliation_strings":["Beijing Institute of Technology, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Institute of Technology, Beijing, China","institution_ids":["https://openalex.org/I125839683"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100665814","display_name":"Ke Xu","orcid":"https://orcid.org/0000-0003-2587-8517"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ke Xu","raw_affiliation_strings":["Tsinghua University &amp; Beijing National Research Center for Information Science and Technology (BNRist), &amp; Peng Cheng Laboratory, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University &amp; Beijing National Research Center for Information Science and Technology (BNRist), &amp; Peng Cheng Laboratory, Beijing, China","institution_ids":["https://openalex.org/I4210136793","https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072990224"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":17.2956,"has_fulltext":false,"cited_by_count":194,"citation_normalized_percentile":{"value":0.9949623,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"3431","last_page":"3446"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8641244769096375},{"id":"https://openalex.org/keywords/throughput","display_name":"Throughput","score":0.657961368560791},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.6355911493301392},{"id":"https://openalex.org/keywords/frequency-domain","display_name":"Frequency domain","score":0.5815985202789307},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5574522018432617},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5076173543930054},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.45419105887413025},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.323684424161911},{"id":"https://openalex.org/keywords/computer-vision","display_name":"Computer vision","score":0.09491518139839172}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8641244769096375},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.657961368560791},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.6355911493301392},{"id":"https://openalex.org/C19118579","wikidata":"https://www.wikidata.org/wiki/Q786423","display_name":"Frequency domain","level":2,"score":0.5815985202789307},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5574522018432617},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5076173543930054},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.45419105887413025},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.323684424161911},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.09491518139839172},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3460120.3484585","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460120.3484585","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2106.14707","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2106.14707","pdf_url":"https://arxiv.org/pdf/2106.14707","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2106.14707","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2106.14707","pdf_url":"https://arxiv.org/pdf/2106.14707","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G3200295808","display_name":null,"funder_award_id":"61825204","funder_id":"https://openalex.org/F4320334953","funder_display_name":"China National Funds for Distinguished Young Scientists"},{"id":"https://openalex.org/G4413445484","display_name":null,"funder_award_id":"62132011 & 61932016","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320334953","display_name":"China National Funds for Distinguished Young Scientists","ror":"https://ror.org/01pab2602"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":73,"referenced_works":["https://openalex.org/W570992628","https://openalex.org/W1561983441","https://openalex.org/W1738124305","https://openalex.org/W1775772884","https://openalex.org/W1985987493","https://openalex.org/W2032247543","https://openalex.org/W2040424958","https://openalex.org/W2071285671","https://openalex.org/W2102475112","https://openalex.org/W2114996745","https://openalex.org/W2116065364","https://openalex.org/W2122646361","https://openalex.org/W2128599397","https://openalex.org/W2129700391","https://openalex.org/W2130583399","https://openalex.org/W2139325411","https://openalex.org/W2142889610","https://openalex.org/W2152929147","https://openalex.org/W2159840470","https://openalex.org/W2182421051","https://openalex.org/W2193413348","https://openalex.org/W2294281138","https://openalex.org/W2342408547","https://openalex.org/W2395660260","https://openalex.org/W2396652156","https://openalex.org/W2407894837","https://openalex.org/W2473007119","https://openalex.org/W2498359591","https://openalex.org/W2557283755","https://openalex.org/W2605422749","https://openalex.org/W2766282988","https://openalex.org/W2789780249","https://openalex.org/W2790127834","https://openalex.org/W2795175906","https://openalex.org/W2889233068","https://openalex.org/W2892214024","https://openalex.org/W2892724803","https://openalex.org/W2903379676","https://openalex.org/W2930263444","https://openalex.org/W2946905885","https://openalex.org/W2947207728","https://openalex.org/W2963197901","https://openalex.org/W2963796896","https://openalex.org/W2964080939","https://openalex.org/W2965003867","https://openalex.org/W2965837624","https://openalex.org/W2969064802","https://openalex.org/W2969109447","https://openalex.org/W2971005195","https://openalex.org/W2971776695","https://openalex.org/W2988337058","https://openalex.org/W3007265242","https://openalex.org/W3007418556","https://openalex.org/W3007562398","https://openalex.org/W3008176860","https://openalex.org/W3008207353","https://openalex.org/W3015248254","https://openalex.org/W3020339652","https://openalex.org/W3045016378","https://openalex.org/W3047608117","https://openalex.org/W3082884087","https://openalex.org/W3099114729","https://openalex.org/W3103367901","https://openalex.org/W3108948262","https://openalex.org/W3109620927","https://openalex.org/W3116203245","https://openalex.org/W3120227884","https://openalex.org/W3143752568","https://openalex.org/W3155300845","https://openalex.org/W3193903060","https://openalex.org/W4205593870","https://openalex.org/W4302369416","https://openalex.org/W4386549231"],"related_works":["https://openalex.org/W2373230814","https://openalex.org/W2357468538","https://openalex.org/W2127991899","https://openalex.org/W1577110157","https://openalex.org/W2990788608","https://openalex.org/W2169868145","https://openalex.org/W2355007334","https://openalex.org/W2390009783","https://openalex.org/W2808001300","https://openalex.org/W1548771250"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"based":[3,23,29,65,83],"malicious":[4,84],"traffic":[5,41,85],"detection":[6,30,33,58,66,86,119,131,203],"is":[7,18,147,196],"an":[8],"emerging":[9],"security":[10],"paradigm,":[11],"particularly":[12],"for":[13],"zero-day":[14],"attack":[15],"detection,":[16],"which":[17,116],"complementary":[19],"to":[20,61,111,128,199],"existing":[21,27,63],"rule":[22,64],"detection.":[24],"However,":[25],"the":[26,62,107,124,140,164],"ML":[28,82],"achieves":[31,89],"low":[32,36],"accuracy":[34,92],"and":[35,93,121,144,173],"throughput":[37,54,95],"incurred":[38],"by":[39,71,96,106],"inefficient":[40],"features":[42,110,127,143],"extraction.":[43],"Thus,":[44],"they":[45],"cannot":[46,136],"detect":[47,170],"attacks":[48,159],"in":[49,52],"realtime,":[50],"especially":[51],"high":[53,91,94,118,130],"networks.":[55],"Particularly,":[56],"these":[57],"systems":[59],"similar":[60],"can":[67,168],"be":[68],"easily":[69,137],"evaded":[70],"sophisticated":[72,172],"attacks.":[73,152],"To":[74],"this":[75],"end,":[76],"we":[77],"propose":[78],"Whisper,":[79],"a":[80],"realtime":[81],"system":[87],"that":[88],"both":[90],"utilizing":[97],"frequency":[98,108,141],"domain":[99,109,142],"features.":[100],"It":[101],"utilizes":[102],"sequential":[103],"information":[104,114],"represented":[105],"achieve":[112,129],"bounded":[113],"loss,":[115],"ensures":[117],"accuracy,":[120],"meanwhile":[122],"constrains":[123],"scale":[125],"of":[126,158,181,187],"throughput.":[132,189],"In":[133],"particular,":[134],"attackers":[135],"interfere":[138],"with":[139,155,163],"thus":[145],"Whisper":[146,167,195],"robust":[148],"against":[149],"various":[150,171,192],"evasion":[151,193],"Our":[153],"experiments":[154],"42":[156],"types":[157],"demonstrate":[160],"that,":[161],"compared":[162],"state-of-the-art":[165],"systems,":[166],"accurately":[169],"stealthy":[174],"attacks,":[175,194],"achieving":[176,184],"at":[177],"most":[178],"18.36%":[179],"improvement":[180],"AUC,":[182],"while":[183],"two":[185],"orders":[186],"magnitude":[188],"Even":[190],"under":[191],"still":[197],"able":[198],"maintain":[200],"around":[201],"90%":[202],"accuracy.":[204]},"counts_by_year":[{"year":2026,"cited_by_count":8},{"year":2025,"cited_by_count":78},{"year":2024,"cited_by_count":59},{"year":2023,"cited_by_count":23},{"year":2022,"cited_by_count":25},{"year":2021,"cited_by_count":1}],"updated_date":"2026-04-23T09:07:50.710637","created_date":"2025-10-10T00:00:00"}