{"id":"https://openalex.org/W4306406279","doi":"https://doi.org/10.1145/3545948.3545983","title":"Encrypted Malware Traffic Detection via Graph-based Network Analysis","display_name":"Encrypted Malware Traffic Detection via Graph-based Network Analysis","publication_year":2022,"publication_date":"2022-10-17","ids":{"openalex":"https://openalex.org/W4306406279","doi":"https://doi.org/10.1145/3545948.3545983"},"language":"en","primary_location":{"id":"doi:10.1145/3545948.3545983","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3545948.3545983","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3545948.3545983","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3545948.3545983","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5036655847","display_name":"Zhuoqun Fu","orcid":"https://orcid.org/0000-0002-6265-0151"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhuoqun Fu","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101513317","display_name":"Mingxuan Liu","orcid":"https://orcid.org/0009-0005-9456-015X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingxuan Liu","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103271475","display_name":"Yue Qin","orcid":"https://orcid.org/0000-0002-7857-2936"},"institutions":[{"id":"https://openalex.org/I4210119109","display_name":"Indiana University Bloomington","ror":"https://ror.org/02k40bc56","country_code":"US","type":"education","lineage":["https://openalex.org/I4210119109","https://openalex.org/I592451"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yue Qin","raw_affiliation_strings":["Indiana University Bloomington, United States of America"],"affiliations":[{"raw_affiliation_string":"Indiana University Bloomington, United States of America","institution_ids":["https://openalex.org/I4210119109"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018723138","display_name":"Jia Zhang","orcid":"https://orcid.org/0000-0001-7896-3382"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jia Zhang","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101651608","display_name":"Yuan Zou","orcid":"https://orcid.org/0000-0003-3617-0450"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yuan Zou","raw_affiliation_strings":["Tsinghua University; GeekSec Security Group, China","Tsinghua University"],"affiliations":[{"raw_affiliation_string":"Tsinghua University; GeekSec Security Group, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5001953231","display_name":"Qilei Yin","orcid":"https://orcid.org/0000-0002-0148-2772"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qilei Yin","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100350165","display_name":"Qi Li","orcid":"https://orcid.org/0000-0001-8776-8730"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qi Li","raw_affiliation_strings":["Tsinghua University, China"],"affiliations":[{"raw_affiliation_string":"Tsinghua University, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067799841","display_name":"Haixin Duan","orcid":"https://orcid.org/0000-0003-0083-733X"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Haixin Duan","raw_affiliation_strings":["Tsinghua University; Qi An Xin Group Corp., China","Tsinghua University"],"affiliations":[{"raw_affiliation_string":"Tsinghua University; Qi An Xin Group Corp., China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Tsinghua University","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5036655847"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":8.4214,"has_fulltext":true,"cited_by_count":61,"citation_normalized_percentile":{"value":0.98135359,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"495","last_page":"509"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7856320738792419},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.705504298210144},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5415899753570557},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.4965363144874573},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.44252899289131165},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4191647171974182},{"id":"https://openalex.org/keywords/generalizability-theory","display_name":"Generalizability theory","score":0.4176226258277893},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.36578914523124695},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.2805447578430176}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7856320738792419},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.705504298210144},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5415899753570557},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.4965363144874573},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.44252899289131165},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4191647171974182},{"id":"https://openalex.org/C27158222","wikidata":"https://www.wikidata.org/wiki/Q5532422","display_name":"Generalizability theory","level":2,"score":0.4176226258277893},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36578914523124695},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2805447578430176},{"id":"https://openalex.org/C105795698","wikidata":"https://www.wikidata.org/wiki/Q12483","display_name":"Statistics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3545948.3545983","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3545948.3545983","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3545948.3545983","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3545948.3545983","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3545948.3545983","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3545948.3545983","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[{"score":0.6800000071525574,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1231421488","display_name":null,"funder_award_id":"under","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3085993365","display_name":null,"funder_award_id":"(Grant No.","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5534504329","display_name":null,"funder_award_id":"U1836213,U19B2034","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6645987955","display_name":null,"funder_award_id":"U19B2034","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6854417668","display_name":null,"funder_award_id":"U1836213","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7155321176","display_name":null,"funder_award_id":"62132011","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7726157001","display_name":null,"funder_award_id":"Grant No.","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4306406279.pdf","grobid_xml":"https://content.openalex.org/works/W4306406279.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W1498756827","https://openalex.org/W1919179112","https://openalex.org/W2016606569","https://openalex.org/W2073089243","https://openalex.org/W2091682045","https://openalex.org/W2110983102","https://openalex.org/W2117202485","https://openalex.org/W2135349594","https://openalex.org/W2154851992","https://openalex.org/W2157949690","https://openalex.org/W2161984370","https://openalex.org/W2283196293","https://openalex.org/W2517451064","https://openalex.org/W2537766808","https://openalex.org/W2612872092","https://openalex.org/W2743556905","https://openalex.org/W2750755351","https://openalex.org/W2886750927","https://openalex.org/W2915352631","https://openalex.org/W2919493784","https://openalex.org/W2921434519","https://openalex.org/W2946046356","https://openalex.org/W2947585023","https://openalex.org/W2962756421","https://openalex.org/W2963197901","https://openalex.org/W2982561893","https://openalex.org/W2984488829","https://openalex.org/W2985331920","https://openalex.org/W3044183949","https://openalex.org/W3104097132","https://openalex.org/W3138173041","https://openalex.org/W3206414484","https://openalex.org/W4206482253","https://openalex.org/W4210896998","https://openalex.org/W4213069590","https://openalex.org/W4293171766","https://openalex.org/W4299301436","https://openalex.org/W4299935294","https://openalex.org/W6676615153"],"related_works":["https://openalex.org/W2118717649","https://openalex.org/W2413243053","https://openalex.org/W410723623","https://openalex.org/W2015341305","https://openalex.org/W2035068594","https://openalex.org/W4225593417","https://openalex.org/W2573498121","https://openalex.org/W3022298670","https://openalex.org/W3160494304","https://openalex.org/W2388888344"],"abstract_inverted_index":{"Malicious":[0],"activities":[1],"on":[2,54,85,117,142],"the":[3,27,58,68,77,130,135,194],"Internet":[4],"continue":[5],"to":[6,16,49,67,97,103,128],"grow":[7],"in":[8,160,198,220],"volume":[9],"and":[10,61,110,123,155,163,171,173],"damage,":[11],"posing":[12],"a":[13,41,86,118],"serious":[14],"risk":[15],"society.":[17],"Malware":[18],"with":[19,211],"remote":[20],"control":[21],"capabilities":[22],"is":[23,178],"considered":[24],"one":[25,205],"of":[26,38,71,79,89,113,137,182,190,196],"most":[28],"threatening":[29],"malicious":[30,51],"activities,":[31],"as":[32],"it":[33,141,166],"can":[34],"enable":[35],"arbitrary":[36],"types":[37],"cyber-attacks.":[39],"As":[40],"countermeasure,":[42],"many":[43],"malware":[44,81,152],"detection":[45,82,131,153],"methods":[46,83],"are":[47],"proposed":[48],"identify":[50],"behaviours":[52,115],"based":[53,116],"traffic":[55,219],"characteristics.":[56,90],"However,":[57],"emerging":[59],"encryption":[60],"evasion":[62],"techniques":[63],"pose":[64],"substantial":[65],"barriers":[66],"full":[69],"exploitation":[70],"network":[72,114,201],"information.":[73],"This":[74],"significantly":[75],"impairs":[76],"effectiveness":[78,136],"existing":[80],"relying":[84],"singular":[87],"type":[88],"In":[91,101],"this":[92,99],"paper,":[93],"we":[94,139],"propose":[95],"ST-Graph":[96,107,149,197],"resolve":[98],"issue.":[100],"addition":[102],"traditional":[104],"stream":[105],"attributes,":[106],"explores":[108],"spatial":[109],"temporal":[111],"characteristics":[112],"graph":[119],"representation":[120],"learning":[121],"algorithm":[122],"integrates":[124],"all":[125],"available":[126],"information":[127],"boost":[129],"decision.":[132],"To":[133],"illustrate":[134],"ST-Graph,":[138],"evaluate":[140],"two":[143,180,199],"datasets.":[144],"Experimental":[145],"results":[146],"demonstrate":[147],"that":[148,189],"outperforms":[150],"state-of-the-art":[151],"systems":[154],"also":[156],"shows":[157,207],"good":[158],"performance":[159],"efficiency,":[161],"generalizability,":[162],"robustness.":[164],"Specifically,":[165],"achieves":[167],"over":[168],"99%":[169],"precision":[170],"recall,":[172],"its":[174],"False":[175],"Positive":[176],"Rate":[177],"even":[179],"orders":[181],"magnitude":[183],"lower":[184],"than":[185],"(nearly":[186],"0.02":[187],"times)":[188],"baseline":[191],"models.":[192],"Meanwhile,":[193],"deployment":[195],"real":[200],"scenarios":[202],"for":[203,217],"around":[204],"year":[206],"an":[208],"outstanding":[209],"efficiency":[210],"only":[212],"160":[213],"seconds":[214],"time":[215],"cost":[216],"5-minute":[218],"1.7":[221],"Gbps":[222],"bandwidth.":[223]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":30},{"year":2024,"cited_by_count":20},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":1}],"updated_date":"2026-04-13T07:58:08.660418","created_date":"2025-10-10T00:00:00"}