{"id":"https://openalex.org/W4396723284","doi":"https://doi.org/10.1145/3589334.3645479","title":"ContraMTD: An Unsupervised Malicious Network Traffic Detection Method based on Contrastive Learning","display_name":"ContraMTD: An Unsupervised Malicious Network Traffic Detection Method based on Contrastive Learning","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4396723284","doi":"https://doi.org/10.1145/3589334.3645479"},"language":"en","primary_location":{"id":"doi:10.1145/3589334.3645479","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589334.3645479","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5081289998","display_name":"Xueying Han","orcid":"https://orcid.org/0009-0001-2881-9259"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xueying Han","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0001-2881-9259","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5022355020","display_name":"Susu Cui","orcid":"https://orcid.org/0000-0001-5249-5699"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Susu Cui","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-5249-5699","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005976223","display_name":"Jian Qin","orcid":"https://orcid.org/0000-0003-3992-8087"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jian Qin","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-3992-8087","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005144050","display_name":"Song Liu","orcid":"https://orcid.org/0000-0001-5812-8902"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Song Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-5812-8902","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102920589","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0002-7185-990X"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-7185-990X","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054446049","display_name":"Cong Dong","orcid":"https://orcid.org/0000-0001-7581-7160"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Cong Dong","raw_affiliation_strings":["Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-7581-7160","affiliations":[{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5006911293","display_name":"Zhigang Lu","orcid":"https://orcid.org/0000-0002-2552-6231"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-2552-6231","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031113046","display_name":"Baoxu Liu","orcid":"https://orcid.org/0009-0006-9851-5548"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Baoxu Liu","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0006-9851-5548","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":7.9421,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.97801721,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1680","last_page":"1689"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9936000108718872,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7911832332611084},{"id":"https://openalex.org/keywords/unsupervised-learning","display_name":"Unsupervised learning","score":0.5581181645393372},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5220934152603149},{"id":"https://openalex.org/keywords/contrastive-analysis","display_name":"Contrastive analysis","score":0.4421709179878235},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3474467396736145},{"id":"https://openalex.org/keywords/linguistics","display_name":"Linguistics","score":0.06018933653831482}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7911832332611084},{"id":"https://openalex.org/C8038995","wikidata":"https://www.wikidata.org/wiki/Q1152135","display_name":"Unsupervised learning","level":2,"score":0.5581181645393372},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5220934152603149},{"id":"https://openalex.org/C2777629044","wikidata":"https://www.wikidata.org/wiki/Q614959","display_name":"Contrastive analysis","level":2,"score":0.4421709179878235},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3474467396736145},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.06018933653831482},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3589334.3645479","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3589334.3645479","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM Web Conference 2024","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G7350283172","display_name":null,"funder_award_id":"No.2023YFC2206402","funder_id":"https://openalex.org/F4320323817","funder_display_name":"Universitas Brawijaya"}],"funders":[{"id":"https://openalex.org/F4320323817","display_name":"Universitas Brawijaya","ror":"https://ror.org/01wk3d929"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W1536395052","https://openalex.org/W2062173166","https://openalex.org/W2065890363","https://openalex.org/W2116065364","https://openalex.org/W2124863430","https://openalex.org/W2789828921","https://openalex.org/W2944250323","https://openalex.org/W2966284335","https://openalex.org/W2998336824","https://openalex.org/W3004179294","https://openalex.org/W3118220620","https://openalex.org/W3128341305","https://openalex.org/W3133518153","https://openalex.org/W3156522613","https://openalex.org/W3188916965","https://openalex.org/W3210350882","https://openalex.org/W4240946707","https://openalex.org/W4283210230","https://openalex.org/W4306406279","https://openalex.org/W4313378981","https://openalex.org/W4323275401","https://openalex.org/W4360995354","https://openalex.org/W4361289962","https://openalex.org/W4382239148","https://openalex.org/W4385444612","https://openalex.org/W4387007222"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W3107602296","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Malicious":[0],"traffic":[1,129,152,186],"detection":[2],"has":[3],"been":[4],"a":[5,21,83,101,154,166],"focal":[6],"point":[7],"in":[8,64,71,180],"the":[9,49,91,142,170,181],"field":[10],"of":[11,26,183],"network":[12,128],"security,":[13],"and":[14,37,88,94,114,122,133,148,169],"deep":[15],"learning-based":[16],"approaches":[17],"are":[18,28,57],"emerging":[19],"as":[20],"new":[22],"paradigm.":[23],"However,":[24],"most":[25],"them":[27],"supervised":[29],"methods,":[30],"which":[31,109],"highly":[32],"depend":[33],"on":[34,80,106,162],"well-labeled":[35],"data,":[36,53],"fail":[38],"to":[39,60,140],"handle":[40],"unknown":[41],"or":[42,70],"continuously":[43],"evolving":[44],"attacks.":[45],"Unsupervised":[46],"methods":[47,56,179],"alleviate":[48],"need":[50],"for":[51],"labeled":[52],"but":[54],"existing":[55],"often":[58],"limited":[59],"detecting":[61],"anomalies":[62],"either":[63],"vertical":[65,113],"perspective":[66,73,85],"through":[67,153],"historical":[68],"comparisons":[69],"horizontal":[72,115],"by":[74,130],"comparing":[75],"with":[76],"concurrent":[77],"entities.":[78],"Relying":[79],"data":[81],"from":[82,126],"single":[84],"is":[86],"unreliable,":[87],"it":[89],"limits":[90],"model's":[92],"accuracy":[93],"generalizability.":[95],"In":[96],"this":[97],"paper,":[98],"we":[99],"propose":[100],"novel":[102],"method":[103,175],"ContraMTD":[104,117],"based":[105],"contrastive":[107,138],"learning,":[108],"comprehensively":[110],"considers":[111],"both":[112],"perspectives.":[116],"extracts":[118],"local":[119],"behavior":[120],"features":[121,125],"global":[123],"interaction":[124],"normal":[127],"proposed":[131],"SEC":[132],"DE-GAT":[134],"respectively,":[135],"then":[136],"employs":[137],"learning":[139],"learn":[141],"relationship,":[143],"especially":[144],"consistency":[145],"between":[146],"them,":[147],"finally":[149],"detects":[150],"malicious":[151,185],"multi-round":[155],"scoring":[156],"approach.":[157],"We":[158],"conduct":[159],"extensive":[160],"experiments":[161],"three":[163],"datasets,":[164],"including":[165],"self-collected":[167],"dataset,":[168],"results":[171],"demonstrate":[172],"that":[173],"our":[174],"outperforms":[176],"many":[177],"state-of-the-art":[178],"domain":[182],"unsupervised":[184],"detection.":[187]},"counts_by_year":[{"year":2026,"cited_by_count":6},{"year":2025,"cited_by_count":18},{"year":2024,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}