{"id":"https://openalex.org/W4389366465","doi":"https://doi.org/10.1145/3628797.3628874","title":"A Machine Learning-Based Framework for Detecting Malicious HTTPS Traffic","display_name":"A Machine Learning-Based Framework for Detecting Malicious HTTPS Traffic","publication_year":2023,"publication_date":"2023-12-06","ids":{"openalex":"https://openalex.org/W4389366465","doi":"https://doi.org/10.1145/3628797.3628874"},"language":"en","primary_location":{"id":"doi:10.1145/3628797.3628874","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3628797.3628874","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th International Symposium on Information and Communication Technology","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087894643","display_name":"Tung Bui","orcid":"https://orcid.org/0000-0003-2427-5634"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":true,"raw_author_name":"Tung Bui","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5026992540","display_name":"Duc Tran","orcid":"https://orcid.org/0000-0001-7251-3516"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Tran Duc","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086404434","display_name":"Nguy\u1ec5n Linh Giang","orcid":"https://orcid.org/0000-0002-2121-2411"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Nguyen Linh Giang","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062331587","display_name":"Nguyen Hien","orcid":"https://orcid.org/0009-0005-2630-0612"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Nguyen Hien","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016478119","display_name":"Nguy\u1ec5n Th\u00e0nh","orcid":"https://orcid.org/0009-0008-2193-4714"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Nguyen Thanh","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5055909403","display_name":"Khanh Nguyen Quoc","orcid":"https://orcid.org/0000-0001-8591-7165"},"institutions":[{"id":"https://openalex.org/I94518387","display_name":"Hanoi University of Science and Technology","ror":"https://ror.org/04nyv3z04","country_code":"VN","type":"education","lineage":["https://openalex.org/I94518387"]}],"countries":["VN"],"is_corresponding":false,"raw_author_name":"Nguyen Khanh","raw_affiliation_strings":["Hanoi University of Science and Technology, Viet Nam"],"affiliations":[{"raw_affiliation_string":"Hanoi University of Science and Technology, Viet Nam","institution_ids":["https://openalex.org/I94518387"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5087894643"],"corresponding_institution_ids":["https://openalex.org/I94518387"],"apc_list":null,"apc_paid":null,"fwci":0.8036,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.74646241,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"769","last_page":"776"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8341543674468994},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.6895177364349365},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.6605492234230042},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6233435273170471},{"id":"https://openalex.org/keywords/traffic-classification","display_name":"Traffic classification","score":0.6161060929298401},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6134509444236755},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5274938344955444},{"id":"https://openalex.org/keywords/feature-selection","display_name":"Feature selection","score":0.5256779789924622},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.49042126536369324},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.47455841302871704},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.4574960172176361},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.4403602182865143},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.43975159525871277},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3784368634223938},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.36501139402389526},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.31538090109825134},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3140217661857605},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17016497254371643},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.12585830688476562}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8341543674468994},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.6895177364349365},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.6605492234230042},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6233435273170471},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.6161060929298401},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6134509444236755},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5274938344955444},{"id":"https://openalex.org/C148483581","wikidata":"https://www.wikidata.org/wiki/Q446488","display_name":"Feature selection","level":2,"score":0.5256779789924622},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.49042126536369324},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.47455841302871704},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.4574960172176361},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.4403602182865143},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.43975159525871277},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3784368634223938},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.36501139402389526},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.31538090109825134},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3140217661857605},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17016497254371643},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.12585830688476562},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3628797.3628874","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3628797.3628874","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 12th International Symposium on Information and Communication Technology","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","score":0.4699999988079071,"display_name":"Reduced inequalities"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2077488147","https://openalex.org/W2537766808","https://openalex.org/W2743556905","https://openalex.org/W2885743621","https://openalex.org/W2906631928","https://openalex.org/W2912711574","https://openalex.org/W2963065250","https://openalex.org/W3006050125","https://openalex.org/W3027247563","https://openalex.org/W3114031232","https://openalex.org/W4306406279"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W2964663688","https://openalex.org/W3171671300","https://openalex.org/W2062731068","https://openalex.org/W4293901154","https://openalex.org/W2073876080","https://openalex.org/W4293088549","https://openalex.org/W4296473472","https://openalex.org/W3174245262"],"abstract_inverted_index":{"Malicious":[0],"traffic":[1,63,81,98,111,178],"detection":[2,82,112,171],"plays":[3],"an":[4,164,202],"essential":[5],"role":[6],"for":[7,109,176],"Network":[8,22],"Operators":[9],"to":[10,31,40,61,95,162,168],"prevent":[11],"attackers":[12],"from":[13],"manipulating":[14],"the":[15,19,33,42,50,97,136,140,170,181,198],"network":[16,70],"systems.":[17],"In":[18],"past,":[20],"many":[21,76],"Intrusion":[23,141],"Detection":[24,142],"Systems":[25],"(e.g.,":[26,64],"Snort,":[27],"etc.)":[28,67],"were":[29],"designed":[30],"inspect":[32],"packets":[34],"using":[35,84,92,186],"pre-defined":[36],"rules":[37],"in":[38,49,125,145,207],"order":[39],"identify":[41],"malicious":[43,80,110,177],"traffic.":[44],"Despite":[45],"achieving":[46],"good":[47],"performance":[48,130],"context":[51],"of":[52,72,107,139,154,204],"non-encrypted":[53],"traffic,":[54],"these":[55,121],"systems":[56],"are":[57,103],"ineffective":[58],"nowadays":[59],"due":[60],"encrypted":[62],"HTTPS,":[65],"QUIC,":[66],"and":[68,116,129,157,173,191],"complex":[69],"behaviors":[71],"compromised":[73],"computers.":[74],"Therefore,":[75,144],"studies":[77],"focus":[78],"on":[79],"mechanisms":[83],"Machine":[85],"Learning":[86],"(ML),":[87],"which":[88],"analyzes":[89],"flow-based":[90,155],"features":[91,108,115,122,156],"ML":[93],"algorithms":[94],"detect":[96],"generated":[99],"by":[100],"malware.":[101],"There":[102],"two":[104],"main":[105],"kinds":[106,153],"containing":[113],"protocol-agnostic":[114],"TLS/SSL":[117],"features.":[118],"Using":[119],"all":[120],"can":[123,200],"result":[124],"high":[126],"time":[127,175],"complexity":[128],"degradation,":[131],"so":[132],"it":[133],"cannot":[134],"meet":[135],"real-time":[137],"requirement":[138],"Systems.":[143],"this":[146],"paper,":[147],"we":[148],"take":[149],"into":[150],"account":[151],"different":[152],"implement":[158],"a":[159],"feature":[160,166],"selection":[161],"select":[163],"appropriate":[165],"set":[167],"improve":[169],"accuracy":[172,203],"execution":[174],"detection.":[179],"Besides,":[180],"proposed":[182],"framework":[183,199],"is":[184],"evaluated":[185],"various":[187],"datasets:":[188],"CTU-13,":[189],"MCFP,":[190],"CIC-AndMal201.":[192],"The":[193],"experimental":[194],"results":[195],"show":[196],"that":[197],"achieve":[201],"99":[205],"percent":[206],"considered":[208],"scenarios.":[209]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}