{"id":"https://openalex.org/W4413756452","doi":"https://doi.org/10.1145/3718958.3750493","title":"Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches","display_name":"Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches","publication_year":2025,"publication_date":"2025-08-27","ids":{"openalex":"https://openalex.org/W4413756452","doi":"https://doi.org/10.1145/3718958.3750493"},"language":"en","primary_location":{"id":"doi:10.1145/3718958.3750493","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718958.3750493","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718958.3750493","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGCOMM 2025 Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3718958.3750493","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100399382","display_name":"Han Zhang","orcid":"https://orcid.org/0000-0003-4429-9959"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Han Zhang","raw_affiliation_strings":["Tsinghua University, Beijing, China","Zhongguancun Laboratory, Beijing, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-4429-9959","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003327625","display_name":"G. M. Liu","orcid":"https://orcid.org/0009-0001-4933-0276"},"institutions":[{"id":"https://openalex.org/I20231570","display_name":"Peking University","ror":"https://ror.org/02v51f717","country_code":"CN","type":"education","lineage":["https://openalex.org/I20231570"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Guyue Liu","raw_affiliation_strings":["Peking University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0001-4933-0276","affiliations":[{"raw_affiliation_string":"Peking University, Beijing, China","institution_ids":["https://openalex.org/I20231570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5047888843","display_name":"Xingang Shi","orcid":"https://orcid.org/0000-0001-6487-9526"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xingang Shi","raw_affiliation_strings":["Tsinghua University, Beijing, China","Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-6487-9526","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048578384","display_name":"Yahui Li","orcid":"https://orcid.org/0000-0002-0148-5965"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yahui Li","raw_affiliation_strings":["Tsinghua University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-0148-5965","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077110936","display_name":"Dongbiao He","orcid":"https://orcid.org/0009-0003-2479-7595"},"institutions":[{"id":"https://openalex.org/I4210135580","display_name":"AAC Technologies (China)","ror":"https://ror.org/03qckzp50","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210135580"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Dongbiao He","raw_affiliation_strings":["Sangfor Technologies Inc, ShenZhen, China"],"raw_orcid":"https://orcid.org/0009-0003-2479-7595","affiliations":[{"raw_affiliation_string":"Sangfor Technologies Inc, ShenZhen, China","institution_ids":["https://openalex.org/I4210135580"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100660344","display_name":"Jilong Wang","orcid":"https://orcid.org/0000-0002-4493-5145"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jilong Wang","raw_affiliation_strings":["Tsinghua University, Beijing, China","Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-4493-5145","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100343127","display_name":"Zhiliang Wang","orcid":"https://orcid.org/0000-0001-6587-820X"},"institutions":[{"id":"https://openalex.org/I4210088861","display_name":"Chinese Academy of Science South America Center for Astronomy","ror":"https://ror.org/0051xhq65","country_code":"CL","type":"facility","lineage":["https://openalex.org/I4210088861"]},{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CL","CN"],"is_corresponding":false,"raw_author_name":"Zhiliang Wang","raw_affiliation_strings":["Tsinghua University, Beijing, China","Zhongguancun Laboratory, Beijing, Chile"],"raw_orcid":"https://orcid.org/0000-0001-6587-820X","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, Chile","institution_ids":["https://openalex.org/I4210088861"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109297672","display_name":"Yongqing Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136246","display_name":"China Telecom (China)","ror":"https://ror.org/03jgnzt20","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210136246"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yongqing Zhu","raw_affiliation_strings":["China telecom, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0004-0243-984X","affiliations":[{"raw_affiliation_string":"China telecom, Beijing, China","institution_ids":["https://openalex.org/I4210136246"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5013647233","display_name":"Ke Ruan","orcid":"https://orcid.org/0000-0003-1987-1220"},"institutions":[{"id":"https://openalex.org/I4210136246","display_name":"China Telecom (China)","ror":"https://ror.org/03jgnzt20","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210136246"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ke Ruan","raw_affiliation_strings":["China telecom, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-1987-1220","affiliations":[{"raw_affiliation_string":"China telecom, Beijing, China","institution_ids":["https://openalex.org/I4210136246"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102157669","display_name":"Weihua Cao","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136246","display_name":"China Telecom (China)","ror":"https://ror.org/03jgnzt20","country_code":"CN","type":"company","lineage":["https://openalex.org/I4210136246"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weihua Cao","raw_affiliation_strings":["China telecom, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0009-9769-3512","affiliations":[{"raw_affiliation_string":"China telecom, Beijing, China","institution_ids":["https://openalex.org/I4210136246"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100301881","display_name":"Xia Yin","orcid":"https://orcid.org/0009-0000-0037-2777"},"institutions":[{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xia Yin","raw_affiliation_strings":["Tsinghua University, Beijing, China","Zhongguancun Laboratory, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0000-0037-2777","affiliations":[{"raw_affiliation_string":"Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]},{"raw_affiliation_string":"Zhongguancun Laboratory, Beijing, China","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":11,"corresponding_author_ids":["https://openalex.org/A5100399382"],"corresponding_institution_ids":["https://openalex.org/I99065089"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.24093476,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1254","last_page":"1256"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6909180283546448},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6745753288269043},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6661473512649536},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.42534297704696655},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3977757394313812},{"id":"https://openalex.org/keywords/computer-hardware","display_name":"Computer hardware","score":0.32181769609451294},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2915251851081848},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.1641305387020111},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.07722795009613037}],"concepts":[{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6909180283546448},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6745753288269043},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6661473512649536},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.42534297704696655},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3977757394313812},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.32181769609451294},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2915251851081848},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.1641305387020111},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.07722795009613037},{"id":"https://openalex.org/C26873012","wikidata":"https://www.wikidata.org/wiki/Q214781","display_name":"Condensed matter physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3718958.3750493","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718958.3750493","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718958.3750493","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGCOMM 2025 Conference","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3718958.3750493","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3718958.3750493","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3718958.3750493","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the ACM SIGCOMM 2025 Conference","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5692104327","display_name":null,"funder_award_id":"62394322","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335581","display_name":"Young Scientists Fund","ror":null}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4413756452.pdf","grobid_xml":"https://content.openalex.org/works/W4413756452.grobid-xml"},"referenced_works_count":4,"referenced_works":["https://openalex.org/W3217147004","https://openalex.org/W4291972732","https://openalex.org/W4312469521","https://openalex.org/W4360995354"],"related_works":["https://openalex.org/W2806741695","https://openalex.org/W4290647774","https://openalex.org/W3189286258","https://openalex.org/W3207797160","https://openalex.org/W3210364259","https://openalex.org/W4300558037","https://openalex.org/W2667207928","https://openalex.org/W2912112202","https://openalex.org/W4377864969","https://openalex.org/W3120251014"],"abstract_inverted_index":{"Attacks":[0],"against":[1],"data":[2,27,80,188],"centers":[3,28,81],"are":[4,48],"becoming":[5],"more":[6,166],"common":[7],"as":[8],"a":[9,90,106],"result":[10],"of":[11,15,26],"the":[12,23,54,84,113,122,137,187],"fast":[13],"expansion":[14],"applications.":[16],"In":[17,59,125],"order":[18],"to":[19,30,78,83,95,120,142],"keep":[20],"pace":[21],"with":[22,73,191],"growing":[24],"amount":[25],"connected":[29],"their":[31],"networks,":[32],"internet":[33,85],"service":[34,86],"providers":[35],"must":[36],"offer":[37],"comprehensive":[38],"security":[39],"services.":[40],"However,":[41],"existing":[42],"network":[43,57,69],"intrusion":[44,70],"detection":[45,71,138],"systems":[46],"(NIDS)":[47],"either":[49],"ineffective":[50],"or":[51],"inefficient":[52],"for":[53,150,171],"high-speed":[55],"encrypted":[56],"traffic.":[58,124],"this":[60],"paper,":[61],"we":[62],"design":[63],"and":[64,164,176],"implement":[65],"Mazu,":[66],"an":[67,129],"inline":[68],"system":[72],"programmable":[74],"switches":[75],"specifically":[76],"developed":[77],"protect":[79,165],"connecting":[82],"provider.":[87],"Mazu":[88,103,127,145,181],"proposes":[89,105],"dual-plane":[91],"feature":[92],"extraction":[93],"model":[94,110,139],"extract":[96],"extensive":[97],"traffic":[98,119,185],"features":[99],"at":[100,134],"near":[101],"line-speed.":[102],"also":[104],"lightweight":[107],"one-class":[108],"classification":[109],"that":[111,180],"trains":[112],"best":[114],"parameters":[115],"exclusively":[116],"on":[117],"benign":[118],"identify":[121],"malicious":[123,184],"addition,":[126],"introduces":[128],"online":[130],"update":[131],"mechanism":[132],"aimed":[133],"dynamically":[135],"adjusting":[136],"in":[140,148],"response":[141],"environmental":[143],"changes.":[144],"has":[146,157],"been":[147],"production":[149,175],"two":[151,172],"years,":[152],"during":[153],"which":[154],"time":[155],"it":[156],"identified":[158],"over":[159],"10":[160,168],"critical":[161],"attack":[162],"events":[163],"than":[167],"million":[169],"servers":[170],"ISPs.":[173],"Our":[174],"testbed":[177],"evaluations":[178],"demonstrate":[179],"can":[182],"detect":[183],"entering":[186],"center":[189],"sites":[190],"approximately":[192],"90%":[193],"accuracy":[194],"within":[195],"minutes.":[196]},"counts_by_year":[],"updated_date":"2026-04-29T09:16:38.111599","created_date":"2025-10-10T00:00:00"}