{"id":"https://openalex.org/W7125634779","doi":"https://doi.org/10.1186/s42400-025-00522-x","title":"MTDecipher: robust encrypted malicious traffic detection via multi-task graph neural networks","display_name":"MTDecipher: robust encrypted malicious traffic detection via multi-task graph neural networks","publication_year":2026,"publication_date":"2026-01-26","ids":{"openalex":"https://openalex.org/W7125634779","doi":"https://doi.org/10.1186/s42400-025-00522-x"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-025-00522-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00522-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00522-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00522-x.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5123789090","display_name":"Fan Li","orcid":null},"institutions":[{"id":"https://openalex.org/I158809036","display_name":"Shenzhen Institute of Information Technology","ror":"https://ror.org/03wrf9427","country_code":"CN","type":"education","lineage":["https://openalex.org/I158809036"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]},{"id":"https://openalex.org/I4210152380","display_name":"Shenzhen Technology University","ror":"https://ror.org/04qzpec27","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210152380"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fan Li","raw_affiliation_strings":["Department of New Networks, Peng Cheng Laboratory, Shenzhen, 518000, Guangdong, China","School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, 518071, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, 518000, Guangdong, China","institution_ids":["https://openalex.org/I4210136793"]},{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, 518071, Guangdong, China","institution_ids":["https://openalex.org/I158809036","https://openalex.org/I4210152380","https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123818060","display_name":"Xi Luo","orcid":null},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xi Luo","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, Guangdong, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123790674","display_name":"Weihong Han","orcid":null},"institutions":[{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weihong Han","raw_affiliation_strings":["Department of New Networks, Peng Cheng Laboratory, Shenzhen, 518000, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Department of New Networks, Peng Cheng Laboratory, Shenzhen, 518000, Guangdong, China","institution_ids":["https://openalex.org/I4210136793"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123787766","display_name":"Binxing Fang","orcid":null},"institutions":[{"id":"https://openalex.org/I158809036","display_name":"Shenzhen Institute of Information Technology","ror":"https://ror.org/03wrf9427","country_code":"CN","type":"education","lineage":["https://openalex.org/I158809036"]},{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]},{"id":"https://openalex.org/I4210152380","display_name":"Shenzhen Technology University","ror":"https://ror.org/04qzpec27","country_code":"CN","type":"education","lineage":["https://openalex.org/I4210152380"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Binxing Fang","raw_affiliation_strings":["School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, 518071, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Technology, Harbin Institute of Technology (Shenzhen), Shenzhen, 518071, Guangdong, China","institution_ids":["https://openalex.org/I158809036","https://openalex.org/I4210152380","https://openalex.org/I204983213"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5123811086","display_name":"Lihua Yin","orcid":null},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lihua Yin","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, Guangdong, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, 510006, Guangdong, China","institution_ids":["https://openalex.org/I37987034"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5123787766"],"corresponding_institution_ids":["https://openalex.org/I158809036","https://openalex.org/I204983213","https://openalex.org/I4210152380"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.25033845,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"9","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.984000027179718,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.984000027179718,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.004999999888241291,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.0010000000474974513,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.7427999973297119},{"id":"https://openalex.org/keywords/pooling","display_name":"Pooling","score":0.6672000288963318},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.6424999833106995},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5151000022888184},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.49810001254081726},{"id":"https://openalex.org/keywords/encoder","display_name":"Encoder","score":0.4948999881744385},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.44760000705718994},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.4189000129699707},{"id":"https://openalex.org/keywords/node","display_name":"Node (physics)","score":0.37369999289512634}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7742999792098999},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.7427999973297119},{"id":"https://openalex.org/C70437156","wikidata":"https://www.wikidata.org/wiki/Q7228652","display_name":"Pooling","level":2,"score":0.6672000288963318},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.6424999833106995},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5540000200271606},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5151000022888184},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.49810001254081726},{"id":"https://openalex.org/C118505674","wikidata":"https://www.wikidata.org/wiki/Q42586063","display_name":"Encoder","level":2,"score":0.4948999881744385},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.44760000705718994},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.43860000371932983},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.4189000129699707},{"id":"https://openalex.org/C62611344","wikidata":"https://www.wikidata.org/wiki/Q1062658","display_name":"Node (physics)","level":2,"score":0.37369999289512634},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.3603000044822693},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.3555000126361847},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3467999994754791},{"id":"https://openalex.org/C125411270","wikidata":"https://www.wikidata.org/wiki/Q18653","display_name":"Encoding (memory)","level":2,"score":0.3456999957561493},{"id":"https://openalex.org/C197129107","wikidata":"https://www.wikidata.org/wiki/Q1921621","display_name":"Merge (version control)","level":2,"score":0.3100999891757965},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.3086000084877014},{"id":"https://openalex.org/C179518139","wikidata":"https://www.wikidata.org/wiki/Q5140297","display_name":"Coding (social sciences)","level":2,"score":0.28439998626708984},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.28439998626708984},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.27639999985694885},{"id":"https://openalex.org/C2779227376","wikidata":"https://www.wikidata.org/wiki/Q6505497","display_name":"Layer (electronics)","level":2,"score":0.2759000062942505},{"id":"https://openalex.org/C2780980858","wikidata":"https://www.wikidata.org/wiki/Q110022","display_name":"Dual (grammatical number)","level":2,"score":0.26739999651908875},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.26600000262260437},{"id":"https://openalex.org/C2778112365","wikidata":"https://www.wikidata.org/wiki/Q3511065","display_name":"Sequence (biology)","level":2,"score":0.26409998536109924},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.25760000944137573},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.2565000057220459}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1186/s42400-025-00522-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00522-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00522-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:63d738ea00b448e399941ed0e2f8c9e7","is_oa":true,"landing_page_url":"https://doaj.org/article/63d738ea00b448e399941ed0e2f8c9e7","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 9, Iss 1, Pp 1-21 (2026)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-025-00522-x","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-025-00522-x","pdf_url":"https://link.springer.com/content/pdf/10.1186/s42400-025-00522-x.pdf","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5567181706428528}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W7125634779.pdf","grobid_xml":"https://content.openalex.org/works/W7125634779.grobid-xml"},"referenced_works_count":41,"referenced_works":["https://openalex.org/W2000756828","https://openalex.org/W2092685198","https://openalex.org/W2157949690","https://openalex.org/W2334853001","https://openalex.org/W2743556905","https://openalex.org/W2745034467","https://openalex.org/W2890559797","https://openalex.org/W2907492528","https://openalex.org/W2911038074","https://openalex.org/W2919493784","https://openalex.org/W2963516518","https://openalex.org/W3033091443","https://openalex.org/W3116203245","https://openalex.org/W3120227884","https://openalex.org/W3134226201","https://openalex.org/W3208773001","https://openalex.org/W3213111842","https://openalex.org/W4224315052","https://openalex.org/W4283209458","https://openalex.org/W4283661164","https://openalex.org/W4287691174","https://openalex.org/W4290874972","https://openalex.org/W4296438248","https://openalex.org/W4306406279","https://openalex.org/W4312408104","https://openalex.org/W4312935532","https://openalex.org/W4313416701","https://openalex.org/W4319966459","https://openalex.org/W4386630009","https://openalex.org/W4387007222","https://openalex.org/W4389034028","https://openalex.org/W4390447120","https://openalex.org/W4393219177","https://openalex.org/W4393379748","https://openalex.org/W4396792110","https://openalex.org/W4399147165","https://openalex.org/W4399492013","https://openalex.org/W4402883814","https://openalex.org/W4408494260","https://openalex.org/W4409839285","https://openalex.org/W4414128359"],"related_works":[],"abstract_inverted_index":{"Abstract":[0],"The":[1],"widespread":[2],"adoption":[3],"of":[4,13,29,85,118,128,168,191,215,236],"encrypted":[5,64,156,240],"traffic":[6,53,66,90,157,225],"protocols":[7],"has":[8],"significantly":[9],"increased":[10],"the":[11,83,110,115,121,141,151,161,183,189,195,199,213],"challenge":[12],"detecting":[14,63,239],"malicious":[15,65,192,241],"traffic.":[16,119,242],"Existing":[17],"detection":[18],"methods":[19,233],"based":[20,67],"on":[21,26,68,92,220],"deep":[22],"learning":[23],"typically":[24],"rely":[25],"fine-grained":[27],"features":[28,42],"data":[30],"packets,":[31],"such":[32],"as":[33,178],"length":[34,94],"sequences":[35],"and":[36,52,89,103,132,204],"intra-flow":[37],"interaction":[38],"graphs.":[39],"However,":[40],"these":[41],"are":[43,170,208],"highly":[44],"susceptible":[45],"to":[46,81,108,139,172],"disruption":[47],"by":[48,114,144],"diverse":[49,86],"network":[50,87],"environments":[51,88],"obfuscation.":[54],"This":[55],"paper":[56],"proposes":[57],"MTDecipher,":[58],"a":[59,76,104,126,129],"robust":[60,155],"method":[61,102],"for":[62,147,201],"multi-task":[69,105,196],"Graph":[70],"Neural":[71],"Network":[72],"(GNN).":[73],"MTDecipher":[74,229],"employs":[75],"bidirectional":[77,122,142],"attentive":[78,123],"sequence":[79,124,158],"encoder":[80],"mitigate":[82,109],"impact":[84],"obfuscation":[91,226],"packet":[93],"sequences,":[95],"along":[96],"with":[97,224],"an":[98,133],"edge-block":[99,162],"dual":[100,163],"sampling":[101,164,169],"GNN":[106,197],"model":[107],"training":[111,179],"bias":[112,186],"introduced":[113],"unbalanced":[116],"distribution":[117],"In":[120,160,194],"encoder,":[125],"combination":[127],"Bi-GRU":[130],"layer":[131,136],"attention":[134],"pooling":[135],"is":[137],"utilized":[138],"enhance":[140],"encoding":[143],"generating":[145],"weights":[146],"each":[148],"element":[149],"in":[150,234,238],"sequence,":[152],"thereby":[153,211],"obtaining":[154],"features.":[159],"method,":[165],"two":[166,221],"rounds":[167],"involved":[171],"generate":[173],"more":[174],"evenly":[175],"distributed":[176],"subgraphs":[177],"data,":[180],"which":[181],"reduces":[182],"local":[184],"structural":[185],"resulting":[187],"from":[188],"aggregation":[190],"flows.":[193],"model,":[198],"losses":[200],"both":[202],"edge":[203],"node":[205],"classification":[206],"tasks":[207],"simultaneously":[209],"optimized,":[210],"minimizing":[212],"homogeneity":[214],"adjacent":[216],"edges.":[217],"Experimental":[218],"results":[219],"real-world":[222],"datasets":[223],"demonstrate":[227],"that":[228],"outperforms":[230],"eight":[231],"existing":[232],"terms":[235],"effectiveness":[237]},"counts_by_year":[],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2026-01-26T00:00:00"}