{"id":"https://openalex.org/W4413081422","doi":"https://doi.org/10.3390/jcp5030047","title":"A Multi-Feature Semantic Fusion Machine Learning Architecture for Detecting Encrypted Malicious Traffic","display_name":"A Multi-Feature Semantic Fusion Machine Learning Architecture for Detecting Encrypted Malicious Traffic","publication_year":2025,"publication_date":"2025-07-17","ids":{"openalex":"https://openalex.org/W4413081422","doi":"https://doi.org/10.3390/jcp5030047"},"language":"en","primary_location":{"id":"doi:10.3390/jcp5030047","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030047","pdf_url":"https://www.mdpi.com/2624-800X/5/3/47/pdf?version=1752718021","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/5/3/47/pdf?version=1752718021","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107678151","display_name":"Shiyu Tang","orcid":"https://orcid.org/0000-0002-6113-5086"},"institutions":[{"id":"https://openalex.org/I4210165591","display_name":"Network Group (Czechia)","ror":"https://ror.org/055hmgs82","country_code":"CZ","type":"company","lineage":["https://openalex.org/I4210165591"]},{"id":"https://openalex.org/I69356397","display_name":"Xi\u2019an Jiaotong-Liverpool University","ror":"https://ror.org/03zmrmn05","country_code":"CN","type":"education","lineage":["https://openalex.org/I69356397"]}],"countries":["CN","CZ"],"is_corresponding":false,"raw_author_name":"Shiyu Tang","raw_affiliation_strings":["Jiangsu Future Networks Innovation Institute, Nanjing 211111, China","School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Jiangsu Future Networks Innovation Institute, Nanjing 211111, China","institution_ids":["https://openalex.org/I4210165591"]},{"raw_affiliation_string":"School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China","institution_ids":["https://openalex.org/I69356397"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109730932","display_name":"Fei Du","orcid":null},"institutions":[{"id":"https://openalex.org/I69356397","display_name":"Xi\u2019an Jiaotong-Liverpool University","ror":"https://ror.org/03zmrmn05","country_code":"CN","type":"education","lineage":["https://openalex.org/I69356397"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Fei Du","raw_affiliation_strings":["School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China"],"raw_orcid":"https://orcid.org/0000-0003-2655-9307","affiliations":[{"raw_affiliation_string":"School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China","institution_ids":["https://openalex.org/I69356397"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024464918","display_name":"Zulong Diao","orcid":"https://orcid.org/0000-0001-6581-7511"},"institutions":[{"id":"https://openalex.org/I121296143","display_name":"Hunan University of Science and Technology","ror":"https://ror.org/02m9vrb24","country_code":"CN","type":"education","lineage":["https://openalex.org/I121296143"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210090176","display_name":"Institute of Computing Technology","ror":"https://ror.org/0090r4d87","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210090176"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zulong Diao","raw_affiliation_strings":["Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China","School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan 411201, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100190, China","institution_ids":["https://openalex.org/I4210090176","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Computer Science and Engineering, Hunan University of Science and Technology, Xiangtan 411201, China","institution_ids":["https://openalex.org/I121296143"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058487069","display_name":"Wenjun Fan","orcid":"https://orcid.org/0000-0002-7363-9695"},"institutions":[{"id":"https://openalex.org/I69356397","display_name":"Xi\u2019an Jiaotong-Liverpool University","ror":"https://ror.org/03zmrmn05","country_code":"CN","type":"education","lineage":["https://openalex.org/I69356397"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Wenjun Fan","raw_affiliation_strings":["School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China"],"raw_orcid":"https://orcid.org/0000-0002-7363-9695","affiliations":[{"raw_affiliation_string":"School of Advanced Technology, Xi\u2019an Jiaotong-Liverpool University, Suzhou 215123, China","institution_ids":["https://openalex.org/I69356397"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5024464918","https://openalex.org/A5058487069"],"corresponding_institution_ids":["https://openalex.org/I121296143","https://openalex.org/I19820366","https://openalex.org/I4210090176","https://openalex.org/I69356397"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":5.7171,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95819147,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":99},"biblio":{"volume":"5","issue":"3","first_page":"47","last_page":"47"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9944999814033508,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8324283361434937},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6213517785072327},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5674359798431396},{"id":"https://openalex.org/keywords/traffic-classification","display_name":"Traffic classification","score":0.5534482598304749},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.5307319760322571},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.49389320611953735},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4874534606933594},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.4642532467842102},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46158865094184875},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.46112650632858276},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.4398624897003174},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.4046877920627594},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.14384400844573975}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8324283361434937},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6213517785072327},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5674359798431396},{"id":"https://openalex.org/C169988225","wikidata":"https://www.wikidata.org/wiki/Q7832484","display_name":"Traffic classification","level":3,"score":0.5534482598304749},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.5307319760322571},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.49389320611953735},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4874534606933594},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.4642532467842102},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46158865094184875},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.46112650632858276},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.4398624897003174},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.4046877920627594},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.14384400844573975},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3390/jcp5030047","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030047","pdf_url":"https://www.mdpi.com/2624-800X/5/3/47/pdf?version=1752718021","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:27969ace5ba246d3b36546390ba5225f","is_oa":true,"landing_page_url":"https://doaj.org/article/27969ace5ba246d3b36546390ba5225f","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy, Vol 5, Iss 3, p 47 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/jcp5030047","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp5030047","pdf_url":"https://www.mdpi.com/2624-800X/5/3/47/pdf?version=1752718021","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.5699999928474426}],"awards":[{"id":"https://openalex.org/G4115898974","display_name":null,"funder_award_id":"TDF21/22-R24-177","funder_id":"https://openalex.org/F4320324032","funder_display_name":"Xi\u2019an Jiaotong-Liverpool University"},{"id":"https://openalex.org/G5539584389","display_name":null,"funder_award_id":"YZCXPT2022103","funder_id":"https://openalex.org/F4320324032","funder_display_name":"Xi\u2019an Jiaotong-Liverpool University"}],"funders":[{"id":"https://openalex.org/F4320321605","display_name":"Government of Jiangsu Province","ror":"https://ror.org/004svx814"},{"id":"https://openalex.org/F4320324032","display_name":"Xi\u2019an Jiaotong-Liverpool University","ror":"https://ror.org/03zmrmn05"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4413081422.pdf","grobid_xml":"https://content.openalex.org/works/W4413081422.grobid-xml"},"referenced_works_count":33,"referenced_works":["https://openalex.org/W162739366","https://openalex.org/W2119461845","https://openalex.org/W2278186031","https://openalex.org/W2507228165","https://openalex.org/W2591712613","https://openalex.org/W2743556905","https://openalex.org/W2892062861","https://openalex.org/W2897202622","https://openalex.org/W2988889042","https://openalex.org/W3005641848","https://openalex.org/W3037103249","https://openalex.org/W3095485896","https://openalex.org/W3116274835","https://openalex.org/W3135091917","https://openalex.org/W3173170122","https://openalex.org/W3181596493","https://openalex.org/W3186172578","https://openalex.org/W4213315944","https://openalex.org/W4294297975","https://openalex.org/W4296229353","https://openalex.org/W4361010174","https://openalex.org/W4381744402","https://openalex.org/W4385444612","https://openalex.org/W4388867311","https://openalex.org/W4391345033","https://openalex.org/W4392364798","https://openalex.org/W4399181772","https://openalex.org/W4401004521","https://openalex.org/W4402118173","https://openalex.org/W4402339072","https://openalex.org/W4405394913","https://openalex.org/W4411204262","https://openalex.org/W6922159380"],"related_works":["https://openalex.org/W2179036394","https://openalex.org/W2613715541","https://openalex.org/W2013909972","https://openalex.org/W2904808447","https://openalex.org/W2280598164","https://openalex.org/W2993555267","https://openalex.org/W4388425184","https://openalex.org/W2189092700","https://openalex.org/W4241302526","https://openalex.org/W2925487447"],"abstract_inverted_index":{"With":[0],"the":[1,65,70,94,132,144,151],"increasing":[2],"sophistication":[3],"of":[4,67,72,97,136,158,167,175],"network":[5],"attacks,":[6],"machine":[7],"learning":[8],"(ML)-based":[9],"methods":[10,20],"have":[11],"showcased":[12],"promising":[13],"performance":[14,186],"in":[15,69],"attack":[16],"detection.":[17,139],"However,":[18],"ML-based":[19],"often":[21],"suffer":[22],"from":[23],"high":[24,184],"false":[25,163,171],"rates":[26],"when":[27],"tackling":[28],"encrypted":[29,41,58,188],"malicious":[30,59,137,189],"traffic.":[31,190],"To":[32],"break":[33],"through":[34],"these":[35],"bottlenecks,":[36],"we":[37],"propose":[38],"EFTransformer,":[39],"an":[40,156],"flow":[42],"transformer":[43],"framework":[44],"which":[45],"inherits":[46],"semantic":[47],"perception":[48],"and":[49,55,61,75,87,107,113,116,121,134,169],"multi-scale":[50],"feature":[51,76],"fusion,":[52,129],"can":[53],"robustly":[54],"efficiently":[56],"detect":[57],"traffic,":[60],"make":[62],"up":[63,159],"for":[64],"shortcomings":[66],"ML":[68],"context":[71],"modeling":[73],"ability":[74,96],"adequacy.":[77],"EFTransformer":[78,149,182],"introduces":[79],"a":[80,88,101,118,162,170],"channel-level":[81],"extraction":[82],"mechanism":[83],"based":[84],"on":[85,143],"quintuples":[86],"noise-aware":[89],"clustering":[90],"strategy":[91],"to":[92,109,125,160],"enhance":[93],"recognition":[95],"traffic":[98,138],"patterns;":[99],"adopts":[100],"dual-channel":[102],"embedding":[103],"method,":[104],"using":[105],"Word2Vec":[106],"FastText":[108],"capture":[110],"global":[111],"semantics":[112],"subword-level":[114],"changes;":[115],"uses":[117],"Transformer-based":[119],"classifier":[120],"attention":[122],"pooling":[123],"module":[124],"achieve":[126],"dynamic":[127],"feature-weighted":[128],"thereby":[130],"improving":[131],"robustness":[133],"accuracy":[135,157],"Our":[140],"systematic":[141],"experiments":[142],"ISCX2012":[145],"dataset":[146],"demonstrate":[147],"that":[148,181],"achieves":[150,183],"best":[152],"detection":[153,185],"performance,":[154],"with":[155],"95.26%,":[161],"positive":[164],"rate":[165,173],"(FPR)":[166],"6.19%,":[168],"negative":[172],"(FNR)":[174],"only":[176],"5.85%.":[177],"These":[178],"results":[179],"show":[180],"against":[187]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}