{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T01:48:33Z","timestamp":1780624113170,"version":"3.54.1"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"9","license":[{"start":{"date-parts":[[2020,6,29]],"date-time":"2020-06-29T00:00:00Z","timestamp":1593388800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,6,29]],"date-time":"2020-06-29T00:00:00Z","timestamp":1593388800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["No. 61802404"],"award-info":[{"award-number":["No. 61802404"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"Natural Science Foundation of China","doi-asserted-by":"crossref","award":["No. 61602470"],"award-info":[{"award-number":["No. 61602470"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Strategic Priority Research Program of Chinese Academy of Sciences","award":["No. XDC02040100"],"award-info":[{"award-number":["No. XDC02040100"]}]},{"name":"Fundamental Research Funds for the Central Universities of China\u00a0University of\u00a0Labor\u00a0Relations","award":["No. 20ZYJS017"],"award-info":[{"award-number":["No. 20ZYJS017"]}]},{"name":"Fundamental Research Funds for the Central Universities of China\u00a0University of\u00a0Labor\u00a0Relations","award":["No. 20XYJS003"],"award-info":[{"award-number":["No. 20XYJS003"]}]},{"name":"Key Research Program of Beijing Municipal Science & Technology Commission","award":["No. D181100000618003"],"award-info":[{"award-number":["No. D181100000618003"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Supercomput"],"published-print":{"date-parts":[[2020,9]]},"DOI":"10.1007\/s11227-020-03372-1","type":"journal-article","created":{"date-parts":[[2020,6,29]],"date-time":"2020-06-29T10:02:43Z","timestamp":1593424963000},"page":"7489-7518","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":35,"title":["THS-IDPC: A three-stage hierarchical sampling method based on improved density peaks clustering algorithm for encrypted malicious traffic detection"],"prefix":"10.1007","volume":"76","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3417-5840","authenticated-orcid":false,"given":"Liangchen","family":"Chen","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Shu","family":"Gao","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baoxu","family":"Liu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhigang","family":"Lu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhengwei","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2020,6,29]]},"reference":[{"issue":"5","key":"3372_CR1","doi-asserted-by":"publisher","first-page":"151","DOI":"10.23919\/JCC.2020.05.013","volume":"17","author":"C Liangchen","year":"2020","unstructured":"Liangchen C, Shu G, Baoxu L et al (2020) FEW-NNN: a fuzzy entropy weighted natural nearest neighbor method for flow-based network traffic attack detection. China Commun 17(5):151\u2013167","journal-title":"China Commun"},{"issue":"7","key":"3372_CR2","first-page":"130","volume":"125","author":"SS Anish","year":"2019","unstructured":"Anish SS, Fabio DT, Mark S (2019) Feature analysis of encrypted malicious traffic. Expert Syst Appl 125(7):130\u2013141","journal-title":"Expert Syst Appl"},{"key":"3372_CR3","doi-asserted-by":"publisher","first-page":"100014","DOI":"10.1109\/ACCESS.2019.2930717","volume":"7","author":"JY Liu","year":"2019","unstructured":"Liu JY, Tian ZY (2019) A distance-based method for building an encrypted malware traffic identification framework. IEEE ACCESS 7:100014\u2013100028","journal-title":"IEEE ACCESS"},{"key":"3372_CR4","doi-asserted-by":"crossref","unstructured":"Kovanen T, David G, H\u00e4m\u00e4l\u00e4inen T (2016) Survey: Intrusion Detection Systems in Encrypted Traffic. In: SMART. Springer, Berlin","DOI":"10.1007\/978-3-319-46301-8_23"},{"key":"3372_CR5","unstructured":"CTU University. The malware capture facility project dataset [EB\/OL]. https:\/\/www.stratosphereips.org\/datasets-malware\/"},{"key":"3372_CR6","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","volume":"45","author":"S Garcia","year":"2014","unstructured":"Garcia S, Grill M, Stiborek J (2014) An empirical comparison of botnet detection methods. Comput Secur 45:100\u2013123","journal-title":"Comput Secur"},{"key":"3372_CR7","unstructured":"Brad Duncan. malware-traffic-analysis. https:\/\/www.malware-traffic-analysis.net\/"},{"issue":"1","key":"3372_CR8","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1109\/MSP.2009.12","volume":"7","author":"F Callegati","year":"2009","unstructured":"Callegati F, Cerroni W, Ramilli M (2009) Man-in-the-middle attack to the HTTPS protocol. IEEE Secur Priv 7(1):78\u201381","journal-title":"IEEE Secur Priv"},{"issue":"3","key":"3372_CR9","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/s11416-017-0306-6","volume":"14","author":"B Anderson","year":"2018","unstructured":"Anderson B, Paul S, McGrew D (2018) Deciphering malware\u2019s use of TLS (without decryption). J Comput Virol Hacking Techn 14(3):195\u2013211","journal-title":"J Comput Virol Hacking Techn"},{"key":"3372_CR10","doi-asserted-by":"crossref","unstructured":"Anderson B, McGrew D (2016) Identifying encrypted malware traffic with contextual flow data. In: Proceedings of ACM Workshop on Artificial Intelligence and Security Conference, pp 35\u201346","DOI":"10.1145\/2996758.2996768"},{"key":"3372_CR11","doi-asserted-by":"crossref","unstructured":"Amoli PV, H\u00e4m\u00e4l\u00e4inen T (2013) A real time unsupervised NIDS for detecting unknown and encrypted network attacks in high speed network. In: Proceedings of IEEE International Workshop on Measurements and Networking Conference, pp 149\u2013154","DOI":"10.1109\/IWMN.2013.6663794"},{"key":"3372_CR12","unstructured":"Modi J (2019) Detecting ransomware in encrypted network traffic using machine learning. A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Applied Science in the Department of Electrical and Computer Engineering"},{"key":"3372_CR13","doi-asserted-by":"crossref","unstructured":"Prasse P, Machlica L, Pevn T (2017) Malware detection by analysing encrypted network traffic with neural networks. In: Proceedings of IEEE ECML PKDD Conference, pp. 73\u201388","DOI":"10.1007\/978-3-319-71246-8_5"},{"key":"3372_CR14","unstructured":"Shah J (2018) Detection of malicious Encrypted Web Traffic using Machine Learning. A Project Report Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Engineering"},{"key":"3372_CR15","doi-asserted-by":"crossref","unstructured":"Lokoc J, Kohout J, Cech P (2016) k-NN classification of malware in HTTPS traffic using the metric space approach. In: Proceedings of Springer Intelligence and Security Informatics Conference, pp 131\u2013145","DOI":"10.1007\/978-3-319-31863-9_10"},{"key":"3372_CR16","doi-asserted-by":"crossref","unstructured":"Anderson B, McGrew DA (2017) Machine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity. In: Proceedings of ACM SIGKDD Conference, pp 1723\u20131732","DOI":"10.1145\/3097983.3098163"},{"key":"3372_CR17","doi-asserted-by":"crossref","unstructured":"Su LY, Yao YP, Li N et al (2018) Hierarchical clustering based network traffic data reduction for improving suspicious flow detection. In: Proceedings of IEEE TrustCom\/BigDataSE Conference, pp 744\u2013753","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00108"},{"issue":"2","key":"3372_CR18","first-page":"1","volume":"9","author":"Y Yang","year":"2019","unstructured":"Yang Y, Zheng K, Wu C et al (2019) Building an effective intrusion detection system using the modified density peaks clustering algorithm and deep belief networks. Appl Sci 9(2):1\u201325","journal-title":"Appl Sci"},{"key":"3372_CR19","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1016\/j.chaos.2018.03.010","volume":"110","author":"L Li","year":"2018","unstructured":"Li L, Zhang H, Peng H (2018) Nearest neighbors based density peaks approach to intrusion detection. Chaos Solitons Fractals 110:33\u201340","journal-title":"Chaos Solitons Fractals"},{"key":"3372_CR20","first-page":"337","volume":"22","author":"Y Shi","year":"2019","unstructured":"Shi Y, Shen H (2019) Anomaly detection for network flow using immune network and density peak. Int J Netw Secur 22:337\u2013346","journal-title":"Int J Netw Secur"},{"key":"3372_CR21","doi-asserted-by":"crossref","unstructured":"Syarif I, Prugel-Bennett A, Wills G (2012) Unsupervised clustering approach for network anomaly detection. In: Proceedings in International Conference on Networked Digital Technologies, pp 135\u2013145","DOI":"10.1007\/978-3-642-30507-8_13"},{"issue":"4","key":"3372_CR22","doi-asserted-by":"publisher","first-page":"194","DOI":"10.1145\/167954.166256","volume":"23","author":"K Claffy","year":"1993","unstructured":"Claffy K, Polyzos G, Braun H (1993) Application of sampling methodologies to network traffic characterization. ACM SIGCOMM Comput Commun Rev ACM 23(4):194\u2013203","journal-title":"ACM SIGCOMM Comput Commun Rev ACM"},{"key":"3372_CR23","doi-asserted-by":"crossref","unstructured":"Saber A, Fergani B, Abbas M (2018) Encrypted traffic classification: combining over-and under-sampling through a PCA-SVM. In: Proceedings of IEEE PAIS Conference, pp 37\u201341","DOI":"10.1109\/PAIS.2018.8598480"},{"issue":"6191","key":"3372_CR24","doi-asserted-by":"publisher","first-page":"1492","DOI":"10.1126\/science.1242072","volume":"344","author":"A Rodriguez","year":"2014","unstructured":"Rodriguez A, Laio A (2014) Clustering by fast search and find of density peaks. Science 344(6191):1492\u20131496","journal-title":"Science"},{"key":"3372_CR25","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1016\/j.knosys.2018.05.034","volume":"158","author":"X Xu","year":"2018","unstructured":"Xu X, Ding SF, Shi ZZ (2018) An improved density peaks clustering algorithm with fast finding cluster centers. Knowl-Based Syst 158:65\u201374","journal-title":"Knowl-Based Syst"},{"issue":"115","key":"3372_CR26","doi-asserted-by":"publisher","first-page":"314","DOI":"10.1016\/j.eswa.2018.07.075","volume":"1","author":"SA Seyedi","year":"2019","unstructured":"Seyedi SA, Lotfi A, Moradi P (2019) Dynamic graph-based label propagation for density peaks clustering. Expert Syst Appl 1(115):314\u2013328","journal-title":"Expert Syst Appl"},{"issue":"3","key":"3372_CR27","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1049\/iet-com:20070231","volume":"2","author":"G Androulidakis","year":"2008","unstructured":"Androulidakis G, Papavassiliou S (2008) Improving network anomaly detection via selective flow-based sampling. IET Commun 2(3):399\u2013409","journal-title":"IET Commun"},{"key":"3372_CR28","doi-asserted-by":"crossref","unstructured":"Duffield N, Lund C (2003) Predicting resource usage and estimation accuracy in an IP flow measurement collection infrastructure. In: Proceedings of 3rd ACM SIGCOMM Conference on Internet Measurement. ACM, pp 179\u2013191","DOI":"10.1145\/948205.948228"}],"container-title":["The Journal of Supercomputing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-020-03372-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11227-020-03372-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11227-020-03372-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,6,28]],"date-time":"2021-06-28T23:50:00Z","timestamp":1624924200000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11227-020-03372-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,29]]},"references-count":28,"journal-issue":{"issue":"9","published-print":{"date-parts":[[2020,9]]}},"alternative-id":["3372"],"URL":"https:\/\/doi.org\/10.1007\/s11227-020-03372-1","relation":{},"ISSN":["0920-8542","1573-0484"],"issn-type":[{"value":"0920-8542","type":"print"},{"value":"1573-0484","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,29]]},"assertion":[{"value":"29 June 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}