{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T07:08:25Z","timestamp":1750662505124},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2022,5,22]],"date-time":"2022-05-22T00:00:00Z","timestamp":1653177600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,5,22]],"date-time":"2022-05-22T00:00:00Z","timestamp":1653177600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"name":"National Key Research and Development Program of China","award":["No. 2017YFB0802500","No.2016YFB0800904"],"award-info":[{"award-number":["No. 2017YFB0802500","No.2016YFB0800904"]}]},{"name":"Shanghai industrial foundation project","award":["GYQJ-2018-3-03"],"award-info":[{"award-number":["GYQJ-2018-3-03"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-022-00429-y","type":"journal-article","created":{"date-parts":[[2022,5,22]],"date-time":"2022-05-22T08:02:33Z","timestamp":1653206553000},"page":"453-463","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Malicious encrypted traffic features extraction model based on unsupervised feature adaptive learning"],"prefix":"10.1007","volume":"18","author":[{"given":"Zhihong","family":"Zhou","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hu","family":"Bin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianhua","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ying","family":"Yin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiuzhen","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jin","family":"Ma","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lihong","family":"Yao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,5,22]]},"reference":[{"key":"429_CR1","unstructured":"Cisco: Annual Cybersecurity Report: The evolution of malware and rise of artificial intelligence[R\/OL]. (2018-02) [2019-07-22] (2018). https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/security-reports.html"},{"key":"429_CR2","doi-asserted-by":"crossref","unstructured":"Korczynski, M., Duda, A.: Markov chain fingerprinting to classify encrypted traffic. In: INFOCOM, 2014 Proceedings IEEE, pp. 781\u2013789. IEEE (2014)","DOI":"10.1109\/INFOCOM.2014.6848005"},{"issue":"6","key":"429_CR3","doi-asserted-by":"publisher","first-page":"1334","DOI":"10.3724\/SP.J.1001.2013.04279","volume":"24","author":"B Zhao","year":"2013","unstructured":"Zhao, B., Guo, H., Liu, Q.R., et al.: Protocol independent identification of encrypted traffic based on weighted eumnlative sum test. J. Softw. 24(6), 1334\u20131345 (2013)","journal-title":"J. Softw."},{"issue":"5","key":"429_CR4","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1002\/nem.1901","volume":"25","author":"P Velan","year":"2015","unstructured":"Velan, P., Cermak, M., Celeda, P., et al.: A survey of methods for encrypted traffic classification and analysis. Int. J. Netw. Manag. 25(5), 355\u2013374 (2015)","journal-title":"Int. J. Netw. Manag."},{"issue":"4","key":"429_CR5","doi-asserted-by":"publisher","first-page":"1076","DOI":"10.1109\/TNET.2012.2219591","volume":"21","author":"AR Khakpour","year":"2013","unstructured":"Khakpour, A.R., Liu, A.X.: An information-theoretical approach to high-speed flow nature identification. IEEE\/ACM Trans. Netw. (TON) 21(4), 1076\u20131089 (2013)","journal-title":"IEEE\/ACM Trans. Netw. (TON)"},{"key":"429_CR6","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/s11416-017-0306-6","volume":"14","author":"B Anderson","year":"2018","unstructured":"Anderson, B., Paul, S., McGrew, D.: Deciphering malware\u2019s use of TLS (without decryption). Comput Virol Hack Tech 14, 195 (2018). https:\/\/doi.org\/10.1007\/s11416-017-0306-6","journal-title":"Comput Virol Hack Tech"},{"key":"429_CR7","doi-asserted-by":"publisher","unstructured":"Anderson, B., McGrew, D.: Identifying Encrypted Malware Traffic with Contextual Flow Data, pp. 35\u201346. https:\/\/doi.org\/10.1145\/2996758.2996768","DOI":"10.1145\/2996758.2996768"},{"key":"429_CR8","doi-asserted-by":"crossref","unstructured":"Anderson, B., Mcgrew, D.A.: Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. Knowledge discovery and data mining, pp. 1723\u20131732 (2017)","DOI":"10.1145\/3097983.3098163"},{"issue":"98","key":"429_CR9","first-page":"80","volume":"2016","author":"AA Amaral","year":"2016","unstructured":"Amaral, A.A., de Mendes, L.S., et al.: Deep IP flow inspection to detect beyond network anomalies. Comput. Commun. 2016(98), 80\u201396 (2016)","journal-title":"Comput. Commun."},{"issue":"102","key":"429_CR10","first-page":"104","volume":"2011","author":"YE Wen-chen","year":"2011","unstructured":"Wen-chen, Y.E., Min, W.A.N.G., et al.: Network flow inspection method of joint DPI and DFI. Comput. Eng. 2011(102), 104 (2011)","journal-title":"Comput. Eng."},{"key":"429_CR11","doi-asserted-by":"crossref","unstructured":"Ghosh, A., Senthilrajan, A.: An approach for detecting spear phishing using deep packet inspection and deep flow inspection. In: Proceedings of 5th International Conference on Cyber Security & Privacy (ICCS) (2019)","DOI":"10.2139\/ssrn.3511037"},{"key":"429_CR12","unstructured":"Shekhawat, A.S.: Analysis of Encrypted Malicious Traffic. Master's Projects, p. 622 (2018)"},{"key":"429_CR13","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.eswa.2019.01.064","volume":"2019","author":"AS Shekhawat","year":"2019","unstructured":"Shekhawat, A.S., Troia, F.D., et al.: Feature analysis of encrypted malicious traffic. Expert Syst. Appl. 2019, 130\u2013141 (2019)","journal-title":"Expert Syst. Appl."},{"key":"429_CR14","unstructured":"Wang, Z.: The Applications of Deep Learning on Traffic Identification [EB\/OL]. [11\u201322] (2019). https:\/\/goo.gl\/WouIM6."},{"key":"429_CR15","unstructured":"Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), pp. 712\u2013717. IEEE (2017)"},{"key":"429_CR16","doi-asserted-by":"crossref","unstructured":"Prasse, P., Machlica, L., Pevny, T., et al.: Malware detection by analysing network traffic with neural networks. In: 2017 IEEE Security and Privacy Workshops (SPW), pp. 205\u2013210. IEEE (2017)","DOI":"10.1109\/SPW.2017.8"},{"key":"429_CR17","doi-asserted-by":"crossref","unstructured":"Morichetta, A., Casas, P., et al.: EXPLAIN-IT: towards explainable AI for unsupervised network traffic analysis. In: Proceedings of the 3rd ACM CoNEXT Workshop on Big DAta, Machine Learning and Artificial Intelligence for Data Communication Networks, pp. 22\u201328 (2019).","DOI":"10.1145\/3359992.3366639"},{"issue":"2010","key":"429_CR18","first-page":"464","volume":"5","author":"C Bacquet","year":"2010","unstructured":"Bacquet, C., Gumus, K., et al.: A comparison of unsupervised learning techniques for encrypted traffic identification. J. Inf. Assur. Secur. 5(2010), 464\u2013472 (2010)","journal-title":"J. Inf. Assur. Secur."},{"key":"429_CR19","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ACCESS.2019.2943243","volume":"2019","author":"Y Zeng","year":"2019","unstructured":"Zeng, Y., Gu, H., Wei, W., et al.: Deep-full-range: a deep learning based network encrypted traffic classification and intrusion detection framework. IEEE Access 2019, 1\u20131 (2019)","journal-title":"IEEE Access"},{"issue":"1","key":"429_CR20","first-page":"30","volume":"2016","author":"M Hus\u00e1k","year":"2016","unstructured":"Hus\u00e1k, M., et al.: HTTPS traffic analysis and client identification using passive SSL\/TLS fingerprinting. EURASIP J. Inf. Secur. 2016(1), 30 (2016)","journal-title":"EURASIP J. Inf. Secur."},{"key":"429_CR21","unstructured":"JOY. https:\/\/github.com\/cisco\/joy"},{"key":"429_CR22","unstructured":"JA3. https:\/\/github.com\/salesforce\/ja3"},{"key":"429_CR23","unstructured":"CIC. Data View [EB\/OL]. [2019-11-25]. http:\/\/www.unb.ca\/cic\/datasets\/index.html. Stratosphereips. Datasets-overview [EB\/OL]. [2019-10-15] https:\/\/www.stratosphereips.org\/datasets-overview"},{"key":"429_CR24","unstructured":"ALEXA. Website Ranking [EB\/OL]. [2019-7-22]. https:\/\/www.alexa.com"},{"key":"429_CR25","doi-asserted-by":"crossref","unstructured":"Kotani, G., Sekiya, Y.: Unsupervised Scanning Behavior Detection Based on Distribution of Network Traffic Features Using Robust Autoencoders. ICDMW (2018)","DOI":"10.1109\/ICDMW.2018.00013"},{"issue":"9","key":"429_CR26","first-page":"154","volume":"37","author":"W Pan","year":"2016","unstructured":"Pan, W., Cheng, G., Guo, X., Huang, S.: Review and perspective in encrypted traffic identification research. J. Commun. 37(9), 154\u2013167 (2016)","journal-title":"J. Commun."}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00429-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-022-00429-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-022-00429-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,10,12]],"date-time":"2022-10-12T19:10:47Z","timestamp":1665601847000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-022-00429-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,22]]},"references-count":26,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2022,12]]}},"alternative-id":["429"],"URL":"https:\/\/doi.org\/10.1007\/s11416-022-00429-y","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,5,22]]},"assertion":[{"value":"9 September 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 April 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 May 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}