{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:13:24Z","timestamp":1762906404746,"version":"3.45.0"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:00:00Z","timestamp":1762905600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:00:00Z","timestamp":1762905600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Front. Comput. Sci."],"published-print":{"date-parts":[[2026,4]]},"DOI":"10.1007\/s11704-025-41273-9","type":"journal-article","created":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:09:57Z","timestamp":1762906197000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Adaptive detection of encrypted malware traffic via fully convolutional masked autoencoders"],"prefix":"10.1007","volume":"20","author":[{"given":"Jizhe","family":"Jia","sequence":"first","affiliation":[]},{"given":"Meng","family":"Shen","sequence":"additional","affiliation":[]},{"given":"Qingjun","family":"Yuan","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Jing","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Jian","family":"Kong","sequence":"additional","affiliation":[]},{"given":"Liang","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Haotian","family":"He","sequence":"additional","affiliation":[]},{"given":"Liehuang","family":"Zhu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,11,12]]},"reference":[{"key":"41273_CR1","volume-title":"SSL and TLS: Designing and Building Secure Systems","author":"E Rescorla","year":"2001","unstructured":"Rescorla E. SSL and TLS: Designing and Building Secure Systems. Boston: Addison-Wesley, 2001"},{"key":"41273_CR2","unstructured":"WatchGuard\u2019s threat lab analyzes the latest malware and internet attacks. See watchguard.com\/wgrd-resource-center\/security-report-q3-2023 website, 2023"},{"issue":"1","key":"41273_CR3","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1109\/COMST.2022.3208196","volume":"25","author":"M Shen","year":"2023","unstructured":"Shen M, Ye K, Liu X, Zhu L, Kang J, Yu S, Li Q, Xu K. Machine learning-powered encrypted network traffic analysis: a comprehensive survey. IEEE Communications Surveys & Tutorials, 2023, 25(1): 791\u2013824","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"41273_CR4","volume-title":"Proceedings of the 30th Annual Network and Distributed System Security Symposium","author":"C Fu","year":"2023","unstructured":"Fu C, Li Q, Xu K. Detecting unknown encrypted malicious traffic in real time via flow interaction graph analysis. In: Proceedings of the 30th Annual Network and Distributed System Security Symposium. 2023"},{"key":"41273_CR5","doi-asserted-by":"publisher","first-page":"5011","DOI":"10.1109\/TIFS.2023.3300521","volume":"18","author":"S Cui","year":"2023","unstructured":"Cui S, Dong C, Shen M, Liu Y, Jiang B, Lu Z. CBSeq: a channel-level behavior sequence for encrypted malware traffic detection. IEEE Transactions on Information Forensics and Security, 2023, 18: 5011\u20135025","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"41273_CR6","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1145\/2996758.2996768","volume-title":"Proceedings of 2016 ACM Workshop on Artificial Intelligence and Security","author":"B Anderson","year":"2016","unstructured":"Anderson B, McGrew D. Identifying encrypted malware traffic with contextual flow data. In: Proceedings of 2016 ACM Workshop on Artificial Intelligence and Security. 2016, 35\u201346"},{"key":"41273_CR7","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1145\/3545948.3545983","volume-title":"Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses","author":"Z Fu","year":"2022","unstructured":"Fu Z, Liu M, Qin Y, Zhang J, Zou Y, Yin Q, Li Q, Duan H. Encrypted malware traffic detection via graph-based network analysis. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. 2022, 495\u2013509"},{"key":"41273_CR8","first-page":"3431","volume-title":"Proceedings of 2021 ACM SIGSAC Conference on Computer and Communications Security","author":"C Fu","year":"2021","unstructured":"Fu C, Li Q, Shen M, Xu K. Realtime robust malicious traffic detection via frequency domain analysis. In: Proceedings of 2021 ACM SIGSAC Conference on Computer and Communications Security. 2021, 3431\u20133446"},{"key":"41273_CR9","volume-title":"Proceedings of the 25th Annual Network and Distributed System Security Symposium","author":"Y Mirsky","year":"2018","unstructured":"Mirsky Y, Doitshman T, Elovici Y, Shabtai A. Kitsune: An ensemble of autoencoders for online network intrusion detection. In: Proceedings of the 25th Annual Network and Distributed System Security Symposium. 2018"},{"key":"41273_CR10","first-page":"589","volume-title":"Proceedings of the 32nd USENIX Security Symposium","author":"J Qu","year":"2023","unstructured":"Qu J, Ma X, Li J, Luo X, Xue L, Zhang J, Li Z, Feng L, Guan X. An input-agnostic hierarchical deep learning framework for traffic fingerprinting. In: Proceedings of the 32nd USENIX Security Symposium. 2023, 589\u2013606"},{"key":"41273_CR11","doi-asserted-by":"publisher","first-page":"3540","DOI":"10.1109\/TIFS.2020.2991876","volume":"15","author":"C Xu","year":"2020","unstructured":"Xu C, Shen J, Du X. A method of few-shot network intrusion detection based on meta-learning framework. IEEE Transactions on Information Forensics and Security, 2020, 15: 3540\u20133552","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"41273_CR12","doi-asserted-by":"publisher","first-page":"633","DOI":"10.1145\/3485447.3512217","volume-title":"Proceedings of the ACM Web Conference 2022","author":"X Lin","year":"2022","unstructured":"Lin X, Xiong G, Gou G, Li Z, Shi J, Yu J. ET-BERT: a contextualized datagram representation with pre-training transformers for encrypted traffic classification. In: Proceedings of the ACM Web Conference 2022. 2022, 633\u2013642"},{"issue":"10","key":"41273_CR13","doi-asserted-by":"publisher","first-page":"10733","DOI":"10.1007\/s10462-023-10437-z","volume":"56","author":"R Ahmad","year":"2023","unstructured":"Ahmad R, Alsmadi I, Alhamdani W, Tawalbeh L. Zero-day attack detection: a systematic literature review. Artificial Intelligence Review, 2023, 56(10): 10733\u201310811","journal-title":"Artificial Intelligence Review"},{"key":"41273_CR14","first-page":"1131","volume-title":"Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security","author":"P Sirinam","year":"2019","unstructured":"Sirinam P, Mathews N, Rahman M S, Wright M. Triplet fingerprinting: more practical and portable website fingerprinting with N-shot learning. In: Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019, 1131\u20131148"},{"issue":"10","key":"41273_CR15","doi-asserted-by":"publisher","first-page":"3066","DOI":"10.1109\/TMC.2020.2992253","volume":"20","author":"H Fu","year":"2021","unstructured":"Fu H, Hu P, Zheng Z, Das A K, Pathak P H, Gu T, Zhu S, Mohapatra P. Towards automatic detection of nonfunctional sensitive transmissions in mobile applications. IEEE Transactions on Mobile Computing, 2021, 20(10): 3066\u20133080","journal-title":"IEEE Transactions on Mobile Computing"},{"issue":"6","key":"41273_CR16","doi-asserted-by":"publisher","first-page":"551","DOI":"10.14569\/IJACSA.2020.0110667","volume":"11","author":"O O Cyril","year":"2020","unstructured":"Cyril O O, Elmissaoui T, Okoronkwo M C, Ihedioha U M, Ugwuishiwu C H, Onyebuchi O B. Signature based network intrusion detection system using feature selection on android. International Journal of Advanced Computer Science and Applications, 2020, 11(6): 551\u2013558","journal-title":"International Journal of Advanced Computer Science and Applications"},{"key":"41273_CR17","doi-asserted-by":"publisher","first-page":"3589","DOI":"10.1109\/TIFS.2021.3071595","volume":"16","author":"C Dong","year":"2021","unstructured":"Dong C, Lu Z, Cui Z, Liu B, Chen K. MBTree: Detecting encryption rats communication using malicious behavior tree. IEEE Transactions on Information Forensics and Security, 2021, 16: 3589\u20133603","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"41273_CR18","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Liu Y, Zhu L, Du X, Hu J. Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Transactions on Information Forensics and Security, 2021, 16: 2046\u20132059","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"41273_CR19","first-page":"1997","volume-title":"Proceedings of 2024 on ACM SIGSAC Conference on Computer and Communications Security","author":"X Deng","year":"2024","unstructured":"Deng X, Li Q, Xu K. Robust and reliable early-stage website fingerprinting attacks via spatial-temporal distribution analysis. In: Proceedings of 2024 on ACM SIGSAC Conference on Computer and Communications Security. 2024, 1997\u20132011"},{"key":"41273_CR20","first-page":"1","volume-title":"Proceedings of the IEEE\/ACM 28th International Symposium on Quality of Service (IWQoS)","author":"M Shen","year":"2020","unstructured":"Shen M, Zhang J, Xu K, Zhu L, Liu J, Du X. DeepQoE: real-time measurement of video QoE from encrypted traffic with deep learning. In: Proceedings of the IEEE\/ACM 28th International Symposium on Quality of Service (IWQoS). 2020, 1\u201310"},{"key":"41273_CR21","first-page":"1","volume-title":"Proceedings of the 18th Asia-Pacific Network Operations and Management Symposium (APNOMS)","author":"W T Lin","year":"2016","unstructured":"Lin W T, Pan J Y. Mobile malware detection in sandbox with live event feeding and log pattern analysis. In: Proceedings of the 18th Asia-Pacific Network Operations and Management Symposium (APNOMS). 2016, 1\u20136"},{"key":"41273_CR22","first-page":"4171","volume-title":"Proceedings of 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies","author":"J Devlin","year":"2019","unstructured":"Devlin J, Chang M W, Lee K, Toutanova K. BERT: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies. 2019, 4171\u20134186"},{"issue":"3","key":"41273_CR23","doi-asserted-by":"publisher","first-page":"2012","DOI":"10.1109\/TNET.2023.3335253","volume":"32","author":"R Zhao","year":"2024","unstructured":"Zhao R, Zhan M, Deng X, Li F, Wang Y, Wang Y, Gui G, Xue Z. A novel self-supervised framework based on masked autoencoder for traffic classification. IEEE\/ACM Transactions on Networking, 2024, 32(3): 2012\u20132025","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"41273_CR24","first-page":"15979","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"K He","year":"2022","unstructured":"He K, Chen X, Xie S, Li Y, Doll\u00e1r P, Girshick R. Masked autoencoders are scalable vision learners. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 2022, 15979\u201315988"},{"key":"41273_CR25","first-page":"11966","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"Z Liu","year":"2022","unstructured":"Liu Z, Mao H, Wu C Y, Feichtenhofer C, Darrell T, Xie S. A ConvNet for the 2020s. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 2022, 11966\u201311976"},{"key":"41273_CR26","first-page":"16133","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"S Woo","year":"2023","unstructured":"Woo S, Debnath S, Hu R, Chen X, Liu Z, Kweon I S, Xie S. ConvNeXt V2: Co-designing and scaling convnets with masked autoencoders. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 2023, 16133\u201316142"},{"issue":"4","key":"41273_CR27","doi-asserted-by":"publisher","first-page":"425","DOI":"10.1109\/TCOM.1980.1094702","volume":"28","author":"H Zimmermann","year":"1980","unstructured":"Zimmermann H. OSI reference model-the ISO model of architecture for open systems interconnection. IEEE Transactions on Communications, 1980, 28(4): 425\u2013432","journal-title":"IEEE Transactions on Communications"},{"key":"41273_CR28","first-page":"712","volume-title":"Proceedings of 2017 International Conference on Information Networking (ICOIN)","author":"W Wang","year":"2017","unstructured":"Wang W, Zhu M, Zeng X, Ye X, Sheng Y. Malware traffic classification using convolutional neural network for representation learning. In: Proceedings of 2017 International Conference on Information Networking (ICOIN). 2017, 712\u2013717"},{"key":"41273_CR29","first-page":"607","volume-title":"Proceedings of the 32nd USENIX Security Symposium","author":"M Shen","year":"2023","unstructured":"Shen M, Ji K, Gao Z, Li Q, Zhu L, Xu K. Subverting website fingerprinting defenses with robust traffic representation. In: Proceedings of the 32nd USENIX Security Symposium. 2023, 607\u2013624"},{"key":"41273_CR30","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Zhang J, Zhu L, Xu K, Du X. Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Transactions on Information Forensics and Security, 2021, 16: 2367\u20132380","journal-title":"IEEE Transactions on Information Forensics and Security"},{"key":"41273_CR31","unstructured":"Stratosphere. Stratosphere laboratory datasets. See stratosphereips. org\/datasets-overview website, 2015"},{"key":"41273_CR32","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1109\/3DV.2017.00012","volume-title":"Proceedings of 2017 International Conference on 3D Vision (3DV)","author":"J Uhrig","year":"2017","unstructured":"Uhrig J, Schneider N, Schneider L, Franke U, Brox T, Geiger A. Sparsity invariant CNNs. In: Proceedings of 2017 International Conference on 3D Vision (3DV). 2017, 11\u201320"},{"key":"41273_CR33","first-page":"3070","volume-title":"Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition","author":"C Choy","year":"2019","unstructured":"Choy C, Gwak J, Savarese S. 4D spatio-temporal ConvNets: minkowski convolutional neural networks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition. 2019, 3070\u20133079"},{"key":"41273_CR34","doi-asserted-by":"publisher","first-page":"108","DOI":"10.5220\/0006639801080116","volume-title":"Proceedings of the 4th International Conference on Information Systems Security and Privacy","author":"I Sharafaldin","year":"2018","unstructured":"Sharafaldin I, Lashkari A H, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy. 2018, 108\u2013116"}],"container-title":["Frontiers of Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-025-41273-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11704-025-41273-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-025-41273-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,12]],"date-time":"2025-11-12T00:10:01Z","timestamp":1762906201000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11704-025-41273-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,12]]},"references-count":34,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2026,4]]}},"alternative-id":["41273"],"URL":"https:\/\/doi.org\/10.1007\/s11704-025-41273-9","relation":{},"ISSN":["2095-2228","2095-2236"],"issn-type":[{"type":"print","value":"2095-2228"},{"type":"electronic","value":"2095-2236"}],"subject":[],"published":{"date-parts":[[2025,11,12]]},"assertion":[{"value":"26 November 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 February 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 November 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests or financial conflicts to disclose.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"2004804"}}