{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,14]],"date-time":"2026-06-14T07:34:28Z","timestamp":1781422468675,"version":"3.54.1"},"reference-count":44,"publisher":"Oxford University Press (OUP)","issue":"12","license":[{"start":{"date-parts":[[2025,8,4]],"date-time":"2025-08-04T00:00:00Z","timestamp":1754265600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/academic.oup.com\/pages\/standard-publication-reuse-rights"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62172194"],"award-info":[{"award-number":["62172194"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62202206"],"award-info":[{"award-number":["62202206"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U183 6116"],"award-info":[{"award-number":["U183 6116"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004608","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"publisher","award":["BK20220515"],"award-info":[{"award-number":["BK20220515"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"publisher","award":["2023T160275"],"award-info":[{"award-number":["2023T160275"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Qinglan Project of Jiangsu Province"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,12,24]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The widespread adoption of encryption in network traffic significantly challenges traditional detection methods that rely on payload analysis. Existing approaches often convert traffic into images or sequences for deep learning models, producing redundant features and struggling with multi-protocol environments. In this study, we propose HEAT (Header-Embedded Attention for Traffic Detection), a novel model that leverages packet header fields to develop a robust characteristic representation for encrypted traffic analysis. HEAT introduces a hierarchical attention mechanism combined with a novel contextual embedding technique that enhances the semantic representation of header field values. Additionally, HEAT integrates an adapted Kolmogorov\u2013Arnold Network classifier with B-spline activations and L1 weight regularization, optimizing the model for efficient real-time processing. Extensive evaluations on CICIDS-2018, Stratosphere, and ISCX2012 datasets demonstrate HEAT\u2019s superior performance, achieving 98.95% accuracy and 98.28% F1-score on CICIDS-2018, 99.5% accuracy and 98.54% F1-score on Stratosphere, and 99.75% accuracy with 99.25% F1-score on ISCX2012. HEAT significantly outperforms CNN, LSTM, and BiGRU baselines. Moreover, it maintains detection accuracy above 98.95% during incremental learning, with only a 0.9% F1-score drop, compared with 6.55% in conventional models. These results highlight HEAT\u2019s novelty, stability, and adaptability, making it a scalable and robust solution for encrypted malicious traffic detection.<\/jats:p>","DOI":"10.1093\/comjnl\/bxaf093","type":"journal-article","created":{"date-parts":[[2025,7,14]],"date-time":"2025-07-14T14:17:42Z","timestamp":1752502662000},"page":"2031-2058","source":"Crossref","is-referenced-by-count":1,"title":["Detecting encrypted malicious traffic with HEAT: a header-focused deep learning approach"],"prefix":"10.1093","volume":"68","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-2540-3861","authenticated-orcid":false,"given":"Ernest","family":"Akpaku","sequence":"first","affiliation":[{"name":"School of Computer Science and Communication Engineering, Jiangsu University , 301 Xuefu Road, Jingkou District, Zhenjiang 212013, Jiangsu ,","place":["China"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3124-5452","authenticated-orcid":false,"given":"Jinfu","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Communication Engineering, Jiangsu University , 301 Xuefu Road, Jingkou District, Zhenjiang 212013, Jiangsu ,","place":["China"]},{"name":"Jiangsu Key Laboratory of Security Technology for Industrial Cyberspace, Jiangsu University , 301 Xuefu Road, Zhenjiang, 212013, Jiangsu ,","place":["China"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0167-5593","authenticated-orcid":false,"given":"Mukhtar","family":"Ahmed","sequence":"additional","affiliation":[{"name":"School of Computer Science and Communication Engineering, Jiangsu University , 301 Xuefu Road, Jingkou District, Zhenjiang 212013, Jiangsu ,","place":["China"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9679-5976","authenticated-orcid":false,"given":"William","family":"Leslie Brown-Acquaye","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Ghana Communication Technology University , Tesano, PMB 100, Accra ,","place":["Ghana"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0569-2985","authenticated-orcid":false,"given":"Francis","family":"Kwadzo Agbenyegah","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Ghana Communication Technology University , Tesano, PMB 100, Accra ,","place":["Ghana"]}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5527-5114","authenticated-orcid":false,"given":"Rexford","family":"Nii Ayitey Sosu","sequence":"additional","affiliation":[{"name":"Department of Information Technology, Ghana Communication Technology University , Tesano, PMB 100, Accra ,","place":["Ghana"]}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"286","published-online":{"date-parts":[[2025,8,4]]},"reference":[{"key":"2025122407073712800_ref1","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1109\/ICETCI57876.2023.10176917","article-title":"Malicious encrypted traffic detection based on Bert and one-dimensional CNN model","volume-title":"Proceedings of the 2023 IEEE 3rd international conference on electronic technology, communication and information (ICETCI)","author":"Kang","year":"2023"},{"key":"2025122407073712800_ref2","doi-asserted-by":"publisher","first-page":"103143","DOI":"10.1016\/j.cose.2023.103143","article-title":"Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms","volume":"128","author":"Wang","year":"2023","journal-title":"Comput Secur"},{"key":"2025122407073712800_ref3","doi-asserted-by":"publisher","first-page":"103580","DOI":"10.1016\/j.cose.2023.103580","article-title":"A malicious network traffic detection model based on bidirectional temporal convolutional network with multi-head self-attention mechanism","volume":"136","author":"Cai","year":"2024","journal-title":"Comput Secur"},{"key":"2025122407073712800_ref4","doi-asserted-by":"publisher","first-page":"72","DOI":"10.1016\/j.jpdc.2022.06.004","article-title":"A novel flow-vector generation approach for malicious traffic detection","volume":"169","author":"Hou","year":"2022","journal-title":"J Parallel Distrib Comput"},{"key":"2025122407073712800_ref5","doi-asserted-by":"publisher","first-page":"119229","DOI":"10.1016\/j.ins.2023.119229","article-title":"Graph-based encrypted malicious traffic detection with hybrid analysis of multi-view features","volume":"644","author":"Hong","year":"2023","journal-title":"Inform Sci"},{"key":"2025122407073712800_ref6","doi-asserted-by":"publisher","first-page":"110598","DOI":"10.1016\/j.comnet.2024.110598","article-title":"Encrypted malicious traffic detection based on natural language processing and deep learning","volume":"250","author":"Zang","year":"2024","journal-title":"Comput Netw"},{"key":"2025122407073712800_ref7","doi-asserted-by":"publisher","first-page":"102985","DOI":"10.1016\/j.jnca.2021.102985","article-title":"DISTILLER: encrypted traffic classification via multimodal multitask deep learning","volume":"183\u2013184","author":"Aceto","year":"2021","journal-title":"J Netw Comput Appl"},{"key":"2025122407073712800_ref8","doi-asserted-by":"publisher","first-page":"111184","DOI":"10.1016\/j.comnet.2025.111184","article-title":"RAGN: detecting unknown malicious network traffic using a robust adaptive graph neural network","volume":"262","author":"Akpaku","year":"2025","journal-title":"Comput Netw"},{"key":"2025122407073712800_ref9","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1177\/0926227X251326282","article-title":"eBiTCN: efficient bidirectional temporal convolution network for encrypted malicious network traffic detection","volume":"33","author":"Akpaku","year":"2025","journal-title":"J Comput Secur"},{"key":"2025122407073712800_ref10","article-title":"KAN: Kolmogorov\u2013Arnold networks","author":"Liu","year":"2024"},{"key":"2025122407073712800_ref11","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1016\/j.neunet.2021.01.020","article-title":"The Kolmogorov\u2013Arnold representation theorem revisited","volume":"137","author":"Schmidt-Hieber","year":"2021","journal-title":"Neural Netw"},{"key":"2025122407073712800_ref12","doi-asserted-by":"publisher","first-page":"4274139","DOI":"10.1155\/2022\/4274139","article-title":"GCN-ETA: high-efficiency encrypted malicious traffic detection","volume":"2022","author":"Zheng","year":"2022","journal-title":"Secur Commun Netw"},{"key":"2025122407073712800_ref13","doi-asserted-by":"publisher","first-page":"2972","DOI":"10.1109\/TNET.2024.3370851","article-title":"Flow interaction graph analysis: unknown encrypted malicious traffic detection","volume":"32","author":"Fu","year":"2024","journal-title":"IEEE\/ACM Trans Netw"},{"key":"2025122407073712800_ref14","doi-asserted-by":"publisher","first-page":"109999","DOI":"10.1016\/j.patcog.2023.109999","article-title":"MF-net: multi-frequency intrusion detection network for internet traffic data","volume":"146","author":"Ding","year":"2024","journal-title":"Pattern Recognit"},{"key":"2025122407073712800_ref15","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1016\/j.iotcps.2023.09.003","article-title":"Deep learning for cyber threat detection in IoT networks: a review","volume":"4","author":"Aldhaheri","year":"2024","journal-title":"Internet Things Cyber-Phys Syst"},{"key":"2025122407073712800_ref16","doi-asserted-by":"publisher","first-page":"101322","DOI":"10.1016\/j.jestch.2022.101322","article-title":"A hybrid CNN+LSTM-based intrusion detection system for industrial IoT networks","volume":"38","author":"Altunay","year":"2023","journal-title":"Eng Sci Technol Int J"},{"key":"2025122407073712800_ref17","doi-asserted-by":"publisher","first-page":"97780","DOI":"10.1109\/ACCESS.2022.3200034","article-title":"Network intrusion detection via flow-to-image conversion and vision transformer classification","volume":"10","author":"Ho","year":"2022","journal-title":"IEEE Access"},{"key":"2025122407073712800_ref18","doi-asserted-by":"publisher","first-page":"1222","DOI":"10.1109\/ICACCI.2017.8126009","article-title":"Applying convolutional neural network for network intrusion detection","volume-title":"Proceedings of the 2017 international conference on advances in computing, communications and informatics (ICACCI), Manipal, India","author":"Vinayakumar","year":"2017"},{"key":"2025122407073712800_ref19","doi-asserted-by":"publisher","first-page":"100053","DOI":"10.1016\/j.teler.2023.100053","article-title":"DCNNBiLSTM: an efficient hybrid deep learning-based intrusion detection system","volume":"10","author":"Hnamte","year":"2023","journal-title":"Telemat Inform Rep"},{"key":"2025122407073712800_ref20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.3233\/JCS-220031","article-title":"Discriminative spatial-temporal feature learning for modeling network intrusion detection systems","volume":"32","author":"Wanjau","year":"2024","journal-title":"J Comput Secur"},{"key":"2025122407073712800_ref21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/INFOCOM42981.2021.9488690","article-title":"Adaptive clustering-based malicious traffic classification at the network edge","volume-title":"Proceedings of IEEE INFOCOM 2021 - IEEE conference on computer communications, Vancouver, Canada","author":"Diallo","year":"2021"},{"key":"2025122407073712800_ref22","doi-asserted-by":"publisher","DOI":"10.1109\/TBDATA.2024.3403394","article-title":"Towards real-time network intrusion detection with image-based sequential packets representation","volume":"1\u201317","author":"Ghadermazi","year":"2024","journal-title":"IEEE Trans Big Data"},{"key":"2025122407073712800_ref23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3640464","article-title":"LL-GNN: low latency graph neural networks on FPGAs for high energy physics","volume":"23","author":"Que","year":"2024","journal-title":"ACM Trans Embedded Comput Syst"},{"key":"2025122407073712800_ref24","doi-asserted-by":"publisher","first-page":"102361","DOI":"10.1016\/j.asej.2023.102361","article-title":"Encrypted network traffic classification based on machine learning","volume":"15","author":"Elmaghraby","year":"2024","journal-title":"Ain Shams Eng J"},{"key":"2025122407073712800_ref25","doi-asserted-by":"publisher","first-page":"107166","DOI":"10.1016\/j.infsof.2023.107166","article-title":"A novel detection model for abnormal network traffic based on bidirectional temporal convolutional network","volume":"157","author":"Chen","year":"2023","journal-title":"Inf Software Technol"},{"key":"2025122407073712800_ref26","doi-asserted-by":"publisher","first-page":"976","DOI":"10.1093\/comjnl\/bxad036","article-title":"ULDC: unsupervised learning-based data cleaning for malicious traffic with high noise","volume":"67","author":"Yuan","year":"2023","journal-title":"Comput J"},{"key":"2025122407073712800_ref27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/CCCI52664.2021.9583191","article-title":"A survey of encrypted malicious traffic detection","volume-title":"Proceedings of the 2021 international conference on communications, computing, cybersecurity, and informatics (CCCI), Beijing, China","author":"Li","year":"2021"},{"key":"2025122407073712800_ref28","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","article-title":"Toward developing a systematic approach to generate benchmark datasets for intrusion detection","volume":"31","author":"Shiravi","year":"2012","journal-title":"Comput Secur"},{"key":"2025122407073712800_ref29","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1145\/3690637","article-title":"DELM: deep ensemble learning model for anomaly detection in malicious network traffic-based adaptive feature aggregation and network optimization","volume":"27","author":"Ahmed","year":"2024","journal-title":"ACM Trans Privacy Secur"},{"key":"2025122407073712800_ref30","doi-asserted-by":"publisher","first-page":"2854","DOI":"10.1093\/comjnl\/bxae051","article-title":"An improved DNN model for WLAN intrusion detection","volume":"67","author":"Wang","year":"2024","journal-title":"Comput J"},{"key":"2025122407073712800_ref31","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1016\/j.knosys.2018.08.036","article-title":"CNN and RNN based payload classification methods for attack detection","volume":"163","author":"Liu","year":"2019","journal-title":"Knowledge-Based Syst"},{"key":"2025122407073712800_ref32","doi-asserted-by":"publisher","first-page":"1882","DOI":"10.1093\/comjnl\/bxac049","article-title":"Network traffic classification based on a deep learning approach using NetFlow data","volume":"66","author":"Long","year":"2022","journal-title":"Comput J"},{"key":"2025122407073712800_ref33","doi-asserted-by":"crossref","first-page":"1532","DOI":"10.3115\/v1\/D14-1162","article-title":"GloVe: global vectors for word representation","volume-title":"Proceedings of the 2014 conference on empirical methods in natural language processing (EMNLP), Doha, Qatar","author":"Pennington","year":"2014"},{"key":"2025122407073712800_ref34","doi-asserted-by":"crossref","DOI":"10.18653\/v1\/2020.emnlp-main.594","article-title":"Embedding words in non-vector space with unsupervised graph learning","author":"Ryabinin","year":"2020"},{"key":"2025122407073712800_ref35","article-title":"A generalization of transformer networks to graphs","author":"Dwivedi","year":"2021"},{"key":"2025122407073712800_ref36","doi-asserted-by":"crossref","DOI":"10.2139\/ssrn.4868150","article-title":"Kolmogorov Arnold informed neural network: a physics-informed deep learning framework for solving PDEs based on Kolmogorov Arnold networks","author":"Wang","year":"2024"},{"key":"2025122407073712800_ref37","doi-asserted-by":"crossref","DOI":"10.5220\/0006639801080116","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization","volume-title":"Proceedings of the international conference on information systems security and privacy, Funchal, Madeira, Portugal","author":"Sharafaldin","year":"2018"},{"key":"2025122407073712800_ref38","doi-asserted-by":"publisher","first-page":"1672","DOI":"10.1177\/17470218221128780","article-title":"Rate of forgetting is independent from initial degree of learning across different age groups","volume":"76","author":"Rivera-Lares","year":"2023","journal-title":"Q J Exp Psychol"},{"key":"2025122407073712800_ref39","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1002\/stvr.1486","article-title":"A Hitchhiker\u2019s guide to statistical tests for assessing randomized algorithms in software engineering","volume":"24","author":"Arcuri","year":"2014","journal-title":"Softw Test Verif Reliab"},{"key":"2025122407073712800_ref40","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1080\/00220973.2012.745471","article-title":"Beyond Cohen\u2019s d: alternative effect size measures for between-subject designs","volume":"82","author":"Peng","year":"2014","journal-title":"J Exp Educ"},{"key":"2025122407073712800_ref41","doi-asserted-by":"crossref","first-page":"3521","DOI":"10.1073\/pnas.1611835114","article-title":"Overcoming catastrophic forgetting in neural networks","volume":"114","author":"Kirkpatrick","year":"2017","journal-title":"Proc Natl Acad Sci"},{"key":"2025122407073712800_ref42","doi-asserted-by":"publisher","first-page":"1369","DOI":"10.1109\/TNET.2022.3215507","article-title":"A novel multimodal deep learning framework for encrypted traffic classification","volume":"31","author":"Lin","year":"2023","journal-title":"IEEE\/ACM Trans Netw"},{"key":"2025122407073712800_ref43","doi-asserted-by":"publisher","first-page":"1213","DOI":"10.1093\/comjnl\/bxac008","article-title":"DEV-ETA: an interpretable detection framework for encrypted malicious traffic","volume":"66","author":"Yang","year":"2022","journal-title":"Comput J"},{"key":"2025122407073712800_ref44","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3613960","article-title":"TLS-MHSA: an efficient detection model for encrypted malicious traffic based on multi-head self-attention mechanism","volume":"26","author":"Chen","year":"2023","journal-title":"ACM Trans Privacy Secur"}],"container-title":["The Computer Journal"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/12\/2031\/63928106\/bxaf093.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/academic.oup.com\/comjnl\/article-pdf\/68\/12\/2031\/63928106\/bxaf093.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T12:07:47Z","timestamp":1766578067000},"score":1,"resource":{"primary":{"URL":"https:\/\/academic.oup.com\/comjnl\/article\/68\/12\/2031\/8221783"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,4]]},"references-count":44,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2025,8,4]]},"published-print":{"date-parts":[[2025,12,24]]}},"URL":"https:\/\/doi.org\/10.1093\/comjnl\/bxaf093","relation":{},"ISSN":["0010-4620","1460-2067"],"issn-type":[{"value":"0010-4620","type":"print"},{"value":"1460-2067","type":"electronic"}],"subject":[],"published-other":{"date-parts":[[2025,12]]},"published":{"date-parts":[[2025,8,4]]}}}