{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,5]],"date-time":"2026-03-05T15:31:50Z","timestamp":1772724710845,"version":"3.50.1"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100004739","name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","doi-asserted-by":"publisher","award":["2022170"],"award-info":[{"award-number":["2022170"]}],"id":[{"id":"10.13039\/501100004739","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002367","name":"Special Project for Cybersecurity and Informatization of CAS","doi-asserted-by":"publisher","award":["CAS-WX2022GC-04"],"award-info":[{"award-number":["CAS-WX2022GC-04"]}],"id":[{"id":"10.13039\/501100002367","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2025]]},"DOI":"10.1109\/tifs.2025.3613971","type":"journal-article","created":{"date-parts":[[2025,9,24]],"date-time":"2025-09-24T17:32:53Z","timestamp":1758735173000},"page":"10604-10619","source":"Crossref","is-referenced-by-count":1,"title":["Flow Microelement-Driven Traffic Relationship Analysis: Robust Detection of Malicious Encrypted Traffic"],"prefix":"10.1109","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-6873-2609","authenticated-orcid":false,"given":"Hao","family":"Fu","sequence":"first","affiliation":[{"name":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6408-2032","authenticated-orcid":false,"given":"Degang","family":"Sun","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"given":"Jinxia","family":"Wei","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7179-140X","authenticated-orcid":false,"given":"Wei","family":"Wan","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0351-6486","authenticated-orcid":false,"given":"Chun","family":"Long","sequence":"additional","affiliation":[{"name":"Computer Network Information Center, University of Chinese Academy of Sciences, Beijing, China"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"Acronis Cyberthreats Report 2021","author":"Elmohamed","year":"2021"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00026"},{"key":"ref3","volume-title":"Suricata 7.0.6","year":"2024"},{"key":"ref4","volume-title":"Snort 3","year":"2024"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3344382"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1706.03762"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3331240"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/TNN.2008.2005605"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TNNLS.2021.3070843"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2021.3100641"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2024.110975"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.5120\/3399-4730"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103210"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01549"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.3390\/app9163414"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512217"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00102"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484585"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24067"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484758"},{"key":"ref23","first-page":"6203","article-title":"An efficient design of intelligent network data plane","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Zhou"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645407"},{"key":"ref25","first-page":"4","article-title":"BotSniffer: Detecting botnet command and control channels in network traffic","volume-title":"Proc. 15th Netw. Distrib. Syst. Secur. Symp. (NDSS)","author":"Gu","year":"2008"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2020.3046876"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670353"},{"key":"ref28","article-title":"Graph attention networks","author":"Veli\u010dkovi\u0107","year":"2017","journal-title":"arXiv:1710.10903"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i04.5984"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3228493"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3245413"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3402439"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23080"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/3603165.3607437"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3402148"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3457904"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/503271.503224"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1007\/s00778-007-0044-3"},{"key":"ref40","volume-title":"Microservice Architecture: Aligning Principles, Practices, and Culture","author":"Nadareishvili","year":"2016"},{"key":"ref41","first-page":"3","article-title":"Towards micro-segmentation in 5G network security","volume-title":"Proc. Eur. Conf. Netw. Commun. (EuCNC) Workshop Netw. Manage.","author":"M\u00e4mmel\u00e4"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/NOSDAV.1997.629353"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2016.2516020"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848005"},{"key":"ref45","volume-title":"Zeek 7.0","year":"2024"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/TASLP.2015.2509780"},{"key":"ref47","volume-title":"Service Name and Transport Protocol Port Number Registry","year":"2024"},{"key":"ref48","article-title":"CDN: Content distribution network","author":"Peng","year":"2004","journal-title":"arXiv:cs\/0411069"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3068335"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"ref51","volume-title":"Samba 4.20.2 Document","year":"2024"},{"key":"ref52","volume-title":"Multicast DNS","year":"2013"},{"key":"ref53","volume-title":"Http Over TlS","year":"2000"},{"key":"ref54","volume-title":"Ahlashkari\/Cicflowmeter","year":"2021"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.3390\/electronics9081295"},{"key":"ref56","volume-title":"A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018)","year":"2018"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645479"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/10810755\/11177609.pdf?arnumber=11177609","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:52:41Z","timestamp":1760032361000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11177609\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"references-count":58,"URL":"https:\/\/doi.org\/10.1109\/tifs.2025.3613971","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]}}}