{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,28]],"date-time":"2026-05-28T05:06:41Z","timestamp":1779944801119,"version":"3.53.1"},"reference-count":55,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National Key Research and Development Program of China","award":["2023YFC2206402"],"award-info":[{"award-number":["2023YFC2206402"]}]},{"DOI":"10.13039\/501100004739","name":"Youth Innovation Promotion Association Chinese Academy of Sciences","doi-asserted-by":"crossref","award":["2021156"],"award-info":[{"award-number":["2021156"]}],"id":[{"id":"10.13039\/501100004739","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Program of Key Laboratory of Network Assessment Technology, CAS"},{"name":"Program of Beijing Key Laboratory of Network Security and Protection Technology"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tifs.2026.3694664","type":"journal-article","created":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T19:45:22Z","timestamp":1779133522000},"page":"4985-5000","source":"Crossref","is-referenced-by-count":0,"title":["Robust Malicious Network Traffic Detection Framework With Automated Drift Detection, Identification, and Adaptation"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-2881-9259","authenticated-orcid":false,"given":"Xueying","family":"Han","sequence":"first","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Jian","family":"Qin","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-0122-9322","authenticated-orcid":false,"given":"Changzhi","family":"Zhao","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1803-6912","authenticated-orcid":false,"given":"Weike","family":"Fang","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3383-2292","authenticated-orcid":false,"given":"Junrong","family":"Liu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Weihang","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles, CA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7185-990X","authenticated-orcid":false,"given":"Bo","family":"Jiang","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5249-5699","authenticated-orcid":false,"given":"Susu","family":"Cui","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhigang","family":"Lu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-9851-5548","authenticated-orcid":false,"given":"Baoxu","family":"Liu","sequence":"additional","affiliation":[{"name":"Chinese Academy of Sciences, Institute of Information Engineering, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3041951"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484585"},{"key":"ref3","first-page":"3971","article-title":"Dos and don\u2019ts of machine learning in computer security","volume-title":"Proc. USENIX Secur. Symp.","author":"Arp"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103171"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/2746403"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2022.11.001"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00079"},{"key":"ref10","first-page":"729","article-title":"TESSERACT: Eliminating experimental bias in malware classification across space and time","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Pendlebury"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM42981.2021.9488690"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3690624.3709218"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/tnet.2022.3195871"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512217"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3534678.3539314"},{"key":"ref16","first-page":"2327","article-title":"CADE: Detecting and explaining concept drift samples for security applications","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Yang"},{"key":"ref17","first-page":"625","article-title":"Transcend: Detecting concept drift in malware classification models","volume-title":"Proc. 26th USENIX Secur. Symp. (USENIX Secur.)","author":"Jordaney"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3564625.3567992"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.24830"},{"key":"ref20","first-page":"2783","article-title":"99% false positives: A qualitative study of SOC analysts\u2019 perspectives on security alarms","volume-title":"Proc. 31st USENIX Secur. Symp. (USENIX Secur.)","author":"Alahmadi"},{"key":"ref21","article-title":"Managing concept drift in online intrusion detection systems with active learning","volume-title":"Proc. CEUR Workshop","volume":"3962","author":"Camarda"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3765143"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.48550\/ARXIV.1706.03762"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103117"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxr035"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"ref27","volume-title":"Intrusion Detection Evaluation Dataset (CIC-IDS2018)"},{"key":"ref28","volume-title":"Intrusion Detection Evaluation Dataset (CIC-IDS2017)","year":"2017"},{"key":"ref29","volume-title":"Malware Capture Facility Project (MCFP) Dataset","year":"2014"},{"key":"ref30","volume-title":"VPN Non-VPN Traffic Dataset"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103210"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM52122.2024.10621346"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3426304"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2023.3318960"},{"key":"ref35","first-page":"589","article-title":"An input-agnostic hierarchical deep learning framework for traffic fingerprinting","volume-title":"Proc. 32nd USENIX Secur. Symp. (USENIX Secur.)","author":"Qu"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670353"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/3543507.3583227"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102158"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108658"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.24067"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/tnet.2024.3370851"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484758"},{"key":"ref43","first-page":"6203","article-title":"An efficient design of intelligent network data plane","volume-title":"Proc. 32nd USENIX Secur. Symp.","author":"Zhou"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24412"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645479"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2023.23080"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2023.108702"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2024.104121"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/3474369.3486864"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/sp46214.2022.9833659"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/3637528.3672007"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2024.109143"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645407"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM55648.2025.11044615"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/3719027.3744792"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/11313711\/11523608.pdf?arnumber=11523608","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,28]],"date-time":"2026-05-28T04:53:32Z","timestamp":1779944012000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11523608\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/tifs.2026.3694664","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}