{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T14:58:51Z","timestamp":1767970731252,"version":"3.49.0"},"reference-count":29,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2023,10,14]],"date-time":"2023-10-14T00:00:00Z","timestamp":1697241600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62172194, 62202206 and U1836116"],"award-info":[{"award-number":["62172194, 62202206 and U1836116"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100004608","name":"Natural Science Foundation of Jiangsu Province","doi-asserted-by":"crossref","award":["BK20220515"],"award-info":[{"award-number":["BK20220515"]}],"id":[{"id":"10.13039\/501100004608","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100002858","name":"China Postdoctoral Science Foundation","doi-asserted-by":"crossref","award":["2023T160275"],"award-info":[{"award-number":["2023T160275"]}],"id":[{"id":"10.13039\/501100002858","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Leading-edge Technology Program of Jiangsu Natural Science Foundation","award":["BK20202001"],"award-info":[{"award-number":["BK20202001"]}]},{"name":"Qinglan Project of Jiangsu Province"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2023,11,30]]},"abstract":"<jats:p>In recent years, the use of TLS (Transport Layer Security) protocol to protect communication information has become increasingly popular as users are more aware of network security. However, hackers have also exploited the salient features of the TLS protocol to carry out covert malicious attacks, which threaten the security of network space. Currently, the commonly used traffic detection methods are not always reliable when applied to the problem of encrypted malicious traffic detection due to their limitations. The most significant problem is that these methods do not focus on the key features of encrypted traffic. To address this problem, this study proposes an efficient detection model for encrypted malicious traffic based on transport layer security protocol and a multi-head self-attention mechanism called TLS-MHSA. Firstly, we extract the features of TLS traffic during pre-processing and perform traffic statistics to filter redundant features. Then, we use a multi-head self-attention mechanism to focus on learning key features as well as generate the most important combined features to construct the detection model, thereby detecting the encrypted malicious traffic. Finally, we use a public dataset to verify the effectiveness and efficiency of the TLS-MHSA model, and the experimental results show that the proposed TLS-MHSA model has high precision, recall, F1-measure, AUC-ROC as well as higher stability than seven state-of-the-art detection models.<\/jats:p>","DOI":"10.1145\/3613960","type":"journal-article","created":{"date-parts":[[2023,8,7]],"date-time":"2023-08-07T11:31:14Z","timestamp":1691407874000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":27,"title":["TLS-MHSA: An Efficient Detection Model for Encrypted Malicious Traffic based on Multi-Head Self-Attention Mechanism"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3124-5452","authenticated-orcid":false,"given":"Jinfu","family":"Chen","sequence":"first","affiliation":[{"name":"Jiangsu University, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-1330-4391","authenticated-orcid":false,"given":"Luo","family":"Song","sequence":"additional","affiliation":[{"name":"Jiangsu University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0743-1156","authenticated-orcid":false,"given":"Saihua","family":"Cai","sequence":"additional","affiliation":[{"name":"Jiangsu University, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6747-2931","authenticated-orcid":false,"given":"Haodi","family":"Xie","sequence":"additional","affiliation":[{"name":"Jiangsu University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5099-1370","authenticated-orcid":false,"given":"Shang","family":"Yin","sequence":"additional","affiliation":[{"name":"Jiangsu University, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4484-2771","authenticated-orcid":false,"given":"Bilal","family":"Ahmad","sequence":"additional","affiliation":[{"name":"Jiangsu University, China"}]}],"member":"320","published-online":{"date-parts":[[2023,10,14]]},"reference":[{"issue":"2","key":"e_1_3_1_2_2","first-page":"1","article-title":"Unsupervised network intrusion detection systems for zero-day fast-spreading attacks and botnets","volume":"10","author":"Amoli Payam Vahdani","year":"2016","unstructured":"Payam Vahdani Amoli, Timo Hamalainen, Gil David, Mikhail Zolotukhin, and Mahsa Mirzamohammad. 2016. Unsupervised network intrusion detection systems for zero-day fast-spreading attacks and botnets. JDCTA (International Journal of Digital Content Technology and its Applications 10, 2 (2016), 1\u201313.","journal-title":"JDCTA (International Journal of Digital Content Technology and its Applications"},{"key":"e_1_3_1_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/2996758.2996768"},{"key":"e_1_3_1_4_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-017-0306-6"},{"key":"e_1_3_1_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/1368436.1368445"},{"key":"e_1_3_1_6_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45670-5_8"},{"key":"e_1_3_1_7_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2023.107166"},{"key":"e_1_3_1_8_2","unstructured":"Cisco. 2019. Joy. https:\/\/github.com\/cisco\/joy Retrieved on 2019-11-8."},{"key":"e_1_3_1_9_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_3_1_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/3269206.3271709"},{"key":"e_1_3_1_11_2","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/5363764"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.107974"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2890394"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2022.3215507"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2022.04.018"},{"key":"e_1_3_1_17_2","volume-title":"Detecting Malware in TLS Traffic","author":"Roques Olivier","year":"2019","unstructured":"Olivier Roques, S. Maffeis, and M. Cova. 2019. Detecting Malware in TLS Traffic. Master\u2019s thesis. Imperial College London."},{"key":"e_1_3_1_18_2","first-page":"108","article-title":"Toward generating a new intrusion detection dataset and intrusion traffic characterization.","volume":"1","author":"Sharafaldin Iman","year":"2018","unstructured":"Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani. 2018. Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSP 1 (2018), 108\u2013116.","journal-title":"ICISSP"},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2019.01.064"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/TMC.2018.2866249"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-99073-6_17"},{"key":"e_1_3_1_22_2","unstructured":"Stratosphere. 2015. Stratosphere Laboratory Datasets. https:\/\/www.stratosphereips.org\/datasets-overview Retrieved March 13 2020."},{"key":"e_1_3_1_23_2","article-title":"Attention is all you need","volume":"30","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. Advances in Neural Information Processing Systems 30 (2017). https:\/\/proceedings.neurips.cc\/paper_files\/paper\/2017\/file\/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1002\/nem.1901"},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2020.2989695"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v34i07.6903"},{"key":"e_1_3_1_27_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxac008"},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.5555\/3304222.3304315"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1109\/CyberC.2019.00020"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1155\/2022\/4274139"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613960","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3613960","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:26Z","timestamp":1750178246000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3613960"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,14]]},"references-count":29,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,11,30]]}},"alternative-id":["10.1145\/3613960"],"URL":"https:\/\/doi.org\/10.1145\/3613960","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,14]]},"assertion":[{"value":"2022-11-22","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-07-27","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-10-14","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}