{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T11:34:32Z","timestamp":1768822472460,"version":"3.49.0"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T00:00:00Z","timestamp":1717200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Using deep learning models to deal with the classification tasks in network traffic offers a new approach to address the imbalanced Internet of Things malicious traffic classification problems. However, the employment difficulty of these models may be immense due to their high resource consumption and inadequate interpretability. Fortunately, the effectiveness of sampling methods based on the statistical principles in imbalance data distribution indicates the path. In this paper, we address these challenges by proposing a hybrid sampling method, termed HSS, which integrates undersampling and oversampling techniques. Our approach not only mitigates the imbalance in malicious traffic but also fine-tunes the sampling threshold to optimize performance, as substantiated through validation tests. Employed across three distinct classification tasks, this method furnishes simplified yet representative samples, enhancing the baseline models\u2019 classification capabilities by a minimum of 6.02% and a maximum of 182.66%. Moreover, it notably reduces resource consumption, with sample numbers diminishing to a ratio of at least 83.53%. This investigation serves as a foundation, demonstrating the efficacy of HSS in bolstering security measures in IoT networks, potentially guiding the development of more adept and resource-efficient solutions.<\/jats:p>","DOI":"10.1186\/s42400-023-00201-9","type":"journal-article","created":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T02:01:46Z","timestamp":1717207306000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["HSS: enhancing IoT malicious traffic classification leveraging hybrid sampling strategy"],"prefix":"10.1186","volume":"7","author":[{"given":"Yuantu","family":"Luo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun","family":"Tao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuehao","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yifan","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,6,1]]},"reference":[{"issue":"1","key":"201_CR1","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1109\/TKDE.2015.2458858","volume":"28","author":"L Abdi","year":"2015","unstructured":"Abdi L, Hashemi S (2015) To combat multi-class imbalanced problems by means of over-sampling techniques. IEEE Trans Knowl Data Eng 28(1):238\u2013251","journal-title":"IEEE Trans Knowl Data Eng"},{"issue":"3","key":"201_CR2","doi-asserted-by":"publisher","first-page":"1646","DOI":"10.1109\/COMST.2020.2988293","volume":"22","author":"MA Al-Garadi","year":"2020","unstructured":"Al-Garadi MA, Mohamed A, Al-Ali AK et al (2020) A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun Surv Tutor 22(3):1646\u20131685","journal-title":"IEEE Commun Surv Tutor"},{"issue":"1","key":"201_CR3","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1186\/s42400-022-00133-w","volume":"6","author":"R Alghamdi","year":"2023","unstructured":"Alghamdi R, Bellaiche M (2023) An ensemble deep learning based IDS for IoT using lambda architecture. Cybersecurity 6(1):5","journal-title":"Cybersecurity"},{"key":"201_CR4","unstructured":"Arora S, Hu W, Kothari PK (2018) An analysis of the t-SNE algorithm for data visualization. In: Conference on learning theory, PMLR, pp 1455\u20131462"},{"key":"201_CR5","doi-asserted-by":"publisher","first-page":"321","DOI":"10.1613\/jair.953","volume":"16","author":"NV Chawla","year":"2002","unstructured":"Chawla NV, Bowyer KW, Hall LO et al (2002) Smote: synthetic minority over-sampling technique. J Artif Intell Res 16:321\u2013357","journal-title":"J Artif Intell Res"},{"key":"201_CR6","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1016\/j.ins.2020.12.023","volume":"554","author":"Z Chen","year":"2021","unstructured":"Chen Z, Duan J, Kang L et al (2021) A hybrid data-level ensemble to enable learning from highly imbalanced dataset. Inf Sci 554:157\u2013176","journal-title":"Inf Sci"},{"issue":"5","key":"201_CR7","doi-asserted-by":"publisher","first-page":"1551","DOI":"10.1109\/TCSI.2020.2964903","volume":"67","author":"K Cho","year":"2020","unstructured":"Cho K, Park J, Oh TW et al (2020) One-sided Schmitt\u2013Trigger-based 9T SRAM cell for near-threshold operation. IEEE Trans Circuits Syst I Regul Pap 67(5):1551\u20131561","journal-title":"IEEE Trans Circuits Syst I Regul Pap"},{"key":"201_CR8","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.ins.2018.06.056","volume":"465","author":"G Douzas","year":"2018","unstructured":"Douzas G, Bacao F, Last F (2018) Improving imbalanced learning through a heuristic oversampling method based on k-means and smote. Inf Sci 465:1\u201320","journal-title":"Inf Sci"},{"key":"201_CR9","doi-asserted-by":"crossref","unstructured":"Draper-Gil G, Lashkari AH, Mamun MSI, et al (2016) Characterization of encrypted and VPN traffic using time-related. In: Proceedings of the 2nd international conference on information systems security and privacy (ICISSP), pp 407\u2013414","DOI":"10.5220\/0005740704070414"},{"key":"201_CR10","doi-asserted-by":"crossref","unstructured":"Du Y, Huang H, Sun YE, et al (2021) Self-adaptive sampling for network traffic measurement. In: IEEE INFOCOM 2021-IEEE conference on computer communications, IEEE, pp 1\u201310","DOI":"10.1109\/INFOCOM42981.2021.9488425"},{"issue":"22","key":"201_CR11","doi-asserted-by":"publisher","first-page":"15693","DOI":"10.1007\/s00521-021-06189-y","volume":"33","author":"EC G\u00f6k","year":"2021","unstructured":"G\u00f6k EC, Olgun MO (2021) SMOTE-NC and gradient boosting imputation based random forest classifier for predicting severity level of Covid-19 patients with blood samples. Neural Comput Appl 33(22):15693\u201315707","journal-title":"Neural Comput Appl"},{"key":"201_CR12","doi-asserted-by":"crossref","unstructured":"Han H, Wang WY, Mao BH (2005) Borderline-smote: a new over-sampling method in imbalanced data sets learning. In: International conference on intelligent computing, Springer, pp 878\u2013887","DOI":"10.1007\/11538059_91"},{"issue":"3","key":"201_CR13","doi-asserted-by":"publisher","first-page":"515","DOI":"10.1109\/TIT.1968.1054155","volume":"14","author":"P Hart","year":"1968","unstructured":"Hart P (1968) The condensed nearest neighbor rule (corresp.). IEEE Trans Inf Theory 14(3):515\u2013516","journal-title":"IEEE Trans Inf Theory"},{"key":"201_CR14","doi-asserted-by":"crossref","unstructured":"Huoh TL, Luo Y, Li P, et al (2022) Flow-based encrypted network traffic classification with graph neural networks. IEEE Trans Netw Serv Manag","DOI":"10.1109\/TNSM.2022.3227500"},{"key":"201_CR15","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1007\/s10796-012-9368-7","volume":"16","author":"Q Liu","year":"2014","unstructured":"Liu Q, Liu Z (2014) A comparison of improving multi-class imbalance for internet traffic classification. Inf Syst Front 16:509\u2013521","journal-title":"Inf Syst Front"},{"key":"201_CR16","doi-asserted-by":"publisher","first-page":"1023","DOI":"10.1007\/s10044-017-0620-0","volume":"21","author":"IJ Li","year":"2018","unstructured":"Li IJ, Wu JL, Yeh CH (2018) A fast classification strategy for SVM on the large-scale high-dimensional datasets. Pattern Anal Appl 21:1023\u20131038","journal-title":"Pattern Anal Appl"},{"key":"201_CR17","doi-asserted-by":"crossref","unstructured":"Li X, Liang Y, Yan S, et al (2019) A coordinated tiling and batching framework for efficient GEMM on GPUs. In: Proceedings of the 24th symposium on principles and practice of parallel programming, pp 229\u2013241","DOI":"10.1145\/3293883.3295734"},{"key":"201_CR18","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103000","volume":"124","author":"A Lichy","year":"2023","unstructured":"Lichy A, Bader O, Dubin R et al (2023) When a RF beats a CNN and GRU, together\u2014a comparison of deep learning and classical machine learning approaches for encrypted malware traffic classification. Comput Secur 124:103000","journal-title":"Comput Secur"},{"issue":"3","key":"201_CR19","doi-asserted-by":"publisher","first-page":"1999","DOI":"10.1007\/s00500-019-04030-2","volume":"24","author":"M Lotfollahi","year":"2020","unstructured":"Lotfollahi M, Jafari Siavoshani M, Shirali Hossein Zade R et al (2020) Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Comput 24(3):1999\u20132012","journal-title":"Soft Comput"},{"issue":"2","key":"201_CR20","doi-asserted-by":"publisher","first-page":"85","DOI":"10.26599\/BDMA.2019.9020015","volume":"3","author":"MS Mahmud","year":"2020","unstructured":"Mahmud MS, Huang JZ, Salloum S et al (2020) A survey of data partitioning and sampling methods to support big data analysis. Big Data Min Anal 3(2):85\u2013101","journal-title":"Big Data Min Anal"},{"issue":"1","key":"201_CR21","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/TPDS.2016.2546249","volume":"28","author":"S Mittal","year":"2016","unstructured":"Mittal S (2016) A survey of techniques for architecting and managing GPU register file. IEEE Trans Parallel Distrib Syst 28(1):16\u201328","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"201_CR22","doi-asserted-by":"publisher","first-page":"428","DOI":"10.1016\/j.sysarc.2019.01.011","volume":"97","author":"S Mittal","year":"2019","unstructured":"Mittal S (2019) A survey on optimized implementation of deep learning models on the NVIDIA Jetson platform. J Syst Archit 97:428\u2013442","journal-title":"J Syst Archit"},{"key":"201_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.sysarc.2019.101635","volume":"99","author":"S Mittal","year":"2019","unstructured":"Mittal S, Vaishay S (2019) A survey of techniques for optimizing deep learning on GPUs. J Syst Archit 99:101635","journal-title":"J Syst Archit"},{"key":"201_CR24","doi-asserted-by":"publisher","first-page":"5941","DOI":"10.3390\/s23135941","volume":"23","author":"ECP Neto","year":"2023","unstructured":"Neto ECP, Dadkhah S, Ferreira R et al (2023) CICIoT 2023: a real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors 23:5941. https:\/\/doi.org\/10.3390\/s23135941","journal-title":"Sensors"},{"key":"201_CR25","doi-asserted-by":"crossref","unstructured":"Qin J, Han X, Wang C, et al (2023) Network traffic classification based on SD sampling and hierarchical ensemble learning. Secur Commun Netw 2023","DOI":"10.1155\/2023\/4374385"},{"key":"201_CR26","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-021-00104-7","volume":"5","author":"T Rajmohan","year":"2022","unstructured":"Rajmohan T, Nguyen PH, Ferry N (2022) A decade of research on patterns and architectures for IoT security. Cybersecurity 5:1\u201329","journal-title":"Cybersecurity"},{"issue":"5","key":"201_CR27","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MCOM.2019.1800819","volume":"57","author":"S Rezaei","year":"2019","unstructured":"Rezaei S, Liu X (2019) Deep learning for encrypted traffic classification: an overview. IEEE Commun Mag 57(5):76\u201381","journal-title":"IEEE Commun Mag"},{"key":"201_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103098","volume":"127","author":"N Rust-Nguyen","year":"2023","unstructured":"Rust-Nguyen N, Sharma S, Stamp M (2023) Darknet traffic classification and adversarial attacks using machine learning. Comput Secur 127:103098","journal-title":"Comput Secur"},{"key":"201_CR29","doi-asserted-by":"crossref","unstructured":"Saber A, Fergani B, Abbas M (2018) Encrypted traffic classification: Combining over-and under-sampling through a PCA-SVM. In: 2018 3rd International conference on pattern analysis and intelligent systems (PAIS), IEEE, pp 1\u20135","DOI":"10.1109\/PAIS.2018.8598480"},{"issue":"9","key":"201_CR30","doi-asserted-by":"publisher","first-page":"3246","DOI":"10.3390\/s22093246","volume":"22","author":"EF Swana","year":"2022","unstructured":"Swana EF, Doorsamy W, Bokoro P (2022) Tomek link and smote approaches for machine fault classification with an imbalanced dataset. Sensors 22(9):3246","journal-title":"Sensors"},{"issue":"1","key":"201_CR31","doi-asserted-by":"publisher","first-page":"281","DOI":"10.1109\/TSMCB.2008.2002909","volume":"39","author":"Y Tang","year":"2008","unstructured":"Tang Y, Zhang YQ, Chawla NV et al (2008) SVMs modeling for highly imbalanced classification. IEEE Trans Syst Man Cybern Part B (Cybern) 39(1):281\u2013288","journal-title":"IEEE Trans Syst Man Cybern Part B (Cybern)"},{"key":"201_CR32","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Zeng X, et al (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 International conference on information networking (ICOIN), IEEE, pp 712\u2013717","DOI":"10.1109\/ICOIN.2017.7899588"},{"issue":"6","key":"201_CR33","doi-asserted-by":"publisher","first-page":"1182","DOI":"10.21629\/JSEE.2019.06.12","volume":"30","author":"X Xiaolong","year":"2019","unstructured":"Xiaolong X, Wen C, Yanfei S (2019) Over-sampling algorithm for imbalanced data classification. J Syst Eng Electron 30(6):1182\u20131191","journal-title":"J Syst Eng Electron"},{"issue":"4","key":"201_CR34","doi-asserted-by":"publisher","first-page":"4103","DOI":"10.1109\/TNSM.2021.3122940","volume":"18","author":"L Yang","year":"2021","unstructured":"Yang L, Finamore A, Jun F et al (2021) Deep learning and zero-day traffic classification: Lessons learned from a commercial-grade dataset. IEEE Trans Netw Serv Manag 18(4):4103\u20134118","journal-title":"IEEE Trans Netw Serv Manag"},{"key":"201_CR35","doi-asserted-by":"crossref","unstructured":"Zhang Z, Ning H, Shi F, et al (2022) Artificial intelligence in cyber security: research advances, challenges, and opportunities. Artif Intell Rev 1\u201325","DOI":"10.1007\/s10462-021-09976-0"},{"key":"201_CR36","doi-asserted-by":"crossref","unstructured":"Zhang H, Yu L, Xiao X et al (2023) TFE-GNN: a temporal fusion encoder using graph neural networks for fine-grained encrypted traffic classification. In: Proceedings of the ACM web conference, vol 2023, pp 2066\u20132075","DOI":"10.1145\/3543507.3583227"},{"key":"201_CR37","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2020.107247","volume":"174","author":"Y Zhou","year":"2020","unstructured":"Zhou Y, Cheng G, Jiang S et al (2020) Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput Netw 174:107247","journal-title":"Comput Netw"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00201-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-023-00201-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-023-00201-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,1]],"date-time":"2024-06-01T02:03:03Z","timestamp":1717207383000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-023-00201-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,6,1]]},"references-count":37,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["201"],"URL":"https:\/\/doi.org\/10.1186\/s42400-023-00201-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,6,1]]},"assertion":[{"value":"25 September 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"18 December 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 June 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"11"}}