{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,27]],"date-time":"2026-05-27T21:50:15Z","timestamp":1779918615814,"version":"3.53.1"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,4,20]],"date-time":"2025-04-20T00:00:00Z","timestamp":1745107200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,4,20]],"date-time":"2025-04-20T00:00:00Z","timestamp":1745107200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100012165","name":"Key Technologies Research and Development Program","doi-asserted-by":"publisher","award":["2022YFC3321102"],"award-info":[{"award-number":["2022YFC3321102"]}],"id":[{"id":"10.13039\/501100012165","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"Abstract<\/jats:title>\n In the contemporary digital landscape, mobile applications have become the predominant conduit for internet connectivity and daily tasks. Simultaneously, the advent of application encryption technology has safeguarded users\u2019 privacy. However, this encryption, while fortifying privacy, introduces challenges to security by hindering the effective management of network applications within encrypted data streams. Conventional detection methods for encrypted application traffic, relying heavily on statistical metrics like payload, packet size, and distribution, are constrained to single traffic flows, often yielding results of limited specificity. To address this limitation, our paper introduces an innovative approach that elucidates the multi-flow nature of application behavior traffic and provides context to encrypted application traffic. This method offers a more nuanced and comprehensive perspective for understanding and representing network traffic, even when encrypted. The efficacy of our approach was evaluated using a substantial volume of real network traffic data. Results indicate that our method achieves an average accuracy of 0.958 in identifying application behavior traffic and 0.955 in classifying application traffic. These outcomes signify a substantial enhancement over single network flow-based detection methods, demonstrating a notable 5.3% improvement.<\/jats:p>","DOI":"10.1186\/s42400-024-00301-0","type":"journal-article","created":{"date-parts":[[2025,4,20]],"date-time":"2025-04-20T03:02:11Z","timestamp":1745118131000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Enmob: Unveil the Behavior with Multi-flow Analysis of Encrypted App Traffic"],"prefix":"10.1186","volume":"8","author":[{"given":"Ge","family":"Mengmeng","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Feng","family":"Ruitao","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liu","family":"Likun","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yu","family":"Xiangzhan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Sachidananda","family":"Vinay","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Xie","family":"Xiaofei","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Liu","family":"Yang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,4,20]]},"reference":[{"key":"301_CR1","doi-asserted-by":"crossref","unstructured":"Aceto G, Ciuonzo D, Montieri A, Pescap\u00e9 A (2018) Mobile encrypted traffic classification using deep learning. In 2018 Network traffic measurement and analysis conference (TMA), pages 1\u20138. IEEE","DOI":"10.23919\/TMA.2018.8506558"},{"key":"301_CR2","doi-asserted-by":"publisher","first-page":"103545","DOI":"10.1016\/j.csi.2021.103545","volume":"78","author":"AA Afuwape","year":"2021","unstructured":"Afuwape AA, Ying X, Anajemba JH, Srivastava G (2021) Performance evaluation of secured network traffic classification using a machine learning approach. Comput Stand Interf 78:103545","journal-title":"Comput Stand Interf"},{"key":"301_CR3","doi-asserted-by":"crossref","unstructured":"Alhawi Omar MK, Baldwin J, Dehghantanha A (2018) Leveraging machine learning techniques for windows ransomware network traffic detection. Cyber threat intelligence, pages 93\u2013106,","DOI":"10.1007\/978-3-319-73951-9_5"},{"key":"301_CR4","doi-asserted-by":"crossref","unstructured":"Bar-Yanai R, Langberg M, Peleg D, Roditty L (2010) Realtime classification for encrypted traffic. In Experimental Algorithms: 9th International Symposium, SEA 2010, Ischia Island, Naples, Italy, May 20-22, 2010. Proceedings 9, pages 373\u2013385. Springer","DOI":"10.1007\/978-3-642-13193-6_32"},{"key":"301_CR5","doi-asserted-by":"crossref","unstructured":"Barradas D, Santos N, Rodrigues L, Signorello S, Ramos Fernando MV, Madeira A (2021) Flowlens: Enabling efficient flow classification for ml-based network security applications. In Proceedings of the Network and Distributed Systems Security (NDSS) Symposium","DOI":"10.14722\/ndss.2021.24067"},{"key":"301_CR6","unstructured":"Bartos K, Sofka M, Franc V (2016) Optimized invariant representation of network traffic for detecting unseen malware variants. In 25th USENIX Security Symposium (USENIX Security 16), pages 807\u2013822, Austin, TX, August. USENIX Association"},{"key":"301_CR7","unstructured":"Borders K, Springer J, Burnside M (2012) Chimera: A declarative language for streaming network traffic analysis. In 21st USENIX Security Symposium (USENIX Security 12), pages 365\u2013379, Bellevue, WA, August. USENIX Association"},{"key":"301_CR8","unstructured":"Buchanan S (2022) Deep networks through the lens of low-dimensional structure: towards mathematical and computational principles for nonlinear Data. Columbia University"},{"key":"301_CR9","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1016\/j.comnet.2014.11.001","volume":"76","author":"T Bujlow","year":"2015","unstructured":"Bujlow T, Carela-Espa\u00f1ol V, Barlet-Ros P (2015) Independent comparison of popular dpi tools for traffic classification. Comput Netw 76:75\u201389","journal-title":"Comput Netw"},{"issue":"1","key":"301_CR10","doi-asserted-by":"publisher","first-page":"114","DOI":"10.1109\/TIFS.2015.2478741","volume":"11","author":"M Conti","year":"2016","unstructured":"Conti M, Mancini Luigi V, Spolaor R, Verde Nino V (2016) Analyzing android encrypted network traffic to identify user actions. IEEE Trans Inform Forensics Sec 11(1):114\u2013125","journal-title":"IEEE Trans Inform Forensics Sec"},{"issue":"4","key":"301_CR11","doi-asserted-by":"publisher","first-page":"4197","DOI":"10.1109\/TNSM.2021.3120804","volume":"18","author":"S Dong","year":"2021","unstructured":"Dong S, Xia Y, Peng T (2021) Network abnormal traffic detection model based on semi-supervised deep reinforcement learning. IEEE Trans Netw Serv Manage 18(4):4197\u20134212","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"301_CR12","doi-asserted-by":"crossref","unstructured":"Draper-Gil Gerard, Lashkari Arash\u00a0Habibi, Mamun Mohammad Saiful\u00a0Islam, Ghorbani Ali\u00a0A (2016) Characterization of encrypted and vpn traffic using time-related. In Proceedings of the 2nd international conference on information systems security and privacy (ICISSP), pages 407\u2013414. sn","DOI":"10.5220\/0005740704070414"},{"key":"301_CR13","doi-asserted-by":"crossref","unstructured":"Fan Z, Liu R (2017) Investigation of machine learning based network traffic classification. In 2017 International Symposium on Wireless Communication Systems (ISWCS), pages 1\u20136","DOI":"10.1109\/ISWCS.2017.8108090"},{"issue":"6","key":"301_CR14","doi-asserted-by":"publisher","first-page":"2001","DOI":"10.1109\/TITS.2018.2854913","volume":"20","author":"X Feng","year":"2019","unstructured":"Feng X, Ling X, Zheng H, Chen Z, Yiwen X (2019) Adaptive multi-kernel svm with spatial-temporal correlation for short-term traffic flow prediction. IEEE Trans Intell Trans Syst 20(6):2001\u20132013","journal-title":"IEEE Trans Intell Trans Syst"},{"key":"301_CR15","doi-asserted-by":"crossref","unstructured":"Holland J, Schmitt P, Feamster N, Mittal P (2021) New directions in automated traffic analysis. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201921, page 3366-3383, New York, NY. Association for Computing Machinery","DOI":"10.1145\/3460120.3484758"},{"key":"301_CR16","unstructured":"Jacob G, Hund R, Kruegel C, Holz T (2011)JACKSTRAWS: Picking command and control connections from bot traffic. In 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA, August. USENIX Association"},{"key":"301_CR17","doi-asserted-by":"crossref","unstructured":"Jadav N, Dutta N, Sarma Hiren KD, Pricop E, Tanwar S (2021) A machine learning approach to classify network traffic. In 2021 13th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), pages 1\u20136","DOI":"10.1109\/ECAI52376.2021.9515039"},{"key":"301_CR18","doi-asserted-by":"publisher","first-page":"2524","DOI":"10.1109\/TIFS.2023.3267885","volume":"18","author":"W Li","year":"2023","unstructured":"Li W, Zhang X-Y, Bao H, Yang B, Li Z, Shi H, Wang Q (2023) Prism: Real-time privacy protection against temporal network traffic analyzers. IEEE Trans Inform Forensics Sec 18:2524\u20132537","journal-title":"IEEE Trans Inform Forensics Sec"},{"issue":"4","key":"301_CR19","doi-asserted-by":"publisher","first-page":"2494","DOI":"10.1109\/TNSE.2020.3014380","volume":"7","author":"W Li","year":"2020","unstructured":"Li W, Zhou S, Li R, Zhang K, Qichao X (2020) Abnormal crowd traffic detection for crowdsourced indoor positioning in heterogeneous communications networks. IEEE Trans Netw Sci Eng 7(4):2494\u20132505","journal-title":"IEEE Trans Netw Sci Eng"},{"key":"301_CR20","doi-asserted-by":"crossref","unstructured":"Li Y, Feng R, Chen S, Guo Q, Fan L, Li X (2021)Iconchecker: anomaly detection of icon-behaviors for android apps. In 2021 28th Asia-Pacific Software Engineering Conference (APSEC), pages 202\u2013212","DOI":"10.1109\/APSEC53868.2021.00028"},{"key":"301_CR21","doi-asserted-by":"crossref","unstructured":"Li H, Hu H, Gu G, Ahn G-J, Zhang F (2018) vnids: Towards elastic security with safe and efficient virtualization of network intrusion detection systems. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 17\u201334","DOI":"10.1145\/3243734.3243862"},{"key":"301_CR22","first-page":"633","volume":"2022","author":"X Lin","year":"2022","unstructured":"Lin X, Xiong G, Gou G, Li Z, Shi J, Jing Y (2022) Et-bert: a contextualized datagram representation with pre-training transformers for encrypted traffic classification. Proc ACM Web Conf 2022:633\u2013642","journal-title":"Proc ACM Web Conf"},{"key":"301_CR23","doi-asserted-by":"publisher","first-page":"7550","DOI":"10.1109\/ACCESS.2020.3048198","volume":"9","author":"L Liu","year":"2021","unstructured":"Liu L, Wang P, Lin J, Liu L (2021) Intrusion detection of imbalanced network traffic based on machine learning and deep learning. IEEE Access 9:7550\u20137563","journal-title":"IEEE Access"},{"key":"301_CR24","doi-asserted-by":"crossref","unstructured":"Liu C, He L, Xiong G, Cao Z, Li Z (2019) Fs-net: A flow sequence network for encrypted traffic classification. In IEEE INFOCOM 2019-IEEE Conference On Computer Communications, pages 1171\u20131179. IEEE","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"301_CR25","doi-asserted-by":"publisher","first-page":"216","DOI":"10.1016\/j.patcog.2019.02.023","volume":"91","author":"A Luque","year":"2019","unstructured":"Luque A, Carrasco A, Mart\u00edn A, de Las HA (2019) The impact of class imbalance in classification performance metrics based on the binary confusion matrix. Pattern Recognit 91:216\u2013231","journal-title":"Pattern Recognit"},{"key":"301_CR26","doi-asserted-by":"crossref","unstructured":"Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: An ensemble of autoencoders for online network intrusion detection. In The Network and Distributed System Security Symposium (NDSS) 2018","DOI":"10.14722\/ndss.2018.23204"},{"key":"301_CR27","unstructured":"Nakibly G, Schcolnik J, Rubin Y (2016) Website-targeted false content injection by network operators. In 25th USENIX Security Symposium (USENIX Security 16), pages 227\u2013244, Austin, TX, August. USENIX Association"},{"key":"301_CR28","unstructured":"Nasr M, Bahramali A, Houmansadr A (2021) Defeating $$\\{$$DNN-Based$$\\}$$ traffic analysis systems in $$\\{$$Real-Time$$\\}$$ with blind adversarial perturbations. In 30th USENIX Security Symposium (USENIX Security 21), pages 2705\u20132722,"},{"key":"301_CR29","doi-asserted-by":"crossref","unstructured":"Shafiq M, Yu X, Laghari A\u00a0A, Yao L, Karn N\u00a0K, Abdessamia F (2016) Network traffic classification techniques and comparative analysis using machine learning algorithms. In 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pages 2451\u20132455","DOI":"10.1109\/CompComm.2016.7925139"},{"key":"301_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2019\/4202735","volume":"2019","author":"Q Shang","year":"2019","unstructured":"Shang Q, Tan D, Gao S, Feng L (2019) A hybrid method for traffic incident duration prediction using BOA-optimized random forest combined with neighborhood components analysis. J Adv Trans 2019:1\u201311. https:\/\/doi.org\/10.1155\/2019\/4202735","journal-title":"J Adv Trans"},{"issue":"2","key":"301_CR31","doi-asserted-by":"publisher","first-page":"1218","DOI":"10.1109\/TNSM.2021.3071441","volume":"18","author":"T Shapira","year":"2021","unstructured":"Shapira T, Shavitt Y (2021) Flowpic: a generic representation for encrypted traffic classification and applications identification. IEEE Trans Netw Serv Manage 18(2):1218\u20131232","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"301_CR32","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Liu Y, Zhu L, Xiaojiang D, Jiankun H (2021) Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Trans Inform Forensics Sec 16:2046\u20132059","journal-title":"IEEE Trans Inform Forensics Sec"},{"key":"301_CR33","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Zhang J, Zhu L, Ke X, Xiaojiang D (2021) Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans Inform Forensics Sec 16:2367\u20132380","journal-title":"IEEE Trans Inform Forensics Sec"},{"key":"301_CR34","doi-asserted-by":"crossref","unstructured":"Sirinam P, Imani M, Juarez M, Wright M (2018) Deep fingerprinting: Undermining website fingerprinting defenses with deep learning. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201918, page 1928-1943, New York, NY, USA. Association for Computing Machinery","DOI":"10.1145\/3243734.3243768"},{"key":"301_CR35","unstructured":"Smart home trends to watch in 2022 and beyond (2022)"},{"key":"301_CR36","unstructured":"Sun Y, Edmundson A, Vanbever L, Li O, Rexford J, Chiang M, Mittal P (2015) RAPTOR: Routing attacks on privacy in tor. In 24th USENIX Security Symposium (USENIX Security 15), pages 271\u2013286, Washington, D.C., August. USENIX Association"},{"key":"301_CR37","doi-asserted-by":"crossref","unstructured":"Taylor Vincent F, Spolaor R, Conti M, Martinovic I (2016)Appscanner: automatic fingerprinting of smartphone apps from encrypted network traffic. In 2016 IEEE European Symposium on Security and Privacy (EuroS &P), pages 439\u2013454","DOI":"10.1109\/EuroSP.2016.40"},{"key":"301_CR38","doi-asserted-by":"crossref","unstructured":"Van\u00a0Ede T, Bortolameotti R, Continella A, Ren J, Dubois Daniel J, Lindorfer M, Choffnes D, Van Steen M, Peter A (2020) Flowprint: semi-supervised mobile-app fingerprinting on encrypted network traffic. In Network and distributed system security symposium (NDSS), volume\u00a027,","DOI":"10.14722\/ndss.2020.24412"},{"issue":"1","key":"301_CR39","doi-asserted-by":"publisher","first-page":"2872","DOI":"10.1038\/s41467-021-23102-2","volume":"12","author":"JT Vogelstein","year":"2021","unstructured":"Vogelstein JT, Bridgeford EW, Tang M, Zheng D, Douville C, Burns R, Maggioni M (2021) Supervised dimensionality reduction for big data. Nature Commun 12(1):2872","journal-title":"Nature Commun"},{"key":"301_CR40","doi-asserted-by":"publisher","first-page":"54024","DOI":"10.1109\/ACCESS.2019.2912896","volume":"7","author":"P Wang","year":"2019","unstructured":"Wang P, Chen X, Ye F, Sun Z (2019) A survey of techniques for mobile service encrypted traffic classification using deep learning. IEEE Access 7:54024\u201354033","journal-title":"IEEE Access"},{"key":"301_CR41","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Wang J, Zeng X, Yang Z (2017) End-to-end encrypted traffic classification with one-dimensional convolution neural networks. In 2017 IEEE international conference on intelligence and security informatics (ISI), pages 43\u201348. IEEE","DOI":"10.1109\/ISI.2017.8004872"},{"key":"301_CR42","doi-asserted-by":"crossref","unstructured":"Wang W, Zhu M, Zeng X, Ye X, Sheng Y (2017) Malware traffic classification using convolutional neural network for representation learning. In 2017 International conference on information networking (ICOIN), pages 712\u2013717. IEEE","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"301_CR43","unstructured":"Wang T, Goldberg I (2017) Walkie-talkie: an efficient defense against passive website fingerprinting attacks. In 26th USENIX Security Symposium (USENIX Security 17), pages 1375\u20131390, Vancouver, BC, August. USENIX Association"},{"key":"301_CR44","doi-asserted-by":"crossref","unstructured":"Wang J, Cao Z, Kang C, Xiong G (2019) User behavior classification in encrypted cloud camera traffic. In 2019 IEEE Global Communications Conference (GLOBECOM), pages 1\u20136. IEEE","DOI":"10.1109\/GLOBECOM38437.2019.9013558"},{"issue":"8","key":"301_CR45","doi-asserted-by":"publisher","first-page":"1661","DOI":"10.1109\/TPDS.2012.261","volume":"24","author":"M Xie","year":"2012","unstructured":"Xie M, Jiankun H, Han S, Chen H-H (2012) Scalable hypergrid K-NN-based online anomaly detection in wireless sensor networks. IEEE Trans Parallel Distrib Syst 24(8):1661\u20131670","journal-title":"IEEE Trans Parallel Distrib Syst"},{"key":"301_CR46","first-page":"13","volume":"2020","author":"W Zheng","year":"2020","unstructured":"Zheng W, Gou C, Yan L, Mo S (2020) Learning to classify: a flow-based relation network for encrypted traffic classification. Proc Web Conf 2020:13\u201322","journal-title":"Proc Web Conf"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00301-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-024-00301-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-024-00301-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,20]],"date-time":"2025-04-20T03:02:25Z","timestamp":1745118145000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-024-00301-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,4,20]]},"references-count":46,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["301"],"URL":"https:\/\/doi.org\/10.1186\/s42400-024-00301-0","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,4,20]]},"assertion":[{"value":"5 February 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 June 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 April 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"26"}}