{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T03:08:31Z","timestamp":1766545711466,"version":"3.48.0"},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T00:00:00Z","timestamp":1766534400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T00:00:00Z","timestamp":1766534400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["Grant 62472087"],"award-info":[{"award-number":["Grant 62472087"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>While encrypted traffic protects user privacy and data security, it is also frequently exploited by malicious actors for illegal activities, e.g., phishing and malware distribution. Therefore, accurately and efficiently identifying user behavior behind encrypted traffic is crucial to maintaining network security. However, existing encrypted traffic classification methods rely on flow-level feature extraction, which is ineffective for short traffic flow. Additionally, these methods only analyze the graph interaction structure between local clients and remote servers, failing to effectively utilize the byte-level information in packets. This results in limited adaptability and low accuracy. To address these limitations, in this paper, we propose an encrypted traffic classification method, named Global-Statistical features and Packet-Bytes, for feature extraction and fusion. This method effectively utilizes byte-level information and constructs a graph structure based on sliding windows and Jaccard similarity between packet bytes. In particular, we design a triple embedding layer to embed traffic flow features and packet byte features. Feature fusion is achieved through an encoder-decoder module and a cross-gated feature fusion mechanism. Experiments on public datasets show that our method outperforms several state-of-the-art methods in fine-grained encrypted traffic classification tasks.<\/jats:p>","DOI":"10.1186\/s42400-025-00446-6","type":"journal-article","created":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T03:02:01Z","timestamp":1766545321000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["GSPB: a global-statistic and packet-byte fusion framework for encrypted traffic classification"],"prefix":"10.1186","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-3086-2094","authenticated-orcid":false,"given":"Haiyue","family":"Li","sequence":"first","affiliation":[]},{"given":"Jun","family":"Tao","sequence":"additional","affiliation":[]},{"given":"Linxiao","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Yuantu","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Zuyan","family":"Wang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,12,24]]},"reference":[{"key":"446_CR1","doi-asserted-by":"crossref","unstructured":"Ao Y, Tao J, Zou D, Sun W, Yu L (2024) An accurate and lightweight intrusion detection model deployed on edge network devices. In: 2024 international joint conference on neural networks (IJCNN), pp. 1\u20138. IEEE","DOI":"10.1109\/IJCNN60899.2024.10651457"},{"key":"446_CR2","doi-asserted-by":"publisher","first-page":"5011","DOI":"10.1109\/TIFS.2023.3300521","volume":"18","author":"S Cui","year":"2023","unstructured":"Cui S, Dong C, Shen M, Liu Y, Jiang B, Lu Z (2023) CBSEQ: A channel-level behavior sequence for encrypted malware traffic detection. IEEE Trans Inf Forensics Secur 18:5011\u20135025","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"446_CR3","doi-asserted-by":"crossref","unstructured":"Deng X, Li Q, Xu K (2024) Robust and reliable early-stage website fingerprinting attacks via spatial-temporal distribution analysis. In: Proceedings of the 2024 on ACM SIGSAC conference on computer and communications security, pp. 1997\u20132011","DOI":"10.1145\/3658644.3670272"},{"key":"446_CR4","doi-asserted-by":"publisher","first-page":"107258","DOI":"10.1016\/j.comnet.2020.107258","volume":"176","author":"C Dong","year":"2020","unstructured":"Dong C, Zhang C, Lu Z, Liu B, Jiang B (2020) Cetanalytics: comprehensive effective traffic information analytics for encrypted traffic classification. Comput Netw 176:107258","journal-title":"Comput Netw"},{"key":"446_CR5","unstructured":"Dyer KP, Coull SE, Shrimpton T (2015) Marionette: a programmable network-traffic obfuscation system. In: Proceedings of the 24th USENIX conference on security symposium. SEC\u201915, pp. 367\u2013382. USENIX Association, USA"},{"key":"446_CR6","unstructured":"Gil GD, Lashkari AH, Mamun M, Ghorbani AA (2016) Characterization of encrypted and vpn traffic using time-related features. In: Proceedings of the 2nd international conference on information systems security and privacy (ICISSP 2016), pp. 407\u2013414. SciTePress Set\u00fabal, Portugal"},{"key":"446_CR7","unstructured":"Hamilton W, Ying Z, Leskovec J (2017) Inductive representation learning on large graphs. Advances in neural information processing systems 30"},{"key":"446_CR8","doi-asserted-by":"crossref","unstructured":"He K, Zhang X, Ren S, Sun J (2015) Delving deep into rectifiers: Surpassing human-level performance on imagenet classification. In: Proceedings of the IEEE international conference on computer vision, pp. 1026\u20131034","DOI":"10.1109\/ICCV.2015.123"},{"issue":"8","key":"446_CR9","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735\u20131780","journal-title":"Neural Comput"},{"key":"446_CR10","doi-asserted-by":"publisher","first-page":"119229","DOI":"10.1016\/j.ins.2023.119229","volume":"644","author":"Y Hong","year":"2023","unstructured":"Hong Y, Li Q, Yang Y, Shen M (2023) Graph based encrypted malicious traffic detection with hybrid analysis of multi-view features. Inf Sci 644:119229","journal-title":"Inf Sci"},{"key":"446_CR11","doi-asserted-by":"publisher","first-page":"5817","DOI":"10.1109\/TIFS.2023.3318960","volume":"18","author":"X Hu","year":"2023","unstructured":"Hu X, Gao W, Cheng G, Li R, Zhou Y, Wu H (2023) Toward early and accurate network intrusion detection using graph embedding. IEEE Trans Inf Forensics Secur 18:5817\u20135831","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"446_CR12","unstructured":"Ioffe S, Szegedy C (2015) Batch normalization: Accelerating deep network training by reducing internal covariate shift. In: International conference on machine learning, pp. 448\u2013456. pmlr"},{"key":"446_CR13","first-page":"547","volume":"37","author":"P Jaccard","year":"1901","unstructured":"Jaccard P (1901) \u00c9tude comparative de la distribution florale dans une portion des alpes et des jura. Bull Soc Vaudoise Sci Nat 37:547\u2013579","journal-title":"Bull Soc Vaudoise Sci Nat"},{"key":"446_CR14","unstructured":"Kipf TN, Welling M (2016) Semi-supervised classification with graph convolutional networks. arXiv preprint arXiv:1609.02907"},{"key":"446_CR15","unstructured":"Lashkari AH, Gil GD, Mamun MSI, Ghorbani AA (2017) Characterization of tor traffic using time based features. In: International conference on information systems security and privacy, vol.2, pp. 253\u2013262. SciTePress"},{"key":"446_CR16","doi-asserted-by":"crossref","unstructured":"Lin X, Xiong G, Gou G, Li Z, Shi J, Yu J (2022) Et-bert: A contextualized datagram representation with pre-training transformers for encrypted traffic classification. In: Proceedings of the ACM web conference 2022, pp. 633\u2013642","DOI":"10.1145\/3485447.3512217"},{"issue":"5","key":"446_CR17","doi-asserted-by":"publisher","first-page":"4359","DOI":"10.1109\/TDSC.2022.3222533","volume":"20","author":"Q Liu","year":"2023","unstructured":"Liu Q, Peng Y, Jiang H, Wu J, Wang T, Peng T, Wang G (2023) Slimbox: lightweight packet inspection over encrypted traffic. IEEE Trans Dependable Secure Comput 20(5):4359\u20134371","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"446_CR18","doi-asserted-by":"crossref","unstructured":"Liu C, He L, Xiong G, Cao Z, Li Z (2019) Fs-net: A flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE conference on computer communications, pp. 1171\u20131179. IEEE","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"446_CR19","doi-asserted-by":"crossref","unstructured":"Liu Y, Wang X, Qu B, Zhao F (2024) Atvitsc: A novel encrypted traffic classification method based on deep learning. IEEE transactions on information forensics and security","DOI":"10.1109\/TIFS.2024.3433446"},{"key":"446_CR20","doi-asserted-by":"crossref","unstructured":"Moore AW, Papagiannaki K (2005) Toward the accurate identification of network applications. In: International workshop on passive and active network measurement, pp. 41\u201354. Springer","DOI":"10.1007\/978-3-540-31966-5_4"},{"key":"446_CR21","doi-asserted-by":"crossref","unstructured":"Neto ECP, Dadkhah S, Ferreira R, Zohourian A, Lu R, Ghorbani AA (2023) Ciciot2023: A real-time dataset and benchmark for large-scale attacks in iot environment. Sensors 23(13)","DOI":"10.3390\/s23135941"},{"key":"446_CR22","doi-asserted-by":"crossref","unstructured":"Ning J, Poh GS, Loh J-C, Chia J, Chang E-C (2019) Privdpi: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. CCS \u201919, pp. 1657\u20131670. Association for Computing Machinery, New York, NY, USA","DOI":"10.1145\/3319535.3354204"},{"issue":"2","key":"446_CR23","doi-asserted-by":"publisher","first-page":"1988","DOI":"10.1109\/COMST.2018.2883147","volume":"21","author":"F Pacheco","year":"2018","unstructured":"Pacheco F, Exposito E, Gineste M, Baudoin C, Aguilar J (2018) Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun Surv Tutorials 21(2):1988\u20132014","journal-title":"IEEE Commun Surv Tutorials"},{"issue":"6","key":"446_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3457904","volume":"54","author":"E Papadogiannaki","year":"2021","unstructured":"Papadogiannaki E, Ioannidis S (2021) A survey on encrypted network traffic analysis applications, techniques, and countermeasures. ACM Comput Surv (CSUR) 54(6):1\u201335","journal-title":"ACM Comput Surv (CSUR)"},{"key":"446_CR25","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","volume":"16","author":"M Shen","year":"2020","unstructured":"Shen M, Liu Y, Zhu L, Du X, Hu J (2020) Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Trans Inf Forensics Secur 16:2046\u20132059","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"446_CR26","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Zhang J, Zhu L, Xu K, Du X (2021) Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans Inf Forensics Secur 16:2367\u20132380","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"446_CR27","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Zhang J, Zhu L, Xu K, Du X (2021) Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans Inf Forensics Secur 16:2367\u20132380","journal-title":"IEEE Trans Inf Forensics Secur"},{"issue":"1","key":"446_CR28","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1109\/COMST.2022.3208196","volume":"25","author":"M Shen","year":"2022","unstructured":"Shen M, Ye K, Liu X, Zhu L, Kang J, Yu S, Li Q, Xu K (2022) Machine learning-powered encrypted network traffic analysis: a comprehensive survey. IEEE Commun Surv Tutorials 25(1):791\u2013824","journal-title":"IEEE Commun Surv Tutorials"},{"key":"446_CR29","doi-asserted-by":"crossref","unstructured":"Song Z, Zhao Z, Zhang F, Xiong G, Cheng G, Zhao X, Guo S, Chen B (2023) I $$^{2}$$ rnn: An incremental and interpretable recurrent neural network for encrypted traffic classification. In: IEEE transactions on dependable and secure computing, pp. 1\u201314","DOI":"10.1109\/TDSC.2023.3245411"},{"key":"446_CR30","doi-asserted-by":"crossref","unstructured":"Taylor VF, Spolaor R, Conti M, Martinovic I (2016) Appscanner: Automatic fingerprinting of smartphone apps from encrypted network traffic. In: 2016 IEEE European symposium on security and privacy (EuroS &P), pp. 439\u2013454. IEEE","DOI":"10.1109\/EuroSP.2016.40"},{"key":"446_CR31","unstructured":"Veli\u010dkovi\u0107 P, Cucurull G, Casanova A, Romero A, Lio P, Bengio Y (2017) Graph attention networks. arXiv preprint arXiv:1710.10903"},{"key":"446_CR32","doi-asserted-by":"crossref","unstructured":"Wang X, Chen S, Su J (2020) App-net: A hybrid neural network for encrypted mobile traffic classification. In: IEEE INFOCOM 2020-IEEE conference on computer communications workshops (INFOCOM WKSHPS), pp. 424\u2013429. IEEE","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162891"},{"key":"446_CR33","doi-asserted-by":"crossref","unstructured":"Wang L, Dyer KP, Akella A, Ristenpart T, Shrimpton T (2015) Seeing through network-protocol obfuscation. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. CCS \u201915, pp. 57\u201369. Association for computing machinery, New York, NY, USA","DOI":"10.1145\/2810103.2813715"},{"key":"446_CR34","unstructured":"Wu M, Sippe J, Sivakumar D, Burg J, Anderson P, Wang X, Bock K, Houmansadr A, Levin D, Wustrow E (2023) How the great firewall of china detects and blocks fully encrypted traffic. In: 32nd USENIX security symposium (USENIX security 23), pp. 2653\u20132670. USENIX Association, Anaheim, CA"},{"key":"446_CR35","unstructured":"Wu F, Souza A, Zhang T, Fifty C, Yu T, Weinberger K (2019) Simplifying graph convolutional networks. In: International conference on machine learning, pp. 6861\u20136871. Pmlr"},{"key":"446_CR36","doi-asserted-by":"crossref","unstructured":"Xie R, Wang Y, Cao J, Dong E, Xu M, Sun K, Li Q, Shen L, Zhang M (2023) Rosetta: Enabling robust tls encrypted traffic classification in diverse network environments with tcp-aware traffic augmentation. In: Proceedings of the ACM turing award celebration conference-China 2023, pp. 131\u2013132","DOI":"10.1145\/3603165.3607437"},{"key":"446_CR37","doi-asserted-by":"publisher","first-page":"2166","DOI":"10.1109\/TIFS.2022.3179955","volume":"17","author":"S-J Xu","year":"2022","unstructured":"Xu S-J, Geng G-G, Jin X-B, Liu D-J, Weng J (2022) Seeing traffic paths: Encrypted traffic classification with path signature features. IEEE Trans Inf Forensics Secur 17:2166\u20132181","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"446_CR38","unstructured":"Xu K, Hu W, Leskovec J, Jegelka S (2018) How powerful are graph neural networks? arXiv preprint arXiv:1810.00826"},{"key":"446_CR39","doi-asserted-by":"publisher","first-page":"110475","DOI":"10.1016\/j.comnet.2024.110475","volume":"247","author":"L Yu","year":"2024","unstructured":"Yu L, Tao J, Xu Y, Sun W, Wang Z (2024) Tls fingerprint for encrypted malicious traffic detection with attributed graph kernel. Comput Netw 247:110475","journal-title":"Comput Netw"},{"key":"446_CR40","doi-asserted-by":"publisher","first-page":"109084","DOI":"10.1016\/j.comnet.2022.109084","volume":"213","author":"F Zaki","year":"2022","unstructured":"Zaki F, Afifi F, Abd Razak S, Gani A, Anuar NB (2022) Grain: Granular multi-label encrypted traffic classification using classifier chain. Comput Netw 213:109084","journal-title":"Comput Netw"},{"issue":"1","key":"446_CR41","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1109\/TKDE.2020.2981333","volume":"34","author":"Z Zhang","year":"2020","unstructured":"Zhang Z, Cui P, Zhu W (2020) Deep learning on graphs: a survey. IEEE Trans Knowl Data Eng 34(1):249\u2013270","journal-title":"IEEE Trans Knowl Data Eng"},{"key":"446_CR42","doi-asserted-by":"crossref","unstructured":"Zhang H, Yu L, Xiao X, Li Q, Mercaldo F, Luo X, Liu Q (2023) Tfe-gnn: A temporal fusion encoder using graph neural networks for fine-grained encrypted traffic classification. In: Proceedings of the ACM web conference 2023, pp. 2066\u20132075","DOI":"10.1145\/3543507.3583227"},{"key":"446_CR43","doi-asserted-by":"crossref","unstructured":"Zhao R, Deng X, Yan Z, Ma J, Xue Z, Wang Y (2022) Mt-flowformer: A semi-supervised flow transformer for encrypted traffic classification. In: Proceedings of the 28th ACM SIGKDD conference on knowledge discovery and data mining. KDD \u201922, pp. 2576\u20132584. Association for computing machinery, New York, NY, USA","DOI":"10.1145\/3534678.3539314"},{"key":"446_CR44","doi-asserted-by":"crossref","unstructured":"Zhao Z, Li Z, Jiang J, Yu F, Zhang F, Xu C, Zhao X, Zhang R, Guo S (2023) Ernn: Error-resilient rnn for encrypted traffic detection towards network-induced phenomena. IEEE transactions on dependable and secure computing, pp. 1\u201318","DOI":"10.1109\/TDSC.2023.3242134"},{"key":"446_CR45","doi-asserted-by":"crossref","unstructured":"Zheng W, Gou C, Yan L, Mo S (2020) Learning to classify: A flow-based relation network for encrypted traffic classification. In: Proceedings of The Web conference 2020, pp. 13\u201322","DOI":"10.1145\/3366423.3380090"},{"key":"446_CR46","doi-asserted-by":"crossref","unstructured":"Zhou G, Guo X, Liu Z, Li T, Li Q, Xu K (2024) Trafficformer: an efficient pre-trained model for traffic data. In: 2025 IEEE symposium on security and privacy (SP), pp. 102\u2013102. IEEE Computer Society","DOI":"10.1109\/SP61157.2025.00102"},{"issue":"2","key":"446_CR47","doi-asserted-by":"publisher","first-page":"1660","DOI":"10.1109\/TNSM.2023.3344580","volume":"21","author":"Y Zhu","year":"2023","unstructured":"Zhu Y, Tao J, Wang H, Yu L, Luo Y, Qi T, Wang Z, Xu Y (2023) Dgnn: Accurate darknet application classification adopting attention graph neural network. IEEE Trans Netw Serv Manage 21(2):1660\u20131671","journal-title":"IEEE Trans Netw Serv Manage"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00446-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00446-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00446-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,24]],"date-time":"2025-12-24T03:02:10Z","timestamp":1766545330000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00446-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,12,24]]},"references-count":47,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["446"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00446-6","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,12,24]]},"assertion":[{"value":"11 April 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 July 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"24 December 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no Conflict of interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"120"}}