{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T06:28:27Z","timestamp":1769668107891,"version":"3.49.0"},"reference-count":60,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T00:00:00Z","timestamp":1769385600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T00:00:00Z","timestamp":1769385600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"the Major Key Project of PCL","award":["Grant No. PCL2024A05-3"],"award-info":[{"award-number":["Grant No. PCL2024A05-3"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The widespread adoption of encrypted traffic protocols has significantly increased the challenge of detecting malicious traffic. Existing detection methods based on deep learning typically rely on fine-grained features of data packets, such as length sequences and intra-flow interaction graphs. However, these features are highly susceptible to disruption by diverse network environments and traffic obfuscation. This paper proposes MTDecipher, a robust method for detecting encrypted malicious traffic based on multi-task Graph Neural Network (GNN). MTDecipher employs a bidirectional attentive sequence encoder to mitigate the impact of diverse network environments and traffic obfuscation on packet length sequences, along with an edge-block dual sampling method and a multi-task GNN model to mitigate the training bias introduced by the unbalanced distribution of traffic. In the bidirectional attentive sequence encoder, a combination of a\u00a0Bi-GRU layer and an attention pooling layer is utilized to enhance the bidirectional encoding by generating weights for each element in the sequence, thereby obtaining robust encrypted traffic sequence features. In the edge-block dual sampling method, two rounds of sampling are involved to generate more evenly distributed subgraphs as training data, which reduces the local structural bias resulting from the aggregation of malicious flows. In the multi-task GNN model, the losses for both edge and node classification tasks are simultaneously optimized, thereby minimizing the homogeneity of adjacent edges. Experimental results on two real-world datasets with traffic obfuscation demonstrate that MTDecipher outperforms eight existing methods in terms of effectiveness in detecting encrypted malicious traffic.<\/jats:p>","DOI":"10.1186\/s42400-025-00522-x","type":"journal-article","created":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T03:55:35Z","timestamp":1769399735000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["MTDecipher: robust encrypted malicious traffic detection via multi-task graph neural networks"],"prefix":"10.1186","volume":"9","author":[{"given":"Fan","family":"Li","sequence":"first","affiliation":[]},{"given":"Xi","family":"Luo","sequence":"additional","affiliation":[]},{"given":"Weihong","family":"Han","sequence":"additional","affiliation":[]},{"given":"Binxing","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Lihua","family":"Yin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,1,26]]},"reference":[{"issue":"12","key":"522_CR1","doi-asserted-by":"publisher","first-page":"2274","DOI":"10.3390\/electronics13122274","volume":"13","author":"T Altaf","year":"2024","unstructured":"Altaf T, Wang X, Ni W, Yu G, Liu RP, Braun R (2024) Gnn-based network traffic analysis for the detection of sequential attacks in iot. Electronics 13(12):2274. https:\/\/doi.org\/10.3390\/electronics13122274","journal-title":"Electronics"},{"key":"522_CR2","doi-asserted-by":"publisher","first-page":"100178","DOI":"10.1109\/ACCESS.2022.3207757","volume":"10","author":"S Alzahrani","year":"2022","unstructured":"Alzahrani S, Xiao Y, Sun W (2022) An analysis of conti ransomware leaked source codes. IEEe Access 10:100178\u2013100193. https:\/\/doi.org\/10.1109\/ACCESS.2022.3207757","journal-title":"IEEe Access"},{"key":"522_CR3","doi-asserted-by":"publisher","unstructured":"Anderson B, McGrew D (2017) Machine learning for encrypted malware traffic classification: Accounting for noisy labels and non-stationarity. In: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp 1723\u20131732. https:\/\/doi.org\/10.1145\/3097983.3098163","DOI":"10.1145\/3097983.3098163"},{"key":"522_CR4","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1016\/j.ins.2019.01.023","volume":"483","author":"S Bag","year":"2019","unstructured":"Bag S, Kumar SK, Tiwari MK (2019) An efficient recommendation generation using relevant jaccard similarity. Inf Sci 483:53\u201364. https:\/\/doi.org\/10.1016\/j.ins.2019.01.023","journal-title":"Inf Sci"},{"key":"522_CR5","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2022.3211254","author":"O Barut","year":"2022","unstructured":"Barut O, Luo Y, Li P, Zhang T (2022) R1dit: Privacy-preserving malware traffic classification with attention-based neural networks. IEEE Trans Netw Serv Manage. https:\/\/doi.org\/10.1109\/TNSM.2022.3211254","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"522_CR6","unstructured":"Cherubin G, Jansen R, Troncoso C (2022) Online website fingerprinting: Evaluating website fingerprinting attacks on tor in the real world. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 753\u2013770. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/cherubin Accessed 2025-04-24"},{"key":"522_CR7","unstructured":"Darknet 2020 | Datasets | Research | Canadian Institute for Cybersecurity | UNB (2020). https:\/\/www.unb.ca\/cic\/datasets\/darknet2020.html Accessed 2025-06-12"},{"key":"522_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109614","volume":"224","author":"Z Diao","year":"2023","unstructured":"Diao Z, Xie G, Wang X, Ren R, Meng X, Zhang G, Xie K, Qiao M (2023) Ec-gcn: A encrypted traffic classification framework based on multi-scale graph convolution networks. Comput Netw 224:109614. https:\/\/doi.org\/10.1016\/j.comnet.2023.109614","journal-title":"Comput Netw"},{"key":"522_CR9","doi-asserted-by":"publisher","unstructured":"Dong Y, Wang S, Wang Y, Derr T, Li J (2022) On structural explanation of bias in graph neural networks. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Washington DC USA, pp. 316\u2013326. https:\/\/doi.org\/10.1145\/3534678.3539319","DOI":"10.1145\/3534678.3539319"},{"key":"522_CR10","doi-asserted-by":"publisher","unstructured":"Du W, Xue J, Yang X, Guo W, Gu D, Han W (2025) Transfficformer: A novel transformer-based framework to generate evasive malicious traffic. Knowledge-Based Systems 113546. https:\/\/doi.org\/10.1016\/j.knosys.2025.113546","DOI":"10.1016\/j.knosys.2025.113546"},{"issue":"2","key":"522_CR11","doi-asserted-by":"publisher","first-page":"228","DOI":"10.31154\/cogito.v9i2.494.228-240","volume":"9","author":"E Eliando","year":"2023","unstructured":"Eliando E, Warsito AB (2023) Lockbit black ransomware on reverse shell: Analysis of infection. CogITo Smart J 9(2):228\u2013240. https:\/\/doi.org\/10.31154\/cogito.v9i2.494.228-240","journal-title":"CogITo Smart J"},{"issue":"3","key":"522_CR12","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1016\/j.csda.2004.05.008","volume":"40","author":"JL Folks","year":"1978","unstructured":"Folks JL, Chhikara RS (1978) The inverse Gaussian distribution and its statistical application\u2013a review. J R Stat Soc Ser B Stat Methodol 40(3):263\u2013275. https:\/\/doi.org\/10.1016\/j.csda.2004.05.008","journal-title":"J R Stat Soc Ser B Stat Methodol"},{"key":"522_CR13","doi-asserted-by":"publisher","unstructured":"Fu Z, Liu M, Qin Y, Zhang J, Zou Y, Yin Q, Li Q, Duan H (2022) Encrypted malware traffic detection via graph-based network analysis. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, pp 495\u2013509. https:\/\/doi.org\/10.1145\/3545948.3545983","DOI":"10.1145\/3545948.3545983"},{"key":"522_CR14","unstructured":"Gong J, Wang T (2020) Zero-delay lightweight defenses against website fingerprinting. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 717\u2013734. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/gong Accessed 2025-04-24"},{"key":"522_CR15","unstructured":"Google Transparency Report (2025). https:\/\/transparencyreport.google.com\/https\/overview?hl=en Accessed 2025-06-12"},{"key":"522_CR16","unstructured":"Hamilton W, Ying Z, Leskovec J (2017) Inductive representation learning on large graphs. In: Advances in Neural Information Processing Systems 30: Annual Conference on Neural Information Processing Systems 2017, pp. 1024\u20131034. https:\/\/proceedings.neurips.cc\/paper\/2017\/hash\/5dd9db5e033da9c6fb5ba83c7a7ebea9-Abstract.html"},{"key":"522_CR17","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2024.110372","volume":"245","author":"X Han","year":"2024","unstructured":"Han X, Xu G, Zhang M, Yang Z, Yu Z, Huang W, Meng C (2024) De-gnn: Dual embedding with graph neural network for fine-grained encrypted traffic classification. Comput Netw 245:110372. https:\/\/doi.org\/10.1016\/j.comnet.2024.110372","journal-title":"Comput Netw"},{"key":"522_CR18","doi-asserted-by":"publisher","unstructured":"Hassn BM, Alomari ES, Alrubaye JS, Hassen OA (2025) Adversarially robust 1d-cnn for malicious traffic detection in network security applications. Journal of Cybersecurity & Information Management 16(1). https:\/\/doi.org\/10.54216\/JCIM.160113","DOI":"10.54216\/JCIM.160113"},{"issue":"2","key":"522_CR19","doi-asserted-by":"publisher","first-page":"1224","DOI":"10.1109\/TNSM.2022.3227500","volume":"20","author":"T-L Huoh","year":"2022","unstructured":"Huoh T-L, Luo Y, Li P, Zhang T (2022) Flow-based encrypted network traffic classification with graph neural networks. IEEE Trans Netw Serv Manage 20(2):1224\u20131237. https:\/\/doi.org\/10.1109\/TNSM.2022.3227500","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"522_CR20","unstructured":"IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB (2017). https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html Accessed 2025-06-12"},{"key":"522_CR21","unstructured":"IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB (2018). https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html Accessed 2025-06-12"},{"key":"522_CR22","doi-asserted-by":"publisher","unstructured":"Kara I, Hasgul E (2023) Crypto mining attacks on cyber security: Xmrig is a sophisticated crypto miner. In: Blockchain Applications in Cryptocurrency for Technological Evolution, pp. 94\u2013107. https:\/\/doi.org\/10.4018\/978-1-6684-6247-8.ch005","DOI":"10.4018\/978-1-6684-6247-8.ch005"},{"key":"522_CR23","doi-asserted-by":"publisher","unstructured":"Korczy\u0144ski M, Duda A (2014) Markov chain fingerprinting to classify encrypted traffic. In: IEEE INFOCOM 2014-IEEE Conference on Computer Communications, pp 781\u2013789. https:\/\/doi.org\/10.1109\/INFOCOM.2014.6848005","DOI":"10.1109\/INFOCOM.2014.6848005"},{"issue":"1","key":"522_CR24","doi-asserted-by":"publisher","first-page":"187","DOI":"10.1016\/j.csda.2004.05.008","volume":"49","author":"D Kundu","year":"2005","unstructured":"Kundu D, Raqab MZ (2005) Generalized Rayleigh distribution: different methods of estimations. Computa Stat Data Anal 49(1):187\u2013200. https:\/\/doi.org\/10.1016\/j.csda.2004.05.008","journal-title":"Computa Stat Data Anal"},{"key":"522_CR25","doi-asserted-by":"publisher","unstructured":"Langley A, Riddoch A, Wilk A, Vicente A, Krasic C, Zhang D, Yang F, Kouranov F, Swett I, Iyengar J, et al (2017) The quic transport protocol: Design and internet-scale deployment. In: Proceedings of the Conference of the ACM Special Interest Group on Data Communication, pp. 183\u2013196. https:\/\/doi.org\/10.1145\/3098822.3098842","DOI":"10.1145\/3098822.3098842"},{"key":"522_CR26","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.107974","volume":"190","author":"K Lin","year":"2021","unstructured":"Lin K, Xu X, Gao H (2021) Tscrnn: A novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of iiot. Comput Netw 190:107974. https:\/\/doi.org\/10.1016\/j.comnet.2021.107974","journal-title":"Comput Netw"},{"key":"522_CR27","doi-asserted-by":"publisher","unstructured":"Lin X, Xiong G, Gou G, Li Z, Shi J, Yu J (2022) Et-bert: A contextualized datagram representation with pre-training transformers for encrypted traffic classification. In: Proceedings of the ACM Web Conference 2022, pp 633\u2013642. https:\/\/doi.org\/10.1145\/3485447.3512217","DOI":"10.1145\/3485447.3512217"},{"key":"522_CR28","doi-asserted-by":"publisher","unstructured":"Liu C, He L, Xiong G, Cao Z, Li Z (2019) Fs-net: A flow sequence network for encrypted traffic classification. In: IEEE INFOCOM 2019-IEEE Conference On Computer Communications, pp. 1171\u20131179. https:\/\/doi.org\/10.1109\/INFOCOM.2019.8737507","DOI":"10.1109\/INFOCOM.2019.8737507"},{"key":"522_CR29","doi-asserted-by":"publisher","unstructured":"Lo WW, Layeghy S, Sarhan M, Gallagher M, Portmann M (2022) E-graphsage: A graph neural network based intrusion detection system for iot. In: NOMS 2022-2022 IEEE\/IFIP Network Operations and Management Symposium, pp 1\u20139. https:\/\/doi.org\/10.1109\/NOMS54207.2022.9789878","DOI":"10.1109\/NOMS54207.2022.9789878"},{"key":"522_CR30","doi-asserted-by":"publisher","unstructured":"Lotfollahi M, Jafari Siavoshani M, Shirali Hossein Zade R, Saberian M (2020) Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Computing 24(3):1999\u20132012. https:\/\/doi.org\/10.1007\/s00500-019-04030-2","DOI":"10.1007\/s00500-019-04030-2"},{"key":"522_CR31","unstructured":"Ma Y, Liu X, Shah N, Tang J (2022) Is homophily a necessity for graph neural networks? In: The Tenth International Conference on Learning Representations, ICLR 2022. https:\/\/openreview.net\/forum?id=ucASPPD9GKN"},{"issue":"1\u20133","key":"522_CR32","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1080\/19393555.2015.1125974","volume":"25","author":"N Moustafa","year":"2016","unstructured":"Moustafa N, Slay J (2016) The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J A Global Perspect 25(1\u20133):18\u201331. https:\/\/doi.org\/10.1080\/19393555.2015.1125974","journal-title":"Inf Secur J A Global Perspect"},{"key":"522_CR33","unstructured":"M\u00fcller R, Kornblith S, Hinton GE (2019) When does label smoothing help? In: Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, pp. 4696\u20134705. https:\/\/proceedings.neurips.cc\/paper\/2019\/hash\/f1748d6b0fd9d439f71450117eba2725-Abstract.html"},{"key":"522_CR34","unstructured":"N-BaIoT Dataset to Detect IoT Botnet Attacks (2018). https:\/\/www.kaggle.com\/datasets\/mkashifn\/nbaiot-dataset Accessed 2025-06-12"},{"key":"522_CR35","doi-asserted-by":"publisher","unstructured":"Pan Q, Yu Y, Yan H, Wang M, Qi B (2023) Flowbert: An encrypted traffic classification model based on transformers using flow sequence. In: 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 133\u2013140. https:\/\/doi.org\/10.1109\/TrustCom60117.2023.00039","DOI":"10.1109\/TrustCom60117.2023.00039"},{"key":"522_CR36","doi-asserted-by":"publisher","DOI":"10.1016\/j.jiixd.2024.09.001","author":"T Sasi","year":"2024","unstructured":"Sasi T, Lashkari AH, Lu R, Xiong P, Iqbal S (2024) An efficient self attention-based 1d-cnn-lstm network for iot attack detection and identification using network traffic. J Inf Intell. https:\/\/doi.org\/10.1016\/j.jiixd.2024.09.001","journal-title":"J Inf Intell"},{"key":"522_CR37","doi-asserted-by":"publisher","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","volume":"16","author":"M Shen","year":"2020","unstructured":"Shen M, Liu Y, Zhu L, Du X, Hu J (2020) Fine-grained webpage fingerprinting using only packet length information of encrypted traffic. IEEE Trans Inf Forensics Secur 16:2046\u20132059. https:\/\/doi.org\/10.1109\/TIFS.2020.3046876","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"522_CR38","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.1109\/TIFS.2021.3050608","volume":"16","author":"M Shen","year":"2021","unstructured":"Shen M, Zhang J, Zhu L, Xu K, Du X (2021) Accurate decentralized application identification via encrypted traffic analysis using graph neural networks. IEEE Trans Inf Forensics Secur 16:2367\u20132380. https:\/\/doi.org\/10.1109\/TIFS.2021.3050608","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"522_CR39","doi-asserted-by":"publisher","unstructured":"Shen M, Ji K, Gao Z, Li Q, Zhu L, Xu K (2023) Subverting website fingerprinting defenses with robust traffic representation. In: 32nd USENIX Security Symposium (USENIX Security 23), pp. 607\u2013624. https:\/\/doi.org\/10.5555\/3620237.3620272","DOI":"10.5555\/3620237.3620272"},{"key":"522_CR40","unstructured":"Stratosphere Laboratory Datasets (2015). Stratosphere Laboratory Datasets Overview. https:\/\/www.stratosphereips.org\/datasets-overview"},{"key":"522_CR41","doi-asserted-by":"publisher","unstructured":"Tegeler F, Fu X, Vigna G, Kruegel C (2012) Botfinder: Finding bots in network traffic without deep packet inspection. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, pp. 349\u2013360. https:\/\/doi.org\/10.1145\/2413176.2413217","DOI":"10.1145\/2413176.2413217"},{"key":"522_CR42","unstructured":"The Bot-IoT Dataset | UNSW Research (2018). https:\/\/research.unsw.edu.au\/projects\/bot-iot-dataset Accessed 2025-06-12"},{"key":"522_CR43","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102542","volume":"113","author":"Z Wang","year":"2022","unstructured":"Wang Z, Fok KW, Thing VL (2022) Machine learning for encrypted malicious traffic detection: Approaches, datasets and comparative study. Comput Secur 113:102542. https:\/\/doi.org\/10.1016\/j.cose.2021.102542","journal-title":"Comput Secur"},{"key":"522_CR44","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103466","volume":"135","author":"L Wang","year":"2023","unstructured":"Wang L, Ma X, Li N, Lv Q, Wang Y, Huang W, Chen H (2023) Tgprint: Attack fingerprint classification on encrypted network traffic based graph convolution attention networks. Comput Secur 135:103466. https:\/\/doi.org\/10.1016\/j.cose.2023.103466","journal-title":"Comput Secur"},{"issue":"4","key":"522_CR45","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3764113","volume":"58","author":"S Wang","year":"2025","unstructured":"Wang S, Zhu T, Liu B, Ding M, Ye D, Zhou W, Yu P (2025) Unique security and privacy threats of large language models: A comprehensive survey. ACM Comput Surv 58(4):1\u201336. https:\/\/doi.org\/10.1145\/3764113","journal-title":"ACM Comput Surv"},{"key":"522_CR46","unstructured":"Wang T, Goldberg I (2017) Walkie-talkie: An efficient defense against passive website fingerprinting attacks. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1375\u20131390. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/wang-tao Accessed 2025-04-24"},{"key":"522_CR47","unstructured":"What Is the F5 SSL Orchestrator? (2024). https:\/\/clouddocs.f5.com\/training\/community\/sslviz\/html\/archive3\/introduction.html Accessed 2024-05-13"},{"issue":"1","key":"522_CR48","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1109\/TNNLS.2020.2978386","volume":"32","author":"Z Wu","year":"2020","unstructured":"Wu Z, Pan S, Chen F, Long G, Zhang C, Philip SY (2020) A comprehensive survey on graph neural networks. IEEE Trans Neural Netw Learning Syst 32(1):4\u201324. https:\/\/doi.org\/10.1109\/TNNLS.2020.2978386","journal-title":"IEEE Trans Neural Netw Learning Syst"},{"key":"522_CR49","doi-asserted-by":"publisher","unstructured":"Xie R, Wang Y, Cao J, Dong E, Xu M, Sun K, Li Q, Shen L, Zhang M (2023) Rosetta: Enabling robust tls encrypted traffic classification in diverse network environments with tcp-aware traffic augmentation. In: Proceedings of the ACM Turing Award Celebration Conference-China 2023, pp. 131\u2013132. https:\/\/doi.org\/10.1145\/3603165.3607437","DOI":"10.1145\/3603165.3607437"},{"key":"522_CR50","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2024.110495","volume":"248","author":"R Xu","year":"2024","unstructured":"Xu R, Wu G, Wang W, Gao X, He A, Zhang Z (2024) Applying self-supervised learning to network intrusion detection for network flows with graph neural network. Comput Netw 248:110495. https:\/\/doi.org\/10.1016\/j.comnet.2024.110495","journal-title":"Comput Netw"},{"key":"522_CR51","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.107568","volume":"128","author":"L Xue","year":"2024","unstructured":"Xue L, Zhu T (2024) Hybrid resampling and weighted majority voting for multi-class anomaly detection on imbalanced malware and network traffic data. Eng Appl Artif Intell 128:107568. https:\/\/doi.org\/10.1016\/j.engappai.2023.107568","journal-title":"Eng Appl Artif Intell"},{"key":"522_CR52","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2023.103827","volume":"89","author":"M Yang","year":"2024","unstructured":"Yang M, Guo T, Zhu T, Tjuawinata I, Zhao J, Lam K-Y (2024) Local differential privacy and its applications: a comprehensive survey. Comput Standards Interfaces 89:103827. https:\/\/doi.org\/10.1016\/j.csi.2023.103827","journal-title":"Comput Standards Interfaces"},{"key":"522_CR53","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2024.3383851","author":"J Yang","year":"2024","unstructured":"Yang J, Jiang X, Lei Y, Liang W, Ma Z, Li S (2024) Mtsecurity: Privacy-preserving malicious traffic classification using graph neural network and transformer. IEEE Trans Netw Serv Manage. https:\/\/doi.org\/10.1109\/TNSM.2024.3383851","journal-title":"IEEE Trans Netw Serv Manage"},{"key":"522_CR54","doi-asserted-by":"publisher","unstructured":"Zhang W, Meng Y, Liu Y, Zhang X, Zhang Y, Zhu H (2018) Homonit: Monitoring smart home apps from encrypted traffic. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp 1074\u20131088. https:\/\/doi.org\/10.1145\/3243734.3243820","DOI":"10.1145\/3243734.3243820"},{"key":"522_CR55","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1016\/j.ins.2020.03.113","volume":"537","author":"J Zhao","year":"2020","unstructured":"Zhao J, Liu X, Yan Q, Li B, Shao M, Peng H (2020) Multi-attributed heterogeneous graph convolutional network for bot detection. Inf Sci 537:380\u2013393. https:\/\/doi.org\/10.1016\/j.ins.2020.03.113","journal-title":"Inf Sci"},{"key":"522_CR56","doi-asserted-by":"publisher","unstructured":"Zhao R, Deng X, Yan Z, Ma J, Xue Z, Wang Y (2022) Mt-flowformer: A semi-supervised flow transformer for encrypted traffic classification. In: Proceedings of the 28th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, pp 2576\u20132584. https:\/\/doi.org\/10.1145\/3534678.3539314","DOI":"10.1145\/3534678.3539314"},{"key":"522_CR57","unstructured":"Zhou J, Xu Z, Rush AM, Yu M (2020) Automating Botnet Detection with Graph Neural Networks. arXiv"},{"key":"522_CR58","unstructured":"Zhu J, Yan Y, Zhao L, Heimann M, Akoglu L, Koutra D (2020) Beyond homophily in graph neural networks: Current limitations and effective designs. In: Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, pp. 7793\u20137804. https:\/\/proceedings.neurips.cc\/paper\/2020\/hash\/58ae23d878a47004366189884c2f8440-Abstract.html Accessed 2025-04-17"},{"key":"522_CR59","doi-asserted-by":"publisher","unstructured":"Zhu X, Zhang Y, Zhang Z, Guo D, Li Q, Li Z (2022) Interpretability evaluation of botnet detection model based on graph neural network. In: IEEE INFOCOM 2022-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 1\u20136. https:\/\/doi.org\/10.1109\/INFOCOMWKSHPS54753.2022.9798287","DOI":"10.1109\/INFOCOMWKSHPS54753.2022.9798287"},{"key":"522_CR60","unstructured":"Zscaler ThreatLabz 2023 State of Encrypted Attacks Report (2023). https:\/\/www.zscaler.com\/resources\/industry-reports\/threatlabz-2023-state-of-encrypted-attacks-report.pdf"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00522-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00522-x","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00522-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,26]],"date-time":"2026-01-26T03:55:49Z","timestamp":1769399749000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00522-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,1,26]]},"references-count":60,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["522"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00522-x","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,1,26]]},"assertion":[{"value":"5 September 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 November 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 January 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"None of the authors have any Conflict of interest in the manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}],"article-number":"112"}}