{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T16:03:39Z","timestamp":1772813019290,"version":"3.50.1"},"reference-count":0,"publisher":"IOS Press","isbn-type":[{"value":"9781643686547","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,3,4]],"date-time":"2026-03-04T00:00:00Z","timestamp":1772582400000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026,3,4]]},"abstract":"<jats:p>With most Internet traffic now encrypted, malware can exploit encryption to evade detection, making real-time identification of malicious flows a critical challenge. This paper presents TFFlow, a lightweight framework that integrates time-domain and frequency-domain features for early detection. TFFlow extracts features from only the first few packets of each flow: frequency-domain features are derived via discrete Fourier transform with log compression, while time-domain features capture packet arrival intervals, sizes, and payload \u03c72 statistics. The concatenated features form a unified representation, classified by a compact MLP for low-latency flow-level detection. Experiments on four real-world datasets demonstrate that TFFlow achieves state-of-the-art accuracy using significantly fewer packets, highlighting its effectiveness and practicality for real-time encrypted malicious traffic detection.<\/jats:p>","DOI":"10.3233\/faia260005","type":"book-chapter","created":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T10:20:18Z","timestamp":1772792418000},"source":"Crossref","is-referenced-by-count":0,"title":["TFFlow: Lightweight Detection of Encrypted Malicious Traffic via Time\u2013Frequency Features"],"prefix":"10.3233","author":[{"given":"Xucheng","family":"Luo","sequence":"first","affiliation":[{"name":"University of Electronic Science and Technology of China, Chengdu 610054, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiarui","family":"Li","sequence":"additional","affiliation":[{"name":"University of Electronic Science and Technology of China, Chengdu 610054, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haoran","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Southern California, Los Angeles 90089, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Li","family":"Ye","sequence":"additional","affiliation":[{"name":"Southwest China Institute of Electronic Technology, Chengdu 610036, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"7437","container-title":["Frontiers in Artificial Intelligence and Applications","Machine Learning and Artificial Intelligence"],"original-title":[],"link":[{"URL":"https:\/\/ebooks.iospress.nl\/pdf\/doi\/10.3233\/FAIA260005","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T10:20:18Z","timestamp":1772792418000},"score":1,"resource":{"primary":{"URL":"https:\/\/ebooks.iospress.nl\/doi\/10.3233\/FAIA260005"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,4]]},"ISBN":["9781643686547"],"references-count":0,"URL":"https:\/\/doi.org\/10.3233\/faia260005","relation":{},"ISSN":["0922-6389","1879-8314"],"issn-type":[{"value":"0922-6389","type":"print"},{"value":"1879-8314","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,4]]}}}