{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T14:39:30Z","timestamp":1754145570892,"version":"3.41.2"},"reference-count":25,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T00:00:00Z","timestamp":1752710400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Comput. Sci."],"abstract":"As the proportion of encrypted traffic increases, it becomes increasingly challenging for network attacks to be discovered. Although existing methods combine unencrypted statistical features, e.g., average packet length, with machine learning algorithms to achieve encrypted malicious traffic detection, it is difficult to escape the influence of artificially forged noise, e.g., adding dummy packets. In this study, we propose a novel encrypted malicious traffic detection method named RobustDetector (RD) for obfuscated malicious traffic detection. The core of the proposed method is to use the dropout mechanism to simulate the process of original features being disturbed. By introducing noise during the training phase, the robustness of the model is improved. To validate the effectiveness of RobustDetector, we conducted extensive experiments using public datasets. Our results demonstrate that RobustDetector achieves an average F1-score of 90.63% even when random noise is introduced to the original traffic with a probability of 50%. This performance underscores the potential of our proposed method in addressing the challenges of obfuscated malicious traffic detection.<\/jats:p>","DOI":"10.3389\/fcomp.2025.1518128","type":"journal-article","created":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T05:25:54Z","timestamp":1752729954000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Obfuscated malicious traffic detection based on data enhancement"],"prefix":"10.3389","volume":"7","author":[{"given":"Ke","family":"Ye","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tao","family":"Zeng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yubing","family":"Duan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun","family":"Han","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guoxin","family":"Zhong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhi","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yulong","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1965","published-online":{"date-parts":[[2025,7,17]]},"reference":[{"key":"B1","doi-asserted-by":"publisher","first-page":"102985","DOI":"10.1016\/j.jnca.2021.102985","article-title":"Distiller: encrypted traffic classification via multimodal multitask deep learning","volume":"183","author":"Aceto","year":"2021","journal-title":"J. Netw. Comput. Appl"},{"key":"B2","doi-asserted-by":"publisher","first-page":"3457","DOI":"10.1007\/s12652-020-01848-9","article-title":"Deep learning-based classification model for botnet attack detection","volume":"13","author":"Ahmed","year":"2022","journal-title":"J. Ambient Intell. Humaniz. Comput"},{"key":"B3","doi-asserted-by":"publisher","first-page":"1723","DOI":"10.1145\/3097983.3098163","article-title":"\u201cMachine learning for encrypted malware traffic classification: accounting for noisy labels and non-stationarity,\u201d","author":"Anderson","year":"2017"},{"key":"B4","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1109\/NGMAST.2014.57","article-title":"\u201cMalware detection using network traffic analysis in android based mobile devices,\u201d","author":"Arora","year":"2014"},{"key":"B5","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1109\/CCNC49033.2022.9700625","article-title":"\u201cMaldist: from encrypted traffic classification to malware traffic detection and classification,\u201d","author":"Bader","year":"2022"},{"key":"B6","doi-asserted-by":"publisher","first-page":"346","DOI":"10.1016\/j.ins.2017.04.044","article-title":"Machine learning based mobile malware detection using highly imbalanced network traffic","volume":"433","author":"Chen","year":"2018","journal-title":"Inf. Sci"},{"key":"B7","doi-asserted-by":"publisher","first-page":"1987","DOI":"10.1002\/spe.3112","article-title":"Android malware detection using network traffic based on sequential deep learning models","volume":"52","author":"Fallah","year":"2022","journal-title":"Softw. Pract. Exp"},{"key":"B8","doi-asserted-by":"publisher","first-page":"495","DOI":"10.1145\/3545948.3545983","article-title":"\u201cEncrypted malware traffic detection via graph-based network analysis,\u201d","author":"Fu","year":"2022"},{"key":"B9","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1109\/DSC55868.2022.00034","article-title":"\u201cLight-weight unsupervised anomaly detection for encrypted malware traffic,\u201d","author":"Han","year":"2022"},{"key":"B10","doi-asserted-by":"publisher","DOI":"10.48850\/arXiv.1207.0580","article-title":"Improving neural networks by preventing co-adaptation of feature detectors","author":"Hinton","year":"2012","journal-title":"arXiv"},{"key":"B11","doi-asserted-by":"publisher","first-page":"733","DOI":"10.3390\/sym16060733","article-title":"Enhanced encrypted traffic analysis leveraging graph neural networks and optimized feature dimensionality reduction","volume":"16","author":"Jung","year":"2024","journal-title":"Symmetry"},{"key":"B12","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1109\/PST.2017.00035","article-title":"\u201cTowards a network-based framework for android malware detection and characterization,\u201d","author":"Lashkari","year":"2017"},{"key":"B13","doi-asserted-by":"publisher","first-page":"1158","DOI":"10.1109\/WCNC51071.2022.9771726","article-title":"\u201cEffectiveness evaluation of evasion attack on encrypted malicious traffic detection,\u201d","author":"Liu","year":"2022"},{"key":"B14","doi-asserted-by":"publisher","first-page":"2196","DOI":"10.3390\/app8112196","article-title":"Analysis of lightweight feature vectors for attack detection in network traffic. Appl","volume":"8","author":"Meghdouri","year":"2018","journal-title":"Sci"},{"key":"B15","doi-asserted-by":"publisher","first-page":"0322","DOI":"10.1109\/UEMCON47517.2019.8992934","article-title":"\u201cNetwork traffic-based hybrid malware detection for smartphone and traditional networked systems,\u201d","author":"Rahmat","year":"2019"},{"key":"B16","doi-asserted-by":"publisher","first-page":"108","DOI":"10.5220\/0006639801080116","article-title":"\u201cToward generating a new intrusion detection dataset and intrusion traffic characterization,\u201d","author":"Sharafaldin","year":"2018"},{"key":"B17","doi-asserted-by":"publisher","first-page":"791","DOI":"10.1109\/COMST.2022.3208196","article-title":"Machine learning-powered encrypted network traffic analysis: a comprehensive survey","volume":"25","author":"Shen","year":"2022","journal-title":"IEEE Commun. Surv. Tutor"},{"key":"B18","doi-asserted-by":"publisher","DOI":"10.1145\/3696410.3714742","article-title":"\u201cHelios: learning and adaptation of matching rules for continual in-network malicious traffic detection,\u201d","author":"Shi","year":"2025"},{"key":"B19","doi-asserted-by":"publisher","first-page":"101604","DOI":"10.1016\/j.cose.2019.101604","article-title":"Am I eclipsed? A smart detector of eclipse attacks for Ethereum","volume":"88","author":"Xu","year":"2020","journal-title":"Comput. Secur"},{"key":"B20","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2022\/4748528","article-title":"An enhanced intrusion detection system for iot networks based on deep learning and knowledge graph","volume":"2022","author":"Yang","year":"2022","journal-title":"Secur. Commun. Netw"},{"key":"B21","doi-asserted-by":"publisher","first-page":"45182","DOI":"10.1109\/ACCESS.2019.2908225","article-title":"deep\u2212full\u2212range: a deep learning based network encrypted traffic classification and intrusion detection framework","volume":"7","author":"Zeng","year":"2019","journal-title":"IEEE Access"},{"key":"B22","doi-asserted-by":"publisher","first-page":"1074","DOI":"10.1145\/3243734.3243820","article-title":"\u201cHomonit: Monitoring smart home apps from encrypted traffic,\u201d","author":"Zhang","year":"2018"},{"key":"B23","doi-asserted-by":"publisher","first-page":"3945","DOI":"10.1109\/TNET.2024.3413789","article-title":"Foss: towards fine-grained unknown class detection against the open-set attack spectrum with variable legitimate traffic","volume":"32","author":"Zhao","year":"2024","journal-title":"IEEE\/ACM Trans. Netw"},{"key":"B24","doi-asserted-by":"publisher","DOI":"10.1109\/SP61157.2025.00102","article-title":"\u201cTrafficformer: an efficient pre-trained model for traffic data,\u201d","author":"Zhou","year":"2025"},{"key":"B25","unstructured":"Zscaler ThreatLabz 2023 State of Encrypted Attacks Report\n \n 2024"}],"container-title":["Frontiers in Computer Science"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2025.1518128\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,17]],"date-time":"2025-07-17T05:25:56Z","timestamp":1752729956000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2025.1518128\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,17]]},"references-count":25,"alternative-id":["10.3389\/fcomp.2025.1518128"],"URL":"https:\/\/doi.org\/10.3389\/fcomp.2025.1518128","relation":{},"ISSN":["2624-9898"],"issn-type":[{"value":"2624-9898","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,17]]},"article-number":"1518128"}}