{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,12]],"date-time":"2026-05-12T16:52:01Z","timestamp":1778604721294,"version":"3.51.4"},"reference-count":32,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T00:00:00Z","timestamp":1753660800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Artif. Intell."],"abstract":"<jats:p>Traffic classification is vital for cybersecurity, yet encrypted traffic poses significant challenges. We introduce P<jats:sc>ACKET<\/jats:sc>CLIP which is a multi-modal framework combining packet data with natural language semantics through contrastive pre-training and hierarchical Graph Neural Network (GNN) reasoning. P<jats:sc>ACKET<\/jats:sc>CLIP integrates semantic reasoning with efficient classification, enabling robust detection of anomalies in encrypted network flows. By aligning textual descriptions with packet behaviors, P<jats:sc>ACKET<\/jats:sc>CLIP offers enhanced interpretability, scalability, and practical applicability across diverse security scenarios. With a 95% mean AUC, an 11.6% improvement over baselines, and a 92% reduction in intrusion detection training parameters, it is ideally suited for real-time anomaly detection. By bridging advanced machine-learning techniques and practical cybersecurity needs, P<jats:sc>ACKET<\/jats:sc>CLIP provides a foundation for scalable, efficient, and interpretable solutions to tackle encrypted traffic classification and network intrusion detection challenges in resource-constrained environments.<\/jats:p>","DOI":"10.3389\/frai.2025.1593944","type":"journal-article","created":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T05:30:21Z","timestamp":1753680621000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["PACKETCLIP: multi-modal embedding of network traffic and language for cybersecurity reasoning"],"prefix":"10.3389","volume":"8","author":[{"given":"Ryozo","family":"Masukawa","sequence":"first","affiliation":[]},{"given":"Sanggeon","family":"Yun","sequence":"additional","affiliation":[]},{"given":"Sungheon","family":"Jeong","sequence":"additional","affiliation":[]},{"given":"Wenjun","family":"Huang","sequence":"additional","affiliation":[]},{"given":"Yang","family":"Ni","sequence":"additional","affiliation":[]},{"given":"Ian","family":"Bryant","sequence":"additional","affiliation":[]},{"given":"Nathaniel D.","family":"Bastian","sequence":"additional","affiliation":[]},{"given":"Mohsen","family":"Imani","sequence":"additional","affiliation":[]}],"member":"1965","published-online":{"date-parts":[[2025,7,28]]},"reference":[{"key":"B1","article-title":"Gpt-4 technical report","author":"Achiam","year":"2023","journal-title":"arXiv preprint arXiv:2303.08774"},{"key":"B2","doi-asserted-by":"publisher","first-page":"1028","DOI":"10.1007\/s42979-024-03369-0","article-title":"Intrusion detection: a comparison study of machine learning models using unbalanced dataset","volume":"5","author":"Ajagbe","year":"2024","journal-title":"SN Comput. Sci"},{"key":"B3","doi-asserted-by":"publisher","DOI":"10.1145\/3566097.3568345","article-title":"\u201cGraph neural networks: a powerful and versatile tool for advancing design, reliability, and security of ICS,\u201d","author":"Alrahis","year":"2023","journal-title":"Proceedings of the 28th Asia and South Pacific Design Automation Conference"},{"key":"B4","doi-asserted-by":"publisher","DOI":"10.21227\/qacj-3x32","author":"Bastian","year":"2023","journal-title":"ACI IoT Network Traffic Dataset 2023"},{"key":"B5","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/s43926-023-00034-5","article-title":"Anomaly-based intrusion detection system for iot application","volume":"3","author":"Bhavsar","year":"2023","journal-title":"Discover Internet Things"},{"key":"B6","first-page":"1597","article-title":"\u201cA simple framework for contrastive learning of visual representations,\u201d","volume-title":"International Conference on Machine Learning","author":"Chen","year":"2020"},{"key":"B7","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/PST55820.2022.9851966","article-title":"\u201cTowards the development of a realistic multidimensional IoT profiling dataset,\u201d","volume-title":"2022 19th Annual International Conference on Privacy, Security &Trust (PST)","author":"Dadkhah","year":"2022"},{"key":"B8","article-title":"Bert: Pre-training of deep bidirectional transformers for language understanding","author":"Devlin","year":"2018","journal-title":"arXiv preprint arXiv:1810.04805"},{"key":"B9","doi-asserted-by":"publisher","DOI":"10.5220\/0005740704070414","article-title":"\u201cCharacterization of encrypted and vpn traffic using time-related features,\u201d","author":"Draper-Gil","year":"2016","journal-title":"Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP)"},{"key":"B10","doi-asserted-by":"publisher","first-page":"103982","DOI":"10.1016\/j.cose.2024.103982","article-title":"Ais-nids: an intelligent and self-sustaining network intrusion detection system","volume":"144","author":"Farrukh","year":"2024","journal-title":"Comput. Secur"},{"key":"B11","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1016\/S1364-6613(99)01294-2","article-title":"Catastrophic forgetting in connectionist networks","volume":"3","author":"French","year":"1999","journal-title":"Trends Cogn. Sci"},{"key":"B12","article-title":"Understanding and improving the role of projection head in self-supervised learning","author":"Gupta","year":"2022","journal-title":"arXiv preprint arXiv:2212.11491"},{"key":"B13","first-page":"1187","article-title":"\u201ck-fingerprinting: a robust scalable website fingerprinting technique,\u201d","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Hayes","year":"2016"},{"key":"B14","doi-asserted-by":"publisher","first-page":"1224","DOI":"10.1109\/TNSM.2022.3227500","article-title":"Flow-based encrypted network traffic classification with graph neural networks","volume":"20","author":"Huoh","year":"2022","journal-title":"IEEE Trans. Netw. Serv. Manag"},{"key":"B15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ICACS60934.2024.10473289","article-title":"\u201cParameter efficient diverse paraphrase generation using sequence-level knowledge distillation,\u201d","volume-title":"2024 5th International Conference on Advancements in Computational Sciences (ICACS)","author":"Jayawardena","year":"2024"},{"key":"B16","article-title":"Adam: a method for stochastic optimization","author":"Kingma","year":"2014","journal-title":"arXiv preprint arXiv:1412.6980"},{"key":"B17","doi-asserted-by":"publisher","DOI":"10.1145\/3485447.3512217","article-title":"\u201cEt-bert: a contextualized datagram representation with pre-training transformers for encrypted traffic classification,\u201d","author":"Lin","year":"2022","journal-title":"Proceedings of the ACM Web Conference 2022"},{"key":"B18","article-title":"Roberta: a robustly optimized bert pretraining approach","author":"Liu","year":"2019","journal-title":"arXiv preprint arXiv:1907.11692"},{"key":"B19","doi-asserted-by":"publisher","DOI":"10.1145\/3649329.3657330","article-title":"\u201cTraffichd: efficient hyperdimensional computing for real-time network traffic analytics,\u201d","author":"Lu","year":"2024","journal-title":"Proceedings of the 61st ACM\/IEEE Design Automation Conference"},{"key":"B20","doi-asserted-by":"publisher","DOI":"10.1145\/3649329.3656255","article-title":"\u201cNSPG: natural language processing-based security property generator for hardware security assurance,\u201d","author":"Meng","year":"2024","journal-title":"Proceedings of the 61st ACM\/IEEE Design Automation Conference"},{"key":"B21","article-title":"\u201cThe $CoralReef$ software suite as a tool for system and network administrators,\u201d","author":"Moore","year":"2001","journal-title":"15th Systems Administration Conference (LISA 2001)"},{"key":"B22","doi-asserted-by":"publisher","first-page":"5941","DOI":"10.3390\/s23135941","article-title":"Ciciot2023: a real-time dataset and benchmark for large-scale attacks in IoT environment","volume":"23","author":"Neto","year":"2023","journal-title":"Sensors"},{"key":"B23","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23477","article-title":"\u201cWebsite fingerprinting at internet scale,\u201d","author":"Panchenko","year":"2016","journal-title":"NDSS."},{"key":"B24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3457904","article-title":"A survey on encrypted network traffic analysis applications, techniques, and countermeasures","volume":"54","author":"Papadogiannaki","year":"2021","journal-title":"ACM Comput. Surv"},{"key":"B25","first-page":"8748","article-title":"\u201cLearning transferable visual models from natural language supervision,\u201d","volume-title":"International Conference on Machine Learning","author":"Radford","year":"2021"},{"key":"B26","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.40","article-title":"\u201cAppscanner: automatic fingerprinting of smartphone apps from encrypted network traffic,\u201d","author":"Taylor","year":"2016","journal-title":"2016 IEEE European Symposium on Security and Privacy (EuroS&P)"},{"key":"B27","article-title":"Llama: Open and efficient foundation language models","author":"Touvron","year":"2023","journal-title":"arXiv preprint arXiv:2302.13971"},{"key":"B28","doi-asserted-by":"crossref","first-page":"4736","DOI":"10.1109\/WACV61041.2025.00464","article-title":"\u201cMissiongnn: hierarchical multimodal GNN-based weakly supervised video anomaly recognition with mission-specific knowledge graph generation,\u201d","volume-title":"2025 IEEE\/CVF Winter Conference on Applications of Computer Vision (WACV)","author":"Yun","year":"2025"},{"key":"B29","doi-asserted-by":"publisher","first-page":"109084","DOI":"10.1016\/j.comnet.2022.109084","article-title":"Grain: granular multi-label encrypted traffic classification using classifier chain","volume":"213","author":"Zaki","year":"2022","journal-title":"Comput. Netw"},{"key":"B30","article-title":"One train for two tasks: An encrypted traffic classification framework using supervised contrastive learning","author":"Zhang","year":"2024","journal-title":"arXiv preprint arXiv:2402.07501"},{"key":"B31","doi-asserted-by":"publisher","DOI":"10.1145\/3543507.3583227","article-title":"\u201cTFE-GNN: a temporal fusion encoder using graph neural networks for fine-grained encrypted traffic classification,\u201d","author":"Zhang","year":"2023","journal-title":"Proceedings of the ACM Web Conference 2023"},{"key":"B32","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v37i4.25674","article-title":"\u201cYet another traffic classifier: a masked autoencoder based traffic transformer with multi-level flow representation,\u201d","author":"Zhao","year":"2023","journal-title":"Proceedings of the AAAI Conference on Artificial Intelligence"}],"container-title":["Frontiers in Artificial Intelligence"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/frai.2025.1593944\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T05:30:24Z","timestamp":1753680624000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/frai.2025.1593944\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,28]]},"references-count":32,"alternative-id":["10.3389\/frai.2025.1593944"],"URL":"https:\/\/doi.org\/10.3389\/frai.2025.1593944","relation":{},"ISSN":["2624-8212"],"issn-type":[{"value":"2624-8212","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,7,28]]},"article-number":"1593944"}}