{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:32:28Z","timestamp":1760059948607,"version":"build-2065373602"},"reference-count":59,"publisher":"MDPI AG","issue":"8","license":[{"start":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T00:00:00Z","timestamp":1753228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Basic Research Program of Yunnan Provincial Science and Technology Department, China","award":["202501AS070131"],"award-info":[{"award-number":["202501AS070131"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The rising frequency of network intrusions has significantly impacted critical infrastructures, leading to an increased focus on the detection of malicious network traffic in recent years. However, traditional port-based and classical machine learning-based malicious network traffic detection methods suffer from a dependence on expert experience and limited generalizability. In this paper, we propose a malicious traffic detection method based on an efficient federated learning framework of Bidirectional Encoder Representations from Transformers (BERT), called MT-FBERT. It offers two major advantages over most existing approaches. First, MT-FBERT pretrains BERT using two pre-training tasks along with an overall pre-training loss on large-scale unlabeled network traffic, allowing the model to automatically learn generalized traffic representations, which do not require human experience to extract the behavior features or label the malicious samples. Second, MT-FBERT finetunes BERT for malicious network traffic detection through an efficient federated learning framework, which both protects the data privacy of critical infrastructures and reduces resource consumption by dynamically identifying and updating only the most significant neurons in the global model. Evaluation experiments on public datasets demonstrated that MT-FBERT outperforms state-of-the-art baselines in malicious network traffic detection.<\/jats:p>","DOI":"10.3390\/fi17080323","type":"journal-article","created":{"date-parts":[[2025,7,23]],"date-time":"2025-07-23T08:02:06Z","timestamp":1753257726000},"page":"323","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["MT-FBERT: Malicious Traffic Detection Based on Efficient Federated Learning of BERT"],"prefix":"10.3390","volume":"17","author":[{"given":"Jian","family":"Tang","sequence":"first","affiliation":[{"name":"China International Water & Electric Corp., Beijing 101116, China"}]},{"given":"Zhao","family":"Huang","sequence":"additional","affiliation":[{"name":"China International Water & Electric Corp., Beijing 101116, China"}]},{"given":"Chunqiang","family":"Li","sequence":"additional","affiliation":[{"name":"Computer School, Beijing Information Science & Technology University, Beijing 100101, China"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,23]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Varghese, S.A., Ghadim, A.D., Balador, A., Alimadadi, Z., and Papadimitratos, P. (2022, January 21\u201325). Digital twin-based intrusion detection for industrial control systems. Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops and Other Affiliated Events (PerCom Workshops), Pisa, Italy.","DOI":"10.1109\/PerComWorkshops53856.2022.9767492"},{"key":"ref_2","unstructured":"Falliere, N., Murchu, L.O., and Chien, E. (2011). W32. Stuxnet Dossier, Symantec Corp., Security Response."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.comcom.2020.03.007","article-title":"Industrial control systems: Cyberattack trends and countermeasures","volume":"155","author":"Alladi","year":"2020","journal-title":"Comput. Commun."},{"key":"ref_4","first-page":"1","article-title":"Triton: The first ICS cyber attack on safety instrument systems","volume":"2018","author":"Pinto","year":"2018","journal-title":"Proc. Black Hat USA"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Akbarian, F., Fitzgerald, E., and Kihl, M. (2020, January 17\u201319). Intrusion detection in digital twins for industrial control systems. Proceedings of the International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia.","DOI":"10.23919\/SoftCOM50211.2020.9238162"},{"key":"ref_6","unstructured":"Abrams, M., and Weiss, J. (2008). Malicious Control System Cyber Security Attack Case Study\u2014MaroochyWater Services, Australia, The MITRE Corporation."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Aoudi, W., Iturbe, M., and Almgren, M. (2018, January 15\u201319). Truth will out: Departure-based process-level detection of stealthy attacks on control systems. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243781"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1109\/MC.2011.115","article-title":"Lessons from Stuxnet","volume":"44","author":"Chen","year":"2011","journal-title":"Computer"},{"key":"ref_9","unstructured":"Nelson, N. (2016). The Impact of Dragonfly Malware on Industrial Control Systems, SANS Institute."},{"key":"ref_10","unstructured":"Spenneberg, R., Br\u00fcggemann, M., and Schwartke, H. (April, January 29). PLC-Blaster: A Worm Living Solely in the PLC. Proceedings of the Black Hat Asia, Singapore."},{"key":"ref_11","unstructured":"Govil, N., Agrawal, A., and Tippenhauer, N. (2017). On Ladder Logic Bombs in Industrial Control Systems. Computer Security, Proceedings of the ESORICS 2017 International Workshops, CyberICPS 2017 and SECPRE 2017, Oslo, Norway, 14\u201315 September 2017, Springer."},{"key":"ref_12","unstructured":"Abbasi, A., and Hashemi, M. (2016, January 3\u20134). Ghost in the PLC Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack. Proceedings of the Black Hat Europe, London, UK."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Had\u017eiosmanovi\u0107, D., Sommer, R., Zambon, E., and Hartel, P. (2014, January 8\u201312). Through the Eye of the PLC: Semantic Security Monitoring for Industrial Processes. Proceedings of the Annual Computer Security Applications Conference, New Orleans, LA, USA.","DOI":"10.1145\/2664243.2664277"},{"key":"ref_14","unstructured":"Venezuelanalysis (2025, June 21). Venezuela Hit by Electrical Blackout, Authorities Denounce Attack. Available online: https:\/\/venezuelanalysis.com\/news\/breaking-venezuela-hit-by-electrical-blackout-authorities-denounce-attack\/."},{"key":"ref_15","unstructured":"Nadeau, M. (2025, June 21). Attackers Hijack Solar Panel Monitoring Devices in Japan. Available online: https:\/\/www.iotm2mcouncil.org\/iot-library\/news\/smart-energy-news\/attackers-hijack-solar-panel-monitoring-devices-in-japan."},{"key":"ref_16","unstructured":"Greig, J. (2025, June 21). German Wind Turbine Maker Shut Down After Cyberattack. Available online: https:\/\/therecord.media\/german-wind-turbine-maker-shut-down-after-cyberattack."},{"key":"ref_17","first-page":"20","article-title":"Security Governance of Cross-Border Data Flow Under the Holistic View of National Security","volume":"40","author":"Xu","year":"2023","journal-title":"Doc. Inf. Knowl."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"106061","DOI":"10.1016\/j.clsr.2024.106061","article-title":"Global data governance at a turning point? Rethinking China-US cross-border data flow regulatory models","volume":"55","author":"Xu","year":"2024","journal-title":"Comput. Law Secur. Rev."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"24","DOI":"10.1080\/10192557.2024.2417949","article-title":"RCEP Rules on Cross-Border Data Flows: Asian characteristics and implications for developing countries","volume":"33","author":"Zhai","year":"2025","journal-title":"Asia Pac. Law Rev."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"McPherson, J., Ma, K.L., Krystosk, P., Bartoletti, T., and Christensen, M. (2004, January 29). PortVis: A tool for port-based detection of security events. Proceedings of the ACM Workshop on Visualization and Data Mining for Computer Security, Washington, DC, USA.","DOI":"10.1145\/1029208.1029220"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Korczy\u0144ski, M., and Duda, A. (May, January 27). Markov chain fingerprinting to classify encrypted traffic. Proceedings of the IEEE INFOCOM 2014\u2014IEEE Conference on Computer Communications, Toronto, ON, Canada.","DOI":"10.1109\/INFOCOM.2014.6848005"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Ning, J., Poh, G.S., Loh, J.C.N., Chia, J., and Chang, E.C. (2019, January 11\u201315). PrivDPI: Privacy-preserving encrypted traffic inspection with reusable obfuscated rules. Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, London, UK.","DOI":"10.1145\/3319535.3354204"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Panchenko, A., Lanze, F., Pennekamp, J., Engel, T., Zinnen, A., Henze, M., and Wehrle, K. (2016, January 21\u201324). Website fingerprinting at internet scale. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2016.23477"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1016\/j.eswa.2019.01.064","article-title":"Feature analysis of encrypted malicious traffic","volume":"125","author":"Shekhawat","year":"2019","journal-title":"Expert Syst. Appl."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Cai, Z., Jiang, B., Lu, Z., Liu, J., and Ma, P. (2019, January 14\u201319). isAnon: Flow-based anonymity network traffic identification using extreme gradient boosting. Proceedings of the 2019 International Joint Conference on Neural Networks (IJCNN), Budapest, Hungary.","DOI":"10.1109\/IJCNN.2019.8851964"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Wang, W., Zhu, M., Wang, J., Zeng, X., and Yang, Z. (2017, January 22\u201324). End-to-end encrypted traffic classification with one-dimensional convolution neural networks. Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, China.","DOI":"10.1109\/ISI.2017.8004872"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Zhang, J., Li, F., Ye, F., and Wu, H. (2020, January 6\u20139). Autonomous unknown-application filtering and labeling for DL-based traffic classifier update. Proceedings of the IEEE INFOCOM 2020\u2014IEEE Conference on Computer Communications, Toronto, ON, Canada.","DOI":"10.1109\/INFOCOM41043.2020.9155292"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1999","DOI":"10.1007\/s00500-019-04030-2","article-title":"Deep packet: A novel approach for encrypted traffic classification using deep learning","volume":"24","author":"Lotfollahi","year":"2020","journal-title":"Soft Comput."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"107974","DOI":"10.1016\/j.comnet.2021.107974","article-title":"TSCRNN: A novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of IIoT","volume":"190","author":"Lin","year":"2021","journal-title":"Comput. Netw."},{"key":"ref_30","unstructured":"Peters, M.E., Ammar, W., Bhagavatula, C., and Power, R. (August, January 30). Semi-supervised sequence tagging with bidirectional language models. Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics (ACL), Vancouver, BC, Canada."},{"key":"ref_31","unstructured":"Devlin, J., Chang, M.-W., Lee, K., and Toutanova, K. (2019, January 2\u20137). BERT: Pre-training of deep bidirectional transformers for language understanding. Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics (NAACL), Minneapolis, MN, USA."},{"key":"ref_32","unstructured":"Radford, A., Narasimhan, K., Salimans, T., and Sutskever, I. (2025, June 26). Improving Language Understanding by Generative Pre-Training. OpenAI. Available online: https:\/\/www.mikecaptain.com\/resources\/pdf\/GPT-1.pdf."},{"key":"ref_33","unstructured":"Lan, Z., Chen, M., Goodman, S., Gimpel, K., Sharma, P., and Soricut, R. (2020, January 26\u201330). ALBERT: A lite BERT for self-supervised learning of language representations. Proceedings of the International Conference of Learning Representations, Addis Ababa, Ethiopia."},{"key":"ref_34","unstructured":"Liu, Y., Ott, M., Goyal, N., Du, J., Joshi, M., Chen, D., Levy, O., Lewis, M., Zettlemoyer, L., and Stoyanov, V. (2019). RoBERTa: A robustly optimized BERT pretraining approach. arXiv."},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Wang, T., Xie, X., Wang, W., Wang, C., Zhao, Y., and Cui, Y. (2024, January 28\u201331). Netmamba: Efficient network traffic classification via pre-training unidirectional Mamba. Proceedings of the 2024 IEEE 32nd International Conference on Network Protocols (ICNP), Charleroi, Belgium.","DOI":"10.1109\/ICNP61940.2024.10858569"},{"key":"ref_36","first-page":"5420","article-title":"Yet another traffic classifier: A masked autoencoder based traffic transformer with multi-level flow representation","volume":"37","author":"Zhao","year":"2023","journal-title":"Proc. AAAI Conf. Artif. Intell."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Hang, Z., Lu, Y., Wang, Y., and Xie, Y. (2023, January 16\u201318). Flow-MAE: Leveraging masked autoencoder for accurate, efficient and robust malicious traffic classification. Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses, Hong Kong, China.","DOI":"10.1145\/3607199.3607206"},{"key":"ref_38","unstructured":"McMahan, B., Moore, E., Ramage, D., Hampson, S., and Arcas, B.A. (2017, January 20\u201322). Communication-efficient learning of deep networks from decentralized data. Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS), Fort Lauderdale, FL, USA."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"120217","DOI":"10.1016\/j.ins.2024.120217","article-title":"Federated distillation and blockchain empowered secure knowledge sharing for internet of medical things","volume":"662","author":"Zhou","year":"2024","journal-title":"Inf. Sci."},{"key":"ref_40","unstructured":"Zhang, J., Liang, S., Ye, F., Hu, R.Q., and Qian, Y. (June, January 28). Towards detection of zero-day botnet attack in IoT networks using federated learning. Proceedings of the IEEE International Conference on Communications (ICC), Rome, Italy."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Mun, H., and Lee, Y. (2021). Internet traffic classification with federated learning. Electronics, 10.","DOI":"10.3390\/electronics10010027"},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"1898","DOI":"10.1109\/TCCN.2021.3101239","article-title":"Edge device identification based on federated learning and network traffic feature engineering","volume":"8","author":"He","year":"2021","journal-title":"IEEE Trans. Cogn. Commun. Netw."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Majeed, U., Khan, L.U., and Hong, C.S. (2020, January 22\u201325). Cross-silo horizontal federated learning for flow-based time-related-features oriented traffic classification. Proceedings of the 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), Daegu, Republic of Korea.","DOI":"10.23919\/APNOMS50412.2020.9236971"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"1274","DOI":"10.1109\/JIOT.2022.3204975","article-title":"FEAT: A federated approach for privacy-preserving network traffic classification in heterogeneous environments","volume":"10","author":"Guo","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_45","first-page":"66","article-title":"FedBERT: When federated learning meets pre-training","volume":"13","author":"Tian","year":"2022","journal-title":"ACM Trans. Intell. Syst. Technol. (TIST)"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Lit, Z., Sit, S., Wang, J., and Xiao, J. (2022, January 18\u201323). Federated split BERT for heterogeneous text classification. Proceedings of the 2022 International Joint Conference on Neural Networks (IJCNN), Padua, Italy.","DOI":"10.1109\/IJCNN55064.2022.9892845"},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Yang, Y., Dai, Y., Wang, Q., Yu, Y., Qu, L., and Xu, Z. (2023, January 9\u201314). FedPETuning: When Federated Learning Meets the Parameter-Efficient Tuning Methods of Pre-trained Language Models. Proceedings of the Findings of the Association for Computational Linguistics, Toronto, ON, Canada.","DOI":"10.18653\/v1\/2023.findings-acl.632"},{"key":"ref_48","first-page":"4111","article-title":"Efficient Framework for BERT Model Training Based on Federated Learning","volume":"36","author":"Wang","year":"2025","journal-title":"Ruan Jian Xue Bao\/J. Softw."},{"key":"ref_49","unstructured":"Wen, W., Wu, C., Wang, Y., Chen, Y., and Li, H. (2016, January 5\u201310). Learning structured sparsity in deep neural networks. Proceedings of the 30th International Conference on Neural Information Processing Systems, Barcelona, Spain."},{"key":"ref_50","doi-asserted-by":"crossref","unstructured":"Bogoychev, N. (2020). Not all parameters are born equal: Attention is mostly what you need. arXiv.","DOI":"10.18653\/v1\/2021.blackboxnlp-1.28"},{"key":"ref_51","unstructured":"Hu, H., Peng, R., Tai, Y.-W., and Tang, C.-K. (2016). Network trimming: A data-driven neuron pruning approach towards efficient deep architectures. arXiv."},{"key":"ref_52","unstructured":"Wang, W., Zhu, M., Zeng, X., Ye, X., and Sheng, Y. (2017, January 11\u201313). Malware traffic classification using convolutional neural network for representation learning. Proceedings of the 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam."},{"key":"ref_53","doi-asserted-by":"crossref","unstructured":"Dadkhah, S., Mahdikhani, H., Danso, P.K., Zohourian, A., Truong, K.A., and Ghorbani, A.A. (2022, January 22\u201324). Towards the development of a realistic multidimensional IoT profiling dataset. Proceedings of the 2022 19th Annual International Conference on Privacy, Security & Trust (PST), Fredericton, NB, Canada.","DOI":"10.1109\/PST55820.2022.9851966"},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Neto, E.C.P., Dadkhah, S., Ferreira, R., Zohourian, A., Lu, R., and Ghorbani, A.A. (2023). CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors, 23.","DOI":"10.20944\/preprints202305.0443.v1"},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Lashkari, A.H., Kadir, A.F.A., Taheri, L., and Ghorbani, A.A. (2018, January 22\u201325). Toward developing a systematic approach to generate benchmark Android malware datasets and classification. Proceedings of the 2018 International Carnahan Conference on Security Technology (ICCST), Montreal, QC, Canada.","DOI":"10.1109\/CCST.2018.8585560"},{"key":"ref_56","unstructured":"(2025, May 28). SplitCap. Available online: https:\/\/www.netresec.com\/?page=SplitCap."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D.J., Lindorfer, M., Choffnes, D., Van Steen, M., and Peter, A. (2020, January 23\u201326). Flowprint: Semi-supervised mobile-app fingerprinting on encrypted network traffic. Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, USA.","DOI":"10.14722\/ndss.2020.24412"},{"key":"ref_58","doi-asserted-by":"crossref","unstructured":"Zhang, H., Yu, L., Xiao, X., Li, Q., Mercaldo, F., Luo, X., and Liu, Q. (May, January 30). TFE-GNN: A temporal fusion encoder using graph neural networks for fine-grained encrypted traffic classification. Proceedings of the ACM Web Conference 2023, Austin, TX, USA.","DOI":"10.1145\/3543507.3583227"},{"key":"ref_59","doi-asserted-by":"crossref","unstructured":"Ahmed, S.T., Vinoth Kumar, V., Mahesh, T.R., Prasad, L.V.N., Velmurugan, A.K., and Muthukumaran, V. (2024). FedOPT: Federated learning-based heterogeneous resource recommendation and optimization for edge computing. Soft Comput., 1\u201312.","DOI":"10.1007\/s00500-023-09542-6"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/8\/323\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:14:18Z","timestamp":1760033658000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/8\/323"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,23]]},"references-count":59,"journal-issue":{"issue":"8","published-online":{"date-parts":[[2025,8]]}},"alternative-id":["fi17080323"],"URL":"https:\/\/doi.org\/10.3390\/fi17080323","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2025,7,23]]}}}