{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T18:16:37Z","timestamp":1774721797124,"version":"3.50.1"},"reference-count":33,"publisher":"MDPI AG","issue":"16","license":[{"start":{"date-parts":[[2023,8,17]],"date-time":"2023-08-17T00:00:00Z","timestamp":1692230400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.62162057"],"award-info":[{"award-number":["No.62162057"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.61872254"],"award-info":[{"award-number":["No.61872254"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2021JDRC0004"],"award-info":[{"award-number":["2021JDRC0004"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["C20606"],"award-info":[{"award-number":["C20606"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Sichuan Science and Technology Program","award":["No.62162057"],"award-info":[{"award-number":["No.62162057"]}]},{"name":"Sichuan Science and Technology Program","award":["No.61872254"],"award-info":[{"award-number":["No.61872254"]}]},{"name":"Sichuan Science and Technology Program","award":["2021JDRC0004"],"award-info":[{"award-number":["2021JDRC0004"]}]},{"name":"Sichuan Science and Technology Program","award":["C20606"],"award-info":[{"award-number":["C20606"]}]},{"name":"Key Lab of Information Network Security of Ministry of Public Security","award":["No.62162057"],"award-info":[{"award-number":["No.62162057"]}]},{"name":"Key Lab of Information Network Security of Ministry of Public Security","award":["No.61872254"],"award-info":[{"award-number":["No.61872254"]}]},{"name":"Key Lab of Information Network Security of Ministry of Public Security","award":["2021JDRC0004"],"award-info":[{"award-number":["2021JDRC0004"]}]},{"name":"Key Lab of Information Network Security of Ministry of Public Security","award":["C20606"],"award-info":[{"award-number":["C20606"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>As the demand for Internet access increases, malicious traffic on the Internet has soared also. In view of the fact that the existing malicious-traffic-identification methods suffer from low accuracy, this paper proposes a malicious-traffic-identification method based on contrastive learning. The proposed method is able to overcome the shortcomings of traditional methods that rely on labeled samples and is able to learn data feature representations carrying semantic information from unlabeled data, thus improving the model accuracy. In this paper, a new malicious traffic feature extraction model based on a Transformer is proposed. Employing a self-attention mechanism, the proposed feature extraction model can extract the bytes features of malicious traffic by performing calculations on the malicious traffic, thereby realizing the efficient identification of malicious traffic. In addition, a bidirectional GLSTM is introduced to extract the timing features of malicious traffic. The experimental results show that the proposed method is superior to the latest published methods in terms of accuracy and F1 score.<\/jats:p>","DOI":"10.3390\/s23167215","type":"journal-article","created":{"date-parts":[[2023,8,17]],"date-time":"2023-08-17T10:47:02Z","timestamp":1692269222000},"page":"7215","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Malicious Traffic Identification with Self-Supervised Contrastive Learning"],"prefix":"10.3390","volume":"23","author":[{"given":"Jin","family":"Yang","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"},{"name":"School of Information Science and Technology, Tibet University, Lhasa 850013, China"}]},{"given":"Xinyun","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"given":"Gang","family":"Liang","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"given":"Siyu","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]},{"given":"Zicheng","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China"}]}],"member":"1968","published-online":{"date-parts":[[2023,8,17]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"475","DOI":"10.1016\/j.cose.2013.10.001","article-title":"DNS amplification attack revisited","volume":"39","author":"Anagnostopoulos","year":"2013","journal-title":"Comput. Secur."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s11235-019-00599-z","article-title":"A survey of DDoS attacking techniques and defence mechanisms in the IoT network","volume":"73","author":"Vishwakarma","year":"2020","journal-title":"Telecommun. Syst."},{"key":"ref_3","unstructured":"(2021, August 16). CNCERT: 2020 Internet Network Security Monitoring Data Analysis Report. Available online: https:\/\/www.cert.org.cn\/publish\/main\/upload\/File\/2020Report.pdf."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Anderson, B., and McGrew, D. (2016, January 28). Identifying encrypted malware traffic with contextual flow data. Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, Vienna, Austria.","DOI":"10.1145\/2996758.2996768"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"119229","DOI":"10.1016\/j.ins.2023.119229","article-title":"Graph based Encrypted Malicious Traffic Detection with Hybrid Analysis of Multi-view Features","volume":"644","author":"Hong","year":"2023","journal-title":"Inf. Sci."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"102542","DOI":"10.1016\/j.cose.2021.102542","article-title":"Machine learning for encrypted malicious traffic detection: Approaches, datasets and comparative study","volume":"113","author":"Wang","year":"2022","journal-title":"Comput. Secur."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Shen, M., Liu, Y., Chen, S., Zhu, L., and Zhang, Y. (2019, January 20\u201324). Webpage fingerprinting using only packet length information. Proceedings of the ICC 2019\u20142019 IEEE International Conference on Communications (ICC), Shanghai, China.","DOI":"10.1109\/ICC.2019.8761167"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MNET.011.1900366","article-title":"Optimizing feature selection for efficient encrypted traffic classification: A systematic approach","volume":"34","author":"Shen","year":"2020","journal-title":"IEEE Netw."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wang, W., Zhu, M., Wang, J., Zeng, X., and Yang, Z. (2017, January 22\u201324). End-to-end encrypted traffic classification with one-dimensional convolution neural networks. Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, China.","DOI":"10.1109\/ISI.2017.8004872"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Xing, J., and Wu, C. (2020, January 6\u20139). Detecting anomalies in encrypted traffic via deep dictionary learning. Proceedings of the IEEE INFOCOM 2020\u2014IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, ON, Canada.","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162940"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"107974","DOI":"10.1016\/j.comnet.2021.107974","article-title":"TSCRNN: A novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of IIoT","volume":"190","author":"Lin","year":"2021","journal-title":"Comput. Netw."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Jaber, M., Cascella, R.G., and Barakat, C. (2012, January 25\u201330). Using host profiling to refine statistical application identification. Proceedings of the 2012 Proceedings IEEE INFOCOM, Orlando, FL, USA.","DOI":"10.1109\/INFCOM.2012.6195692"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"573","DOI":"10.1016\/j.jcss.2012.11.004","article-title":"Unsupervised traffic classification using flow statistical properties and IP packet payload","volume":"79","author":"Zhang","year":"2013","journal-title":"J. Comput. Syst. Sci."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Cheng, Z., Zou, C., and Dong, J. (2019, January 24\u201327). Outlier detection using isolation forest and local outlier factor. Proceedings of the Conference on Research in Adaptive and Convergent Systems, Chongqing, China.","DOI":"10.1145\/3338840.3355641"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"104484","DOI":"10.1016\/j.cageo.2020.104484","article-title":"Recognizing multivariate geochemical anomalies for mineral exploration by combining deep learning and one-class support vector machine","volume":"140","author":"Xiong","year":"2020","journal-title":"Comput. Geosci."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"4203","DOI":"10.1002\/sec.1335","article-title":"Local outlier factor use for the network flow anomaly detection","volume":"8","author":"Paulauskas","year":"2015","journal-title":"Secur. Commun. Netw."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., and Ghorbani, A.A. (2016, January 19\u201321). Characterization of encrypted and vpn traffic using time-related. Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), Rome, Italy.","DOI":"10.5220\/0005740704070414"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1109\/TIFS.2017.2737970","article-title":"Robust smartphone app identification via encrypted network traffic analysis","volume":"13","author":"Taylor","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"11888","DOI":"10.1109\/JIOT.2023.3244810","article-title":"Attack classification of imbalanced intrusion data for IoT network using ensemble learning-based deep neural network","volume":"10","author":"Thakkar","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1999","DOI":"10.1007\/s00500-019-04030-2","article-title":"Deep packet: A novel approach for encrypted traffic classification using deep learning","volume":"24","author":"Lotfollahi","year":"2020","journal-title":"Soft Comput."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Zhang, J., Li, F., Ye, F., and Wu, H. (2020, January 6\u20139). Autonomous unknown-application filtering and labeling for dl-based traffic classifier update. Proceedings of the IEEE INFOCOM 2020\u2014IEEE Conference on Computer Communications, Toronto, ON, Canada.","DOI":"10.1109\/INFOCOM41043.2020.9155292"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Ibitoye, O., Shafiq, O., and Matrawy, A. (2019, January 9\u201313). Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks. Proceedings of the 2019 IEEE Global Communications Conference (GLOBECOM), Waikoloa, HI, USA.","DOI":"10.1109\/GLOBECOM38437.2019.9014337"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Wang, X., Chen, S., and Su, J. (2020, January 6\u20139). App-net: A hybrid neural network for encrypted mobile traffic classification. Proceedings of the IEEE INFOCOM 2020\u2014IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Toronto, ON, Canada.","DOI":"10.1109\/INFOCOMWKSHPS50562.2020.9162891"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","article-title":"Fine-grained webpage fingerprinting using only packet length information of encrypted traffic","volume":"16","author":"Shen","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"118745","DOI":"10.1016\/j.eswa.2022.118745","article-title":"An improved PIO feature selection algorithm for IoT network intrusion detection system based on ensemble learning","volume":"213","author":"Alghanam","year":"2023","journal-title":"Expert Syst. Appl."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1109\/TBDATA.2019.2940675","article-title":"Identification of encrypted traffic through attention mechanism based long short term memory","volume":"8","author":"Yao","year":"2019","journal-title":"IEEE Trans. Big Data"},{"key":"ref_27","unstructured":"Chen, T., Kornblith, S., Norouzi, M., and Hinton, G. (2020, January 12\u201318). A simple framework for contrastive learning of visual representations. Proceedings of the International Conference on Machine Learning, Virtual Event."},{"key":"ref_28","unstructured":"Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, \u0141., and Polosukhin, I. (2017, January 4\u20139). Attention is all you need. Proceedings of the Advances in Neural Information Processing Systems, Long Beach, CA, USA."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1049\/iet-its.2016.0208","article-title":"LSTM network: A deep learning approach for short-term traffic forecast","volume":"11","author":"Zhao","year":"2017","journal-title":"IET Intell. Transp. Syst."},{"key":"ref_30","unstructured":"Hendrycks, D., and Gimpel, K. (2016). Gaussian error linear units (gelus). arXiv."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"779","DOI":"10.1016\/j.future.2019.05.041","article-title":"Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset","volume":"100","author":"Koroniotis","year":"2019","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.future.2020.03.042","article-title":"A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework","volume":"110","author":"Koroniotis","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"209802","DOI":"10.1109\/ACCESS.2020.3036728","article-title":"A holistic review of cybersecurity and reliability perspectives in smart airports","volume":"8","author":"Koroniotis","year":"2020","journal-title":"IEEE Access"}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/16\/7215\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:35:27Z","timestamp":1760128527000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/23\/16\/7215"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,17]]},"references-count":33,"journal-issue":{"issue":"16","published-online":{"date-parts":[[2023,8]]}},"alternative-id":["s23167215"],"URL":"https:\/\/doi.org\/10.3390\/s23167215","relation":{},"ISSN":["1424-8220"],"issn-type":[{"value":"1424-8220","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,17]]}}}