{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,27]],"date-time":"2026-05-27T18:36:42Z","timestamp":1779907002606,"version":"3.53.1"},"reference-count":32,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2022,11,6]],"date-time":"2022-11-06T00:00:00Z","timestamp":1667692800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key Research and Development Program","award":["2018YFB0804102"],"award-info":[{"award-number":["2018YFB0804102"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>The detection of malicious encrypted traffic is an important part of modern network security research. The producers of the current malware do not pay attention to the fact that malicious encrypted traffic can also be detected; they do not construct further adversarial malicious encrypted traffic to deceive existing malicious encrypted traffic detection methods. However, with the increasing confrontation between attack and defense, adversarial malicious encrypted traffic samples will appear gradually, which will make the existing malicious encrypted traffic detection methods obsolete. In this paper, an adversarial malicious encrypted traffic detection method based on refined session analysis (ADRSA) is proposed. The key ideas of this method are: (1) interpretability analysis is used to extract malicious traffic features that are not easily affected by encryption, (2) restoration technology is used to further improve traffic separability, and (3) a deep neural network is used to identify adversarial malicious encrypted traffic. In experimental tests, the ADRSA method could accurately detect malicious encrypted traffic, particularly adversarial malicious encrypted traffic, and the detection rate is more than 95%. However, the detection rate of other malicious encrypted traffic detection methods is almost zero when facing adversarial malicious encrypted traffic. The detection performance of ADRSA exceeds that of the most popular detection methods.<\/jats:p>","DOI":"10.3390\/sym14112329","type":"journal-article","created":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T03:10:46Z","timestamp":1667790646000},"page":"2329","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Adversarial Malicious Encrypted Traffic Detection Based on Refined Session Analysis"],"prefix":"10.3390","volume":"14","author":[{"given":"Minghui","family":"Li","sequence":"first","affiliation":[{"name":"School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1870-9558","authenticated-orcid":false,"given":"Zhendong","family":"Wu","sequence":"additional","affiliation":[{"name":"School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Keming","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Electronic Information, Hangzhou Dianzi University, Hangzhou 310000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Wenhai","family":"Wang","sequence":"additional","affiliation":[{"name":"College of Control Science and Engineering, Zhejiang University, Hangzhou 310000, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2022,11,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1109\/TIFS.2017.2737970","article-title":"Robust smartphone app identification via encrypted network traffic analysis","volume":"13","author":"Taylor","year":"2017","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_2","first-page":"1","article-title":"Detection and classification of botnet traffic using deep learning with model explanation","volume":"19","author":"Kundu","year":"2022","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MCOM.2019.1800819","article-title":"Deep learning for encrypted traffic classification: An overview","volume":"57","author":"Rezaei","year":"2019","journal-title":"IEEE Commun. Mag."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"103160","DOI":"10.1016\/j.jnca.2021.103160","article-title":"A novel hybrid model for intrusion detection systems in SDNs based on CNN and a new regularization technique","volume":"191","author":"ElSayed","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"8852","DOI":"10.1109\/JIOT.2020.2996425","article-title":"An ensemble of deep recurrent neural networks for detecting IoT cyber attacks using network traffic","volume":"7","author":"Saharkhizan","year":"2020","journal-title":"IEEE Internet Things J."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Liu, J., Xiao, Q., Jiang, Z., Yao, Y., and Wang, Q. (2022, January 10\u201313). Effectiveness Evaluation of Evasion Attack on Encrypted Malicious Traffic Detection. Proceedings of the 2022 IEEE Wireless Communications and Networking Conference (WCNC), Austin, TX, USA.","DOI":"10.1109\/WCNC51071.2022.9771726"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Pierazzi, F., Pendlebury, F., Cortellazzi, J., and Cavallaro, L. (2020, January 17\u201321). Intriguing properties of adversarial ml attacks in the problem space. Proceedings of the 2020 IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA.","DOI":"10.1109\/SP40000.2020.00073"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"3225","DOI":"10.1109\/TIFS.2022.3201377","article-title":"Tantra: Timing-based adversarial network traffic reshaping attack","volume":"17","author":"Sharon","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Usama, M., Qayyum, A., Qadir, J., and Al-Fuqaha, A. (2019, January 24\u201328). Black-box Adversarial Machine Learning Attack on Network Traffic Classification. Proceedings of the 2019 15th International Wireless Communications and Mobile Computing Conference (IWCMC), Tangier, Morocco.","DOI":"10.1109\/IWCMC.2019.8766505"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"241","DOI":"10.1109\/TBDATA.2019.2940675","article-title":"Identification of encrypted traffic through attention mechanism based long short term memory","volume":"8","author":"Yao","year":"2019","journal-title":"IEEE Trans. Big Data"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"348","DOI":"10.1109\/ACCESS.2019.2962018","article-title":"Large-scale mobile app identification using deep learning","volume":"8","author":"Rezaei","year":"2019","journal-title":"IEEE Access"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"1999","DOI":"10.1007\/s00500-019-04030-2","article-title":"Deep packet: A novel approach for encrypted traffic classification using deep learning","volume":"24","author":"Lotfollahi","year":"2020","journal-title":"Soft Comput."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Draper-Gil, G., Lashkari, A.H., Mamun, M.S.I., and Ghorbani, A.A. (2016, January 19\u201321). Characterization of encrypted and vpn traffic using time-related. Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP), Rome, Italy.","DOI":"10.5220\/0005740704070414"},{"key":"ref_14","unstructured":"Hodo, E., Bellekens, X., Iorkyase, E., Hamilton, A., Tachtatzis, C., and Atkinson, R. (September, January 29). Machine learning approach for detection of nontor traffic. Proceedings of the 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"2046","DOI":"10.1109\/TIFS.2020.3046876","article-title":"Fine-grained webpage fingerprinting using only packet length information of encrypted traffic","volume":"16","author":"Shen","year":"2020","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"4041","DOI":"10.1002\/int.22711","article-title":"Semantic key generation based on natural language","volume":"37","author":"Wu","year":"2022","journal-title":"Int. J. Intell. Syst."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"4329","DOI":"10.1002\/int.22782","article-title":"Fingerprint bio-key generation based on a deep neural network","volume":"37","author":"Wu","year":"2022","journal-title":"Int. J. Intell. Syst."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"45182","DOI":"10.1109\/ACCESS.2019.2908225","article-title":"Deep-full-range: A deep learning based network encrypted traffic classification and intrusion detection framework","volume":"7","author":"Zeng","year":"2019","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"363","DOI":"10.1049\/ell2.12125","article-title":"A deep-learning-and reinforcement-learning-based system for encrypted network malicious traffic detection","volume":"57","author":"Yang","year":"2021","journal-title":"Electron. Lett."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Chen, J., Huang, J., and Lu, X. (2022, January 29\u201330). Convolutional neural network-based identification of malicious traffic for TLS encryption. Proceedings of the 2022 7th International Conference on Intelligent Computing and Signal Processing (ICSP), Bucharest, Romania.","DOI":"10.1109\/ICSP54964.2022.9778340"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Cuzzocrea, A., Martinelli, F., Mercaldo, F., and Vercelli, G. (2017, January 11\u201314). Tor traffic analysis and detection via machine learning techniques. Proceedings of the 2017 IEEE International Conference on Big Data (Big Data), Boston, MA, USA.","DOI":"10.1109\/BigData.2017.8258487"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"3843","DOI":"10.1109\/TVT.2019.2894290","article-title":"A heuristic statistical testing based approach for encrypted network traffic identification","volume":"68","author":"Niu","year":"2019","journal-title":"IEEE Trans. Veh. Technol."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.jnca.2018.12.014","article-title":"A mobile malware detection method using behavior features in network traffic","volume":"133","author":"Wang","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"102507","DOI":"10.1016\/j.jnca.2019.102507","article-title":"A hybrid machine learning approach for malicious behaviour detection and recognition in cloud computing","volume":"151","author":"Rabbani","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Ullah, I., and Mahmoud, Q.H. (2020). A two-level flow-based anomalous activity detection system for IoT networks. Electronics, 9.","DOI":"10.3390\/electronics9030530"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"MontazeriShatoori, M., Davidson, L., Kaur, G., and Lashkari, A.H. (2020, January 17\u201322). Detection of doh tunnels using time-series classification of encrypted traffic. Proceedings of the 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech), Calgary, AB, Canada.","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Ma, C., Du, X., and Cao, L. (2020). Improved KNN Algorithm for Fine-Grained Classification of Encrypted Network Flow. Electronics, 9.","DOI":"10.3390\/electronics9020324"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"74571","DOI":"10.1109\/ACCESS.2020.2988854","article-title":"Fog-based attack detection framework for internet of things using deep learning","volume":"8","author":"Samy","year":"2020","journal-title":"IEEE Access"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"8824659","DOI":"10.1155\/2020\/8824659","article-title":"Preprocessing Method for Encrypted Traffic Based on Semisupervised Clustering","volume":"2020","author":"Zheng","year":"2020","journal-title":"Secur. Commun. Netw."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Zebin, T., Rezvy, S., and Luo, Y. (2022). An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) Attacks. IEEE Trans. Inf. Forensics Secur.","DOI":"10.36227\/techrxiv.17696972.v1"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"2732","DOI":"10.1109\/TIFS.2022.3172598","article-title":"RAD: A Statistical Mechanism Based on Behavioral Analysis for DDoS Attack Countermeasure","volume":"17","author":"Hajimaghsoodi","year":"2022","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Maarouf, R., Sattar, D., and Matrawy, A. (2021, January 5\u20138). Evaluating resilience of encrypted traffic classification against adversarial evasion attacks. Proceedings of the 2021 IEEE Symposium on Computers and Communications (ISCC), Athens, Greece.","DOI":"10.1109\/ISCC53001.2021.9631407"}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/11\/2329\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T01:11:28Z","timestamp":1760145088000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/11\/2329"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,6]]},"references-count":32,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2022,11]]}},"alternative-id":["sym14112329"],"URL":"https:\/\/doi.org\/10.3390\/sym14112329","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,6]]}}}