JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2026, Vol. 61 ›› Issue (3): 1-10.doi: 10.6040/j.issn.1671-9352.9.2025.002

   

Encrypted traffic detection based on path signature features representation learning

  

  1. 1. Engineering Research Center of Digital Forensics, Ministry of Education, Nanjing University of Information Science and Technology, Nanjing 210044, Jiangsu, China;
    2. School of Computer Science &
    School of Cyber Science and Engineering, Nanjing University of Information Science and Technology, Nanjing 210044, Jiangsu, China;
    3. Nanjing Patent Administrative Enforcement Detachment, Nanjing 210008, Jiangsu, China
  • Published:2026-03-18

PDF (PC)

7

Abstract: Aiming at the problems of insufficient extraction of interactive behavioral features between encrypted flows, a PSFREL(Path Signature Feature Representation Learning)based encrypted flow detection method is proposed.Signature feature representation learning(PSFREL), which uses path signatures to characterize the hidden, unaffected by encryption interactions between traffic flows, uses an autoencoder to extract local features at the field level, and uses the residual network Cam-resnet, which combines the attention mechanism of the channel, to extract the global features of the traffic flow, forming a multi-granularity flow features for encrypted traffic detection. Comprehensive benchmarking across four encrypted network flow datasets(e.g., ISCX VPN-nonVPN)showcases the PSFREL frameworks capability to attain a 94.91% mean F1-Score.

Key words: encrypted traffic, path signatures, feature engineering, residual network

CLC Number: 

  • TP309
[1] 侯剑,鲁辉,刘方爱,等. 加密恶意流量检测及对抗综述[J]. 软件学报,2024,35(1):333-355. HOU Jian, LU Hui, LIU Fangai, et al. A review of encrypted malicious traffic detection and countermeasure[J]. Journal of Software, 2024, 35(1):333-355.
[2] 陈子涵,程光,徐子恒,等. 互联网加密流量检测、分类与识别研究综述[J]. 计算机学报,2023,46(5):1060-1085. CHEN CHENG Zihan, XU Guang, XU Ziheng, et al. A review of research on detection, classification and recognition of encrypted traffic on the internet[J]. Journal of Computing, 2023, 46(5):1060-1085.
[3] LONG G, ZHANG Z X. Deep encrypted traffic detection: an anomaly detection framework for encryption traffic based on parallel automatic feature extraction[J]. Computational Intelligence and Neuroscience, 2023, 2023:3316642.
[4] LOTFOLLAHI M, JAFARI S M, SHIRALI H Z R, et al. Deep packet: a novel approach for encrypted traffic classification using deep learning[J]. Soft Computing, 2020, 24(3):1999-2012.
[5] AGRAWAL S, SOHI B S. Feature optimization and performance evaluation of machine learning algorithms for identification of P2P traffic[J]. Journal of Advances in Information Technology, 2012, 3(2):107-114.
[6] WANG Z H, THING V L L. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms[J]. Computers & Security, 2023, 128:103143.
[7] ZHAO J J, LI Q, HONG Y P, et al. MetaRockETC: adaptive encrypted traffic classification in complex network environments via time series analysis and meta-learning[J]. IEEE Transactions on Network and Service Management, 2024, 21(2):2460-2476.
[8] CHEN C, QU L F, AMIRPOUR H, et al. On the security of selectively encrypted HEVC video bitstreams[J]. ACM Transactions on Multimedia Computing, Communications, and Applications, 2024, 20(9):1-27.
[9] WANG Z H, WANG J R, LIU Y, et al. Privacy-preserving attribute-based access control scheme with intrusion detection and policy hiding for data sharing in VANET[J]. IEEE Internet of Things Journal, 2024, 11(13):23348-23369.
[10] 谷勇浩,徐昊,张晓青. 基于多粒度表征学习的加密恶意流量检测[J]. 计算机学报,2023,46(9):1888-1899. GU Yonghao, XU Hao, ZHANG Xiaoqing. Encrypted malicious traffic detection based on multi-granularity representation learning[J]. Journal of Computing, 2023, 46(9):1888-1899.
[11] XU S J, GENG G G, JIN X B, et al. Seeing traffic paths: encrypted traffic classification with path signature features[J]. IEEE Transactions on Information Forensics and Security, 2022, 17:2166-2181.
[12] CHEVYREV I, KORMILITZIN A. A primer on the signature method in machine learning[EB/OL]. https://arxiv.org/abs/1603.03788
[13] WANG Y, ZHANG L, CHEN H. High-frequency trading anomaly detection via signature-transformer[J]. IEEE Transactions on Financial Informatics, 2023, 19(4):1234-1245.
[14] LI H, WANG Q, LIU Z. Reinforcement learning optimized path signatures for motion rehabilitation assessment[J]. ACM Transactions on Health Informatics, 2023, 10(3):1-18.
[15] GUO S, ZHOU T, LI H. Dynamic gene regulatory network modeling via path signature-GNN[J]. Bioinformatics, 2024, 40(1):1-10.
[16] ZHAO Z M, LI Z X, JIANG J L, et al. ERNN: error-resilient RNN for encrypted traffic detection towards network-induced phenomena[J]. IEEE Transactions on Dependable and Secure Computing, 2023, 99:1-18.
[17] WANG Q L, WU B G, ZHU P F, et al. ECA-net: efficient channel attention for deep convolutional neural networks[C] //2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR). Seattle: IEEE, 2020:11534-11542.
[18] 麻文刚,张亚东,郭进. 基于LSTM与改进残差网络优化的异常流量检测方法[J]. 通信学报,2021,42(5):23-40. MA Wengang, ZHANG Yadong, GUO Jin. Anomalous traffic detection method based on LSTM with improved residual network optimization[J]. Journal of Communications, 2021, 42(5):23-40.
[19] ZHANG S H, MA L F, LIU H J. Encryption-decryption-based event-triggered consensus control for nonlinear MASs under DoS attacks[J]. International Journal of Robust and Nonlinear Control, 2024, 34(1):132-146.
[20] WANG M N, ZHENG K F, LUO D, et al. An encrypted traffic classification framework based on convolutional neural networks and stacked autoencoders[C] //2020 IEEE 6th International Conference on Computer and Communications(ICCC).Chengdu: IEEE, 2020:634-641.
[21] WANG Z H, THING V L L. Feature mining for encrypted malicious traffic detection with deep learning and other machine learning algorithms[J]. Computers & Security, 2023, 128:103143.
[22] CUI S S, JIANG B, CAI Z Z, et al. A session-packets-based encrypted traffic classification using capsule neural networks[C] //2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems(HPCC/SmartCity/DSS). Zhangjiajie: IEEE, 2019.
[1] Feixu LI,Fei YAN,Binlin CHENG,Liqiang ZHANG. An automatic protocol vulnerability detection framework for resource-constrained devices of LPWAN [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2023, 58(9): 39-50.
[2] Bo ZHAO,Jing QIN,Jinlu LIU. An encryption scheme supporting wildcard and fuzzy search [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2023, 58(9): 28-38.
[3] Jiao LYU,Xi ZHANG,Jing QIN. Time-controlled designated tester proxy re-encryption with keyword search scheme [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2023, 58(9): 16-27.
[4] Xiuzhen CHENG,Weifeng LYU,Minghui XU,Runyu PAN,Dongxiao YU,Chenxu WANG,Yong YU,Xue XIAO. Meta computing: a new computing paradigm under zero trust [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2023, 58(9): 1-15.
[5] Zhao-xia WU,Yi WANG. A safe auction algorithm for heterogeneous spectrum based on Paillier homomorphism [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2021, 56(3): 23-27.
[6] Chao ZHANG,Ying LIANG,Hao-shan FANG. Social network information recommendation method of supporting privacy protection [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(3): 9-18.
[7] Ying LI,Jun HU. Hierarchical trusted cryptography service framework based on distributed message drive [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2020, 55(3): 19-27.
[8] Jun HU,Zi-peng DIAO. vTCM: a virtualized trusted cryptography module based on the virtualization of physical trusted computing environment [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(7): 77-88.
[9] Juan QU,Yu-ming FENG,Yan-ping LI,Li LI. An anonymous and provably remote user authentication protocol using extended chaotic maps for multi-server system [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(5): 44-51.
[10] Jia XU,Peng JIANG. A survey of visual saliency and salient object detection methods [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 28-37.
[11] Fu-sheng WU,Huan-guo ZHANG,Ming-tao NI,Jun WANG. Security analysis model of behavior based on cryptographic protocols implement at source code level [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 18-27.
[12] Xiao-jie XIE,Ying LIANG,Xiang-xiang DONG. Sensitive attribute iterative inference method for social network users [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 10-17, 27.
[13] Tian-tian CHANG,Xing-shu CHEN,Yong-gang LUO,Xiao LAN. Security domain-based data isolation protection framework for Hive [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(3): 1-9.
[14] Ze-nan WU,Li-qin TIAN,Zhi-gang WANG. A user behavior trust evaluation combined with sliding window and recommended trust [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(1): 53-59.
[15] Yao-yao DU,Ping PAN,Jin-hua LINGHU. Evaluation method of information system grade protection based on DIT [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2019, 54(1): 47-52.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
Copyright 2018 © Editorial office of JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE)
Supported by Beijing Magtech Co.Ltd