基于深度学习的加密流量分类研究综述

doi:10.3778/j.issn.1002-8331.2501-0218

摘要/Abstract

摘要： 随着互联网技术的迅速发展，网络流量类型变得复杂多变。同时为确保数据安全，大量信息通过加密协议进行传输，加密条件下流量原始信息不可见，这导致传统的流量分类方法不再适用。在此背景下，加密流量分类技术应运而生，它旨在识别和区分加密流量的类型和来源。加密流量分类不仅要正确区分各类已知流量做好流量管控，还要识别出可能携带恶意信息的未知流量做好安全防护。介绍了在通用环境下加密流量分类技术的研究现状，从已知流量分类、未知流量分类和数据集三个方面展开分析，探讨了通用环境下的加密流量分类技术未来发展趋势。并进一步分析了工业互联网这一特定环境下加密流量分类技术研究现状，包括公共流量数据缺乏、工业协议多样、特征提取复杂。展望了未来研究的方向，包括构建高质量数据集、优化特征提取方法、提升未知流量检测准确度。为实现加密流量精准分类以保障网络服务质量和安全防护提供借鉴和启示。

关键词: 加密流量, 未知流量检测, 深度学习, 类不平衡, 工业互联网

Abstract: With the rapid development of Internet technology, the types of network traffic have become complex and variable. At the same time, to ensure data security, a large amount of information is transmitted through encryption protocols. Under the encryption condition, the original information of the traffic is invisible, which makes traditional traffic classification methods no longer applicable. In this context, the encryption traffic classification technology has emerged. Its aim is to identify and distinguish the types and sources of encrypted traffic. Encryption traffic classification not only needs to correctly distinguish various known traffic for traffic control but also needs to identify unknown traffic that may carry malicious information for security protection. This paper introduces the research status of encryption traffic classification technology in a general environment, analyzing from three aspects: known traffic classification, unknown traffic classification, and data sets. It discusses the future development trends of encryption traffic classification technology in a general environment. Furthermore, it analyzes the research status of encryption traffic classification technology in an industrial internet environment, including the lack of public traffic data, diverse industrial protocols, and complex feature extraction. Finally, it looks forward to future research directions, including building high-quality data sets, optimizing feature extraction methods, and improving the accuracy of unknown traffic detection. To achieve precise classification of encrypted traffic and ensure network service quality and security protection, it provides references and inspirations.

Key words: encrypted traffic, unknown traffic detection, deep learning, data imbalance, industrial Internet

王影, 王钢, 高雲鹏, 霍闯. 基于深度学习的加密流量分类研究综述[J]. 计算机工程与应用, 2025, 61(21): 61-80.

WANG Ying, WANG Gang, GAO Yunpeng, HUO Chuang. Survey of Research on Encrypted Traffic Classification Based on Deep Learning[J]. Computer Engineering and Applications, 2025, 61(21): 61-80.

参考文献

[1] 王倪. 基于端口识别的网络流量分类模式的改进[J]. 电脑知识与技术, 2017, 13(3): 52-53.
WANG N. Improvement of network traffic classification mode based on port identification[J]. Computer Knowledge and Technology, 2017, 13(3): 52-53.
[2] LIN P C, LIN Y D, LAI Y C, et al. Using string matching for deep packet inspection[J]. Computer, 2008, 41(4): 23-28.
[3] LI J, ZHANG S Y, LU Y Q, et al. Internet traffic classification using machine learning[C]//Proceedings of the 2007 2nd International Conference on Communications and Networking in China. New York: IEEE, 2007: 68-72.
[4] YUAN R X, LI Z, GUAN X H, et al. An SVM-based machine learning method for accurate Internet traffic classification[J]. Information Systems Frontiers, 2010, 12(2): 149-156.
[5] 刘奇旭, 肖聚鑫, 谭耀康, 等. 工业互联网流量分析技术综述[J]. 通信学报, 2024, 45(8): 221-237.
LIU Q X, XIAO J X, TAN Y K, et al. Survey of industrial Internet traffic analysis technology[J]. Journal on Communications, 2024, 45(8): 221-237.
[6] SINGH D, SINGH B. Investigating the impact of data normalization on classification performance[J]. Applied Soft Computing, 2020, 97: 105524.
[7] SINGH D, SINGH B. Feature wise normalization: an effective way of normalizing data[J]. Pattern Recognition, 2022, 122: 108307.
[8] HUBEL D H, WIESEL T N. Receptive fields, binocular interaction and functional architecture in the cat’s visual cortex[J]. The Journal of Physiology, 1962, 160(1): 106-154.
[9] HOPFIELD J J. Neural networks and physical systems with emergent collective computational abilities[J]. Proceedings of the National Academy of Sciences, 1982, 79(8): 2554-2558.
[10] HOCHREITER S, SCHMIDHUBER J. Long short-term memory[J]. Neural Computation, 1997, 9(8): 1735-1780.
[11] VASWANI A, SHAZEER N, PAEMAR N. Attention is all you need[C]//Advances in Neural Information Processing Systems, 2017: 5998-6008.
[12] SCARSELLI F, GORI M, TSOI A C, et al. The graph neural network model[J]. IEEE Transactions on Neural Networks, 2009, 20(1): 61-80.
[13] GOODFELLOW I J, POUGET-ABADIE J, MIRZA M, et al. Generative adversarial nets[C]//Advances in Neural Information Processing Systems (NIPS), 2014: 2672-2680.
[14] 王伟. 基于深度学习的网络流量分类及异常检测方法研究[D]. 合肥: 中国科学技术大学, 2018.
WANG W. Deep learning for network traffic classification and anomaly detection[D]. Hefei: University of Science and Technology of China, 2018.
[15] WANG P, CHEN X. SAE-based encrypted traffic identification method[J]. Computer Engineering, 2018, 44(11): 140-147.
[16] LIU C, HE L T, XIONG G, et al. FS-net: a flow sequence network for encrypted traffic classification[C]//Proceedings of the IEEE Conference on Computer Communications. Piscataway: IEEE, 2019: 1171-1179.
[17] LU B, LUKTARHAN N, DING C, et al. ICLSTM: encrypted traffic service identification based on inception-LSTM neural network[J]. Symmetry, 2021, 13(6): 1080.
[18] 郭祥, 姜文刚, 王宇航. 基于改进Inception-ResNet的加密流量分类方法[J]. 计算机应用, 2023, 43(8): 2471-2476.
GUO X, JIANG W G, WANG Y H. Encrypted traffic classification method based on improved Inception-ResNet[J]. Journal of Computer Applications, 2023, 43(8): 2471-2476.
[19] WANG L T, HU W, LIU J Y, et al. Encrypted traffic classification based on fusion of vision transformer and temporal features[J]. The Journal of China Universities of Posts and Telecommunications, 2023, 30(2): 73-82.
[20] DING Q, ZHA Z P, LI Y J, et al. Multi-granularity feature fusion for enhancing encrypted traffic classification[J]. International Journal of Advanced Computer Science and Applications, 2024, 15(4): 1090-1097.
[21] YANG Y, YAN Y, GAO Z P, et al. A network traffic classification method based on dual-mode feature extraction and hybrid neural networks[J]. IEEE Transactions on Network and Service Management, 2023, 20(4): 4073-4084.
[22] SEYDALI M, KHUNJUSH F, AKBARI B, et al. CBS: a deep learning approach for encrypted traffic classification with mixed spatio-temporal and statistical features[J]. IEEE Access, 2023, 11: 141674-141702.
[23] CUI J, BAI L K, LI G X, et al. Semi-2DCAE: a semi-supervision 2D-CNN AutoEncoder model for feature representation and classification of encrypted traffic[J]. PeerJ Computer Science, 2023, 9: e1635.
[24] WANG C, ZHANG W, HAO H, et al. Network traffic classification model based on spatio-temporal feature extraction[J]. Electronics, 2024, 13(7): 1236.
[25] WANG Y Y, GAO Y L, LI X Y, et al. Encrypted traffic classification model based on SwinT-CNN[C]//Proceedings of the 2023 4th International Conference on Computer Engineering and Application. Piscataway: IEEE, 2023: 138-142.
[26] HU X Y, GU C X, CHEN Y H, et al. CBD: a deep-learning-based scheme for encrypted traffic classification with a general pre-training method[J]. Sensors, 2021, 21(24): 8231.
[27] ZHAO H Q, LI Y, FAN F, et al. Encrypted traffic classification method based on GSK and BiLSTM[C]//Proceedings of the 2023 China Automation Congress. Piscataway: IEEE, 2024: 2191-2196.
[28] 张稣荣, 卜佑军, 陈博, 等. 基于多层双向SRU与注意力模型的加密流量分类方法[J]. 计算机工程, 2022, 48(11): 127-136.
ZHANG S R, BU Y J, CHEN B, et al. Encrypted traffic classification method based on multi-layer bidirectional SRU and attention model[J]. Computer Engineering, 2022, 48(11): 127-136.
[29] SUN B Y, YANG W Y, YAN M Q, et al. An encrypted traffic classification method combining graph convolutional network and autoencoder[C]//Proceedings of the 2020 IEEE 39th International Performance Computing and Communications Conference. Piscataway: IEEE, 2021: 1-8.
[30] ZOU A B, YANG W, TANG C W, et al. A novel and effective encrypted traffic classification method based on channel attention and deformable convolution[J]. Computers and Electrical Engineering, 2024, 118: 109406.
[31] LI Z Y, XU X P. L2-BiTCN-CNN: spatio-temporal features fusion-based multi-classification model for various Internet applications identification[J]. Computer Networks, 2024, 243: 110298.
[32] HOU J G, LI X, XU H J, et al. Packet header-based reweight-long short term memory (Rew-LSTM) method for encrypted network traffic classification[J]. Computing, 2024, 106(8): 2875-2896.
[33] ZHOU X, XIAO X, LI Q, et al. CapsuleFormer: a capsule and Transformer combined model for decentralized application encrypted traffic classification[C]//Proceedings of the 19th ACM Asia Conference on Computer and Communications Security. New York: ACM, 2024: 1418-1429.
[34] 陈明豪, 祝跃飞, 芦斌, 等. 基于Attention-CNN的加密流量应用类型识别[J]. 计算机科学, 2021, 48(4): 325-332.
CHEN M H, ZHU Y F, LU B, et al. Classification of application type of encrypted traffic based on Attention-CNN[J]. Computer Science, 2021, 48(4): 325-332.
[35] SHI Z L, LUKTARHAN N, SONG Y Y, et al. BFCN: a novel classification method of encrypted traffic based on BERT and CNN[J]. Electronics, 2023, 12(3): 516.
[36] 孟娟, 孟鹏, 缪志敏, 等. 基于多任务特征学习的网络加密流量识别算法[J]. 计算机技术与发展, 2021, 31(6): 112-117.
MENG J, MENG P, MIAO Z M, et al. Network encrypted traffic identification based on multi-task feature learning[J]. Computer Technology and Development, 2021, 31(6): 112-117.
[37] DAI J B, XU X L, GAO H H, et al. SHAPE: a simultaneous header and payload encoding model for encrypted traffic classification[J]. IEEE Transactions on Network and Service Management, 2023, 20(2): 1993-2012.
[38] ACETO G, CIUONZO D, MONTIERI A, et al. MIMETIC: mobile encrypted traffic classification using multimodal deep learning[J]. Computer Networks, 2019, 165: 106944.
[39] ACETO G, CIUONZO D, MONTIERI A, et al. DISTILLER: encrypted traffic classification via multimodal multitask deep learning[J]. Journal of Network and Computer Applications, 2021, 183/184: 102985.
[40] WANG X B, YUAN Q J, WANG Y J, et al. Combine intra- and inter-flow: a multimodal encrypted traffic classification model driven by diverse features[J]. Computer Networks, 2024, 245: 110403.
[41] LI S B, HUANG Y C, GAO T Y, et al. FusionTC: encrypted app traffic classification using decision-level multimodal fusion learning of flow sequence[J]. Wireless Communications and Mobile Computing, 2023, 2023(1): 9118153.
[42] PARK J T, SHIN C Y, BAEK U J, et al. Fast and accurate multi-task learning for encrypted network traffic classification[J]. Applied Sciences, 2024, 14(7): 3073.
[43] HE H J, LAI Y X, WANG Y P, et al. A data skew-based unknown traffic classification approach for TLS applications[J]. Future Generation Computer Systems, 2023, 138: 1-12.
[44] LE S Q, LAI Y X, WANG Y P, et al. An adaptive classification and updating method for unknown network traffic in open environments[J]. Computer Networks, 2024, 238: 110114.
[45] HU Y, CHENG G, CHEN W C, et al. Attribute-based zero-shot learning for encrypted traffic classification[J]. IEEE Transactions on Network and Service Management, 2022, 19(4): 4583-4599.
[46] LI J, GU C X, LUAN L, et al. Few-shot open-set traffic classification based on self-supervised learning[C]//Proceedings of the 2022 IEEE 47th Conference on Local Computer Networks. Piscataway: IEEE, 2022: 371-374.
[47] ZHANG J L, LI F H, YE F, et al. Autonomous unknown-application filtering and labeling for DL-based traffic classifier update[C]//Proceedings of the IEEE Conference on Computer Communications. Piscataway: IEEE, 2020: 397-405.
[48] LUKACH A, RAN D B, DVIR A, et al. CBR: boosting adaptive classification by retrieval of encrypted network traffic with out-of-distribution[J]. arXiv:2403.11206, 2024.
[49] LI J, GU C X, WEI F S, et al. LightSEEN: real-time unknown traffic discovery via lightweight siamese networks[J]. Security and Communication Networks, 2021, 2021(1): 8267298.
[50] ZHAO M, DI Z, XIA Z, et al. OWETC: open world encrypted traffic classification based on semi-supervised class incremental learning[C]//Proceedings of the 2023 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking. Piscataway: IEEE, 2024: 1089-1096.
[51] LI X, FENG B B, ZANG T N, et al. Facing unknown: open-world encrypted traffic classification based on contrastive pre-training[C]//Proceedings of the 2023 IEEE Symposium on Computers and Communications. Piscataway: IEEE, 2023: 1255-1260.
[52] HU X Y, GU C X, CHEN Y H, et al. OpenCBD: a network-encrypted unknown traffic identification scheme based on open-set recognition[J]. Wireless Communications and Mobile Computing, 2022, 2022(1): 1746373.
[53] WANG P, WANG Z X, YE F, et al. ByteSGAN: a semi-supervised generative adversarial network for encrypted traffic classification in SDN edge gateway[J]. Computer Networks, 2021, 200: 108535.
[54] YANG L X, FINAMORE A, JUN F, et al. Deep learning and zero-day traffic classification: lessons learned from a commercial-grade dataset[J]. IEEE Transactions on Network and Service Management, 2021, 18(4): 4103-4118.
[55] YANG R P, YU A M, CAI L J, et al. Subspace clustering via graph auto-encoder network for unknown encrypted traffic recognition[J]. Cybersecurity, 2022, 5(1): 29.
[56] LI C F, ZHU Z Y, NIU R C, et al. SeAuNet: semi-autonomous encrypted traffic classification and self-labeling[C]//Proceedings of the 2023 26th International Conference on Computer Supported Cooperative Work in Design. Piscataway: IEEE, 2023: 1914-1919.
[57] FU C P, LI Q, XU K. Flow interaction graph analysis: unknown encrypted malicious traffic detection[J]. IEEE/ACM Transactions on Networking, 2024, 32(4): 2972-2987.
[58] LI Y, LU Y F, LI S R. EZAC: encrypted zero-day applications classification using CNN and K-means[C]//Proceedings of the 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design. Piscataway: IEEE, 2021: 378-383.
[59] 顾纯祥, 吴伟森, 石雅男, 等. 基于自编码器的未知协议分类方法[J]. 通信学报, 2020, 41(6): 88-97.
GU C X, WU W S, SHI Y N, et al. Method of unknown protocol classification based on autoencoder[J]. Journal on Communications, 2020, 41(6): 88-97.
[60] 代先勇, 胥雄, 邓金祥, 等. 基于层次聚类的多策略未知协议分类方法[J]. 信息安全与通信保密, 2022, 20(3): 88-100.
DAI X Y, XU X, DENG J X, et al. Multi-strategy unknown protocol classification method based on hierarchical clustering[J]. Information Security and Communications Privacy, 2022, 20(3): 88-100.
[61] LIU H Y, LANG B. Network traffic classification method supporting unknown protocol detection[C]//Proceedings of the 2021 IEEE 46th Conference on Local Computer Networks. Piscataway: IEEE, 2021: 311-314.
[62] WU H, CUI C Q, CHENG G, et al. PSCM: towards practical encrypted unknown protocol classification[C]//Proceedings of the 2022 IEEE Symposium on Computers and Communications. Piscataway: IEEE, 2022: 1-6.
[63] DRAPER-GIL G, LASHKARI A H, MAMUN M S I, et al. Characterization of encrypted and VPN traffic using time-related features[C]//Proceedings of the 2nd International Conference on Information Systems Security and Privacy, 2016: 407-414.
[64] HABIBI LASHKARI A, DRAPER GIL G, MAMUN M S I, et al. Characterization of tor traffic using time based features[C]//Proceedings of the 3rd International Conference on Information Systems Security and Privacy, 2017: 253-262.
[65] HABIBI LASHKARI A, KAUR G, RAHALI A. DIDarknet: a contemporary approach to detect and characterize the darknet traffic using deep image learning[C]//Proceedings of the 2020 10th International Conference on Communication and Network Security. New York: ACM, 2021: 1-13.
[66] SHIRAVI A, SHIRAVI H, TAVALLAEE M, et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers & Security, 2012, 31(3): 357-374.
[67] WANG W, ZHU M, ZENG X W, et al. Malware traffic classification using convolutional neural network for representation learning[C]//Proceedings of the 2017 International Conference on Information Networking. Piscataway: IEEE, 2017: 712-717.
[68] LASHKARI A H, KADIR A F A, GONZALEZ H, et al. Towards a network-based framework for Android malware detection and characterization[C]//Proceedings of the 2017 15th Annual Conference on Privacy, Security and Trust. Piscataway: IEEE, 2018: 233-23309.
[69] JIANG M H, LI Z, FU P P, et al. Accurate mobile-app fingerprinting using flow-level relationship with graph neural networks[J]. Computer Networks, 2022, 217: 109309.
[70] ACETO G, CIUONZO D, MONTIERI A, et al. MIRAGE: mobile-app traffic capture and ground-truth creation[C]//Proceedings of the 2019 4th International Conference on Computing, Communications and Security. Piscataway: IEEE, 2019: 1-8.
[71] REN J J, LINDORFER M, DUBOIS D J, et al. Bug fixes, improvements, and privacy leaks-a longitudinal study of PII leaks across Android app versions[C]//Proceedings of the 2018 Network and Distributed System Security Symposium, 2018.
[72] REN J, DUBOIS D, CHOFFNES D. An international view of privacy risks for mobile apps[EB/OL]. (2019). https://recon.meddle.mobi/cross-market.html.
[73] ZHAO R J, DENG X W, WANG Y H, et al. Flow sequence-based anonymity network traffic identification with residual graph convolutional networks[C]//Proceedings of the 2022 IEEE/ACM 30th International Symposium on Quality of Service. Piscataway: IEEE, 2022: 1-10.
[74] 张梦. 类别不平衡条件下的小样本加密流量识别[D]. 哈尔滨: 哈尔滨工业大学, 2013.
ZHANG M. Identification of encrypted traffic as small sample of class-imbalance[D]. Harbin: Harbin Institute of Technology, 2013.
[75] 吕文华. 基于小样本学习的加密流量分类问题研究[D]. 北京: 北京邮电大学, 2022.
LV W H. Research on encrypted traffic classification problem based on few-shot learning[D]. Beijing: Beijing University of Posts and Telecommunications, 2022.
[76] CHEN Y M, TONG Y Z, HWEE G B, et al. Encrypted mobile traffic classification with a few-shot incremental learning approach[C]//Proceedings of the 2023 IEEE 18th Conference on Industrial Electronics and Applications. Piscataway: IEEE, 2023: 40-45.
[77] 马涛, 赵华, 樊卫东, 等. 基于快速自适应元学习的小样本学习[J]. 南京邮电大学学报 (自然科学版), 2025, 45(2): 93-102.
MA T, ZHAO H, FAN W D, et al. Few-shot learning based on fast adaptive meta-learning[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2025, 45(2): 93-102.
[78] BOVENZI G, DI MONDA D, MONTIERI A, et al. Few shot learning approaches for classifying rare mobile-app encrypted traffic samples[C]//Proceedings of the IEEE Conference on Computer Communications Workshops. Piscataway: IEEE, 2023: 1-6.
[79] BOVENZI G, DI MONDA D, MONTIERI A, et al. Meta mimetic: few-shot classification of mobile-app encrypted traffic via multimodal meta-learning[C]//Proceedings of the 2023 35th International Teletraffic Congress. Piscataway: IEEE, 2023: 1-9.
[80] GUO J Y, CUI M X, HOU C S, et al. Global-aware prototypical network for few-shot encrypted traffic classification[C]//Proceedings of the 2022 IFIP Networking Conference. Piscataway: IEEE, 2022: 1-9.
[81] YANG C, XIONG G, ZHANG Q, et al. Few-shot encrypted traffic classification via multi-task representation enhanced meta-learning[J]. Computer Networks, 2023, 228: 109731.
[82] YAN B H, HAN G D, HUANG Y J, et al. New traffic classification method for imbalanced network data[J]. Journal of Computer Applications, 2018, 38(1): 20-25.
[83] DENER M, AL S, OK G. RFSE-GRU: data balanced classification model for mobile encrypted traffic in big data environment[J]. IEEE Access, 2023, 11: 21831-21847.
[84] BANSAL M A, SHARMA D R, KATHURIA D M. A systematic review on data scarcity problem in deep learning: solution and applications[J]. ACM Computing Surveys, 2022, 54(10s): 1-29.
[85] MA Y X, LI Z D, XUE H M, et al. A balanced supervised contrastive learning-based method for encrypted network traffic classification[J]. Computers & Security, 2024, 145: 104023.
[86] MIRZA M, OSINDERO S. Conditional generative adversarial nets[J]. arXiv:1411.1784, 2014.
[87] AHSAN M M, ALI M S, SIDDIQUE Z. Enhancing and improving the performance of imbalanced class data using novel GBO and SSG: a comparative analysis[J]. Neural Networks, 2024, 173: 106157.
[88] WANG Z X, WANG P, ZHOU X K, et al. FLOWGAN: unbalanced network encrypted traffic identification method based on GAN[C]//Proceedings of the 2019 IEEE International Conference on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking. Piscataway: IEEE, 2019: 975-983.
[89] GUO Y, XIONG G, LI Z, et al. Combating imbalance in network traffic classification using GAN based oversampling[C]//Proceedings of the 2021 IFIP Networking Conference. Piscataway: IEEE, 2021: 1-9.
[90] TANG Z G, WANG J F, YUAN B G, et al. Markov-GAN: Markov image enhancement method for malicious encrypted traffic classification[J]. IET Information Security, 2022, 16(6): 442-458.
[91] WANG P, LI S H, YE F, et al. PacketCGAN: exploratory study of class imbalance for encrypted traffic classification using CGAN[C]//Proceedings of the 2020 IEEE International Conference on Communications. Piscataway: IEEE, 2020: 1-7.
[92] ZHAI J T, LIN P, CUI Y F, et al. GraphCWGAN-GP: a novel data augmenting approach for imbalanced encrypted traffic classification[J]. CMES-Computer Modeling in Engineering and Sciences, 2023, 136(2): 2069-2092.
[93] 王方玉. 基于深度学习的加密流量分类研究[D]. 郑州: 郑州大学, 2021.
WANG F Y. Research on encrypted traffic classification based on deep learning[D]. Zhengzhou: Zhengzhou University, 2021.
[94] WANG H Z, YAN J Y, JIA N. A new encrypted traffic identification model based on VAE-LSTM-DRN[J]. Computers, Materials and Continua, 2024, 78(1): 569-588.
[95] DENER M, AL S, OK G. RFSE-GRU: data balanced classification model for mobile encrypted traffic in big data environment[J]. IEEE Access, 2023, 11: 21831-21847.
[96] DONG S. Multi class SVM algorithm with active learning for network traffic classification[J]. Expert Systems with Applications, 2021, 176: 114885.
[97] SOLEYMANPOUR S, SADR H, BEHESHTI H. An efficient deep learning method for encrypted traffic classification on the web[C]//Proceedings of the 2020 6th International Conference on Web Research. Piscataway: IEEE, 2020: 209-216.
[98] TELIKANI A, GANDOMI A H, CHOO K R, et al. A cost-sensitive deep learning-based approach for network traffic classification[J]. IEEE Transactions on Network and Service Management, 2022, 19(1): 661-670.
[99] QIN J Y, LIU G J, DUAN K. A new imbalanced encrypted traffic classification model based on CBAM and re-weighted loss function[J]. Applied Sciences, 2022, 12(19): 9631.
[100] LIN X J, HE L T, GOU G P, et al. CETP: a novel semi-supervised framework based on contrastive pre-training for imbalanced encrypted traffic classification[J]. Computers & Security, 2024, 143: 103892.
[101] CAI W, HOU C S, CUI M X, et al. Incremental encrypted traffic classification via contrastive prototype networks[J]. Computer Networks, 2024, 250: 110591.
[102] 郭钰玲. 工业互联网通信协议与安全策略研究[J]. 长江信息通信, 2024, 37(6): 163-165.
GUO Y L. Research on industrial Internet communication protocol and security strategy[J]. Changjiang Information & Communications, 2024, 37(6): 163-165.
[103] 钱晨. 工业互联网通信协议与安全策略研究[J]. 网络安全技术与应用, 2023(12): 9-11.
QIAN C. Research on industrial Internet communication protocol and security strategy[J]. Network Security Technology & Application, 2023(12): 9-11.
[104] MAJDALAWIEH M, PARISI-PRESICCE F, WIJESEKERA D. DNPSec: distributed network protocol version 3 (DNP3) security framework[C]//Advances in Computer, Information, and Systems Sciences, and Engineering. Dordrecht: Springer, 2006: 227-234.
[105] AMOAH R, CAMTEPE S, FOO E. Formal modelling and analysis of DNP3 secure authentication[J]. Journal of Network and Computer Applications, 2016, 59: 345-360.
[106] HUI H, MCLAUGHLIN K, SEZER S. Vulnerability analysis of S7 PLCs: manipulating the security mechanism[J]. International Journal of Critical Infrastructure Protection, 2021, 35: 100470.
[107] 郝志强, 刘冬, 王冲华. 工业领域网络流量安全分析关键技术研究[J]. 工业信息安全, 2022(3): 27-35.
HAO Z Q, LIU D, WANG C H. Research on key techniques of industrial network traffic security analysis[J]. Industrial Information Security, 2022(3): 27-35.
[108] HOLASOVA E, FUJDIAK R. Deep neural networks for industrial protocol recognition and cipher suite used[C]//Proceedings of the 2022 IEEE International Carnahan Conference on Security Technology. Piscataway: IEEE, 2022: 1-7.
[109] HOLASOVA E, BLAZEK P, FUJDIAK R, et al. Exploring the power of convolutional neural networks for encrypted industrial protocols recognition[J]. Sustainable Energy, Grids and Networks, 2024, 38: 101269.
[110] LIN K D, XU X L, GAO H. TSCRNN: a novel classification scheme of encrypted traffic based on flow spatiotemporal features for efficient management of IIoT[J]. Computer Networks, 2021, 190: 107974.
[111] 罗誉钒. 工业物联网加密流量分类及入侵检测方法研究[D]. 广州: 广东技术师范大学, 2023.
LUO Y F. Research on encrypted traffic classification and intrusion detection methods of industrial Internet of Things[D]. Guangzhou: Guangdong Polytechnic Normal University, 2023.
[112] ZHAO R J, HUANG Y T, DENG X W, et al. A novel traffic classifier with attention mechanism for industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2023, 19(11): 10799-10810.
[113] 张硕. 面向异构协议兼容的工业互联网平台关键技术研究[J]. 自动化与仪表, 2023, 38(6): 109-114.
ZHANG S. Research on key technologies of industrial Internet platform for heterogeneous protocol compatibility[J]. Automation & Instrumentation, 2023, 38(6): 109-114.
[114] NIU Z Q, XUE J F, QU D C, et al. A novel approach based on adaptive online analysis of encrypted traffic for identifying Malware in IIoT[J]. Information Sciences, 2022, 601: 162-174.
[115] ZANG X D, WANG T L, ZHANG X C, et al. Encrypted malicious traffic detection based on natural language processing and deep learning[J]. Computer Networks, 2024, 250: 110598.
[116] ZHU S Z, XU X L, GAO H H, et al. CMTSNN: a deep learning model for multiclassification of abnormal and encrypted traffic of Internet of Things[J]. IEEE Internet of Things Journal, 2023, 10(13): 11773-11791.
[117] 胡向东, 万润楠. 基于改进随机森林的工业互联网安全态势评估方法[J]. 电子学报, 2024, 52(3): 783-791.
HU X D, WAN R N. Method of security situation assessment based on improved random forest for industrial Internet[J]. Acta Electronica Sinica, 2024, 52(3): 783-791.
[118] 金志刚, 刘凯, 武晓栋. 堆叠循环卷积和头部注意力的工业互联网入侵检测[J/OL]. 哈尔滨工业大学学报, 2024: 1?11(2024?06?24)[2025-01-08]. https://kns.cnki.net/KCMS/detail/detail.aspx?filename=HEBX2024062100M&dbname=
CJFD&dbcode=CJFQ.
JIN Z G, LIU K, WU X D. Industrial Internet intrusion detection based on stacking circular convolution and head attention[J/OL]. Journal of Harbin Institute of Technology, 2024: 1-11(2024-06-24)[2025-01-08]. https://kns.cnki.net/KCMS/detail/detail.aspx?filename=HEBX2024062100M&
dbname=CJFD&dbcode=CJFQ.
[119] ZHANG H, MIN Y D, LIU S Y, et al. Improve the security of industrial control system: a fine-grained classification method for DoS attacks on modbus/TCP[J]. Mobile Networks and Applications, 2023, 28(2): 839-852.
[120] JIANG J R, CHEN Y T. Industrial control system anomaly detection and classification based on network traffic[J]. IEEE Access, 2022, 10: 41874-41888.
[121] CHAI G Z, LI S M, YANG Y, et al. CTSF: an intrusion detection framework for industrial Internet based on enhanced feature extraction and decision optimization approach[J]. Sensors, 2023, 23(21): 8793.
[122] WANG G Z, TANG L L, YANG Z Y, et al. Deep CNN- RNN with self- attention model for electric IoT traffic classification[C]//Proceedings of the 2023 4th International Conference on Big Data & Artificial Intelligence & Software Engineering. Piscataway: IEEE, 2023: 363-368.
[123] YUE G, SUN Z, TIAN J W, et al. Power grid industrial control system traffic classification based on two-dimensional convolutional neural network[M]//Communications, signal processing, and systems. Singapore: Springer Singapore, 2022: 41-48.
[124] AHAKONYE L A C, AMAIZU G C, NWAKANMA C I, et al. Classification and characterization of encoded traffic in SCADA network using hybrid deep learning scheme[J]. Journal of Communications and Networks, 2024, 26(1): 65-79.
[125] WANG M L, CHEN C X, ZHANG X C, et al. BCBA: an IIoT encrypted traffic classifier based on a serial network model[J]. Future Generation Computer Systems, 2025, 164: 107603.
[126] MENG X Y, LIN C G, WANG Y Q, et al. NetGPT: generative pretrained transformer for network traffic[J]. arXiv:2304.09513, 2023.
[127] MOUSTAFA N, SLAY J. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set)[C]//Proceedings of the 2015 Military Communications and Information Systems Conference. Piscataway: IEEE, 2015: 1-6.
[128] AL-HAWAWREH M, SITNIKOVA E, ABOUTORAB N. X-IIoTID: a connectivity-agnostic and device-agnostic intrusion data set for industrial Internet of Things[J]. IEEE Internet of Things Journal, 2022, 9(5): 3962-3977.
[129] TAVALLAEE M, BAGHERI E, LU W, et al. A detailed analysis of the KDD CUP 99 data set[C]//Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. Piscataway: IEEE, 2009: 1-6.