A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM
Abstract With the widespread adoption of network encryption technologies, traditional detection methods increasingly struggle to identify malicious encrypted traffic due to their limited ability to capture structural and behavioral characteristics. To address this issue, this paper proposes a Detach...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-07-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-13397-2 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Abstract With the widespread adoption of network encryption technologies, traditional detection methods increasingly struggle to identify malicious encrypted traffic due to their limited ability to capture structural and behavioral characteristics. To address this issue, this paper proposes a Detachable Convolutional GCN-LSTM (DC-GL) model. The proposed model constructs graph-structured data by integrating protocol-layer features and traffic statistical features extracted from encrypted flows. A Graph Convolutional Network (GCN) is employed to capture structural dependencies among nodes, while a Long Short-Term Memory (LSTM) network models the temporal dynamics of traffic behavior. To improve computational efficiency and feature extraction performance, detachable convolution is introduced into the GCN layers. In addition, an attention mechanism is incorporated to enhance the representation of critical features. Experimental results demonstrate that the DC-GL model outperforms several mainstream approaches in terms of accuracy, recall, and other key metrics, while also exhibiting faster convergence and greater robustness. These results suggest that DC-GL offers an effective and promising approach for malicious encrypted traffic detection. |
|---|---|
| ISSN: | 2045-2322 |