A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM
Abstract With the widespread adoption of network encryption technologies, traditional detection methods increasingly struggle to identify malicious encrypted traffic due to their limited ability to capture structural and behavioral characteristics. To address this issue, this paper proposes a Detach...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Nature Portfolio
2025-07-01
|
| Series: | Scientific Reports |
| Subjects: | |
| Online Access: | https://doi.org/10.1038/s41598-025-13397-2 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849763267517349888 |
|---|---|
| author | Xiaogang Yuan Jianxin Wan Dezhi An Huan Pei |
| author_facet | Xiaogang Yuan Jianxin Wan Dezhi An Huan Pei |
| author_sort | Xiaogang Yuan |
| collection | DOAJ |
| description | Abstract With the widespread adoption of network encryption technologies, traditional detection methods increasingly struggle to identify malicious encrypted traffic due to their limited ability to capture structural and behavioral characteristics. To address this issue, this paper proposes a Detachable Convolutional GCN-LSTM (DC-GL) model. The proposed model constructs graph-structured data by integrating protocol-layer features and traffic statistical features extracted from encrypted flows. A Graph Convolutional Network (GCN) is employed to capture structural dependencies among nodes, while a Long Short-Term Memory (LSTM) network models the temporal dynamics of traffic behavior. To improve computational efficiency and feature extraction performance, detachable convolution is introduced into the GCN layers. In addition, an attention mechanism is incorporated to enhance the representation of critical features. Experimental results demonstrate that the DC-GL model outperforms several mainstream approaches in terms of accuracy, recall, and other key metrics, while also exhibiting faster convergence and greater robustness. These results suggest that DC-GL offers an effective and promising approach for malicious encrypted traffic detection. |
| format | Article |
| id | doaj-art-d0945153c9a34012b33f91cd4b23cde8 |
| institution | DOAJ |
| issn | 2045-2322 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Nature Portfolio |
| record_format | Article |
| series | Scientific Reports |
| spelling | doaj-art-d0945153c9a34012b33f91cd4b23cde82025-08-20T03:05:27ZengNature PortfolioScientific Reports2045-23222025-07-0115111810.1038/s41598-025-13397-2A novel encrypted traffic detection model based on detachable convolutional GCN-LSTMXiaogang Yuan0Jianxin Wan1Dezhi An2Huan Pei3School of Cyber Security, Gansu University of Political Science and LawSchool of Cyber Security, Gansu University of Political Science and LawSchool of Cyber Security, Gansu University of Political Science and LawSchool of Cyber Security, Gansu University of Political Science and LawAbstract With the widespread adoption of network encryption technologies, traditional detection methods increasingly struggle to identify malicious encrypted traffic due to their limited ability to capture structural and behavioral characteristics. To address this issue, this paper proposes a Detachable Convolutional GCN-LSTM (DC-GL) model. The proposed model constructs graph-structured data by integrating protocol-layer features and traffic statistical features extracted from encrypted flows. A Graph Convolutional Network (GCN) is employed to capture structural dependencies among nodes, while a Long Short-Term Memory (LSTM) network models the temporal dynamics of traffic behavior. To improve computational efficiency and feature extraction performance, detachable convolution is introduced into the GCN layers. In addition, an attention mechanism is incorporated to enhance the representation of critical features. Experimental results demonstrate that the DC-GL model outperforms several mainstream approaches in terms of accuracy, recall, and other key metrics, while also exhibiting faster convergence and greater robustness. These results suggest that DC-GL offers an effective and promising approach for malicious encrypted traffic detection.https://doi.org/10.1038/s41598-025-13397-2Malicious encrypted trafficIntrusion detectionDetachable convolutionGraph neural networkAttention mechanism |
| spellingShingle | Xiaogang Yuan Jianxin Wan Dezhi An Huan Pei A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM Scientific Reports Malicious encrypted traffic Intrusion detection Detachable convolution Graph neural network Attention mechanism |
| title | A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM |
| title_full | A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM |
| title_fullStr | A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM |
| title_full_unstemmed | A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM |
| title_short | A novel encrypted traffic detection model based on detachable convolutional GCN-LSTM |
| title_sort | novel encrypted traffic detection model based on detachable convolutional gcn lstm |
| topic | Malicious encrypted traffic Intrusion detection Detachable convolution Graph neural network Attention mechanism |
| url | https://doi.org/10.1038/s41598-025-13397-2 |
| work_keys_str_mv | AT xiaogangyuan anovelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT jianxinwan anovelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT dezhian anovelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT huanpei anovelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT xiaogangyuan novelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT jianxinwan novelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT dezhian novelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm AT huanpei novelencryptedtrafficdetectionmodelbasedondetachableconvolutionalgcnlstm |