Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ Electronicsarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
Electronics
Article . 2025 . Peer-reviewed
License: CC BY
Data sources: Crossref
Claim

GCN-MHA Method for Encrypted Malicious Traffic Detection and Classification

descriptionPublicationkeyboard_double_arrow_right Article 25 Nov 2025 English Publisher:MDPI AGJournal:Electronics, volume 14, page 4,627 (eissn: 2079-9292, Copyright policy )
Authors: Yanan Liu; Suhao Wang; Zheng Zhang; Tianhao Hou; Jipeng Shen; Pengfei Wang; Shuo Qiu; +1 Authors

doi: 10.3390/electronics14234627

GCN-MHA Method for Encrypted Malicious Traffic Detection and Classification

Abstract

Modern network attacks are becoming stealthier and smarter. Attackers use encryption to cover up malicious traffic, which makes it really hard to detect. To solve this problem, this paper introduces a new model called Graph Convolutional Network with Multi-Head Attention (GCN-MHA). The goal of this model is to improve how we find and sort encrypted malicious traffic. First, we turn network traffic into a “graph”—this helps capture its structural and time-related features. Then, our GCN-MHA framework uses graph convolutional layers to learn spatial information. A multi-head attention mechanism helps it focus on the most important features. When tested on the ISCX-VPN2016 dataset, the model achieved an overall high accuracy of 98.79% and a recall rate of 99.24% under six categories of malicious traffic. We also performed cross-validation on two other datasets: USTC-TFC2016 and CIC-Darknet2020. These tests showed that the model has strong generalization ability on different data.

Related Organizations
  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average
gold