Robust Detection of Malicious Encrypted Traffic via Contrastive Learning

Traffic encryption is widely used to protect communication privacy but is increasingly exploited by attackers to conceal malicious activities. Existing malicious encrypted traffic detection methods rely on large amounts of labeled samples for training, limiting their ability to quickly respond to new attacks. These methods also are vulnerable to traffic obfuscation strategies, such as injecting dummy packets. In this paper, we propose SmartDetector, a robust malicious encrypted traffic detection method via contrastive learning. We first propose a novel traffic representation named Semantic Attribute Matrix (SAM), which can effectively distinguish between malicious and benign traffic. We also design a data augmentation method to generate diverse traffic samples, which makes the detection model more robust against different traffic obfuscation strategies. We propose a malicious encrypted traffic classifier that first pre-trains a model via contrastive learning to learn deep representations from unlabeled data, then fine-tunes the model with a supervised classifier to achieve accurate detection even with only a few labeled samples. We conduct extensive experiments with five public datasets to evaluate the performance of SmartDetector. The results demonstrate that it outperforms the state-of-the-art (SOTA) methods in three typical scenarios. Specifically, in the evasion attack detection scenario, SmartDetector achieves an F1 score and AUC above 93%, with average improvements of 19.84% and 18.17% over the SOTA method, respectively.

• Publication year

  2025

• Venue

  IEEE Transactions on Information Forensics and Security

• Publication date

  Unknown publication date

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/TIFS.2025.3560560
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• CICIoV2024: Advancing realistic IDS approaches against DoS and spoofing attack in IoV CAN bus

  2024cited by this paper
• Implementing the principle of least administrative privilege on operating systems: challenges and perspectives

  2024cited by this paper
• Realistic Website Fingerprinting By Augmenting Network Traces

  2023cited by this paper
• Rosetta: Enabling Robust TLS Encrypted Traffic Classification in Diverse Network Environments with TCP-Aware Traffic Augmentation

  2023cited by this paper
• Real-Time Malicious Traffic Detection With Online Isolation Forest Over SD-WAN

  2023cited by this paper
• Point Cloud Analysis for ML-Based Malicious Traffic Detection: Reducing Majorities of False Positive Alarms

  2023cited by this paper
• Network anomaly detection methods in IoT environments via deep learning: A Fair comparison of performance and robustness

  2023cited by this paper
• Machine Learning-Powered Encrypted Network Traffic Analysis: A Comprehensive Survey

  2023influential reference
• An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS (DoH) Attacks

  2022cited by this paper
• XAI Meets Mobile Traffic Classification: Understanding and Improving Multimodal Deep Learning Architectures

  2021cited by this paper
• Understanding and Detecting Mobile Ad Fraud Through the Lens of Invalid Traffic

  2021cited by this paper
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack

  2021influential reference
• Realtime Robust Malicious Traffic Detection via Frequency Domain Analysis

  2021influential reference
• A Two-Layer Deep Learning Method for Android Malware Detection Using Network Traffic

  2020cited by this paper
• A Simple Framework for Contrastive Learning of Visual Representations

  2020influential reference
• Meta-Learning in Neural Networks: A Survey

  2020cited by this paper
• A Method of Few-Shot Network Intrusion Detection Based on Meta-Learning Framework

  2020influential reference
• Detection of DoH Tunnels using Time-series Classification of Encrypted Traffic

  2020cited by this paper
• $Deep-Full-Range$ : A Deep Learning Based Network Encrypted Traffic Classification and Intrusion Detection Framework

  2019influential reference
• Network Traffic-Based Hybrid Malware Detection for Smartphone and Traditional Networked Systems

  2019cited by this paper
• Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning

  2019influential reference
• Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy

  2019cited by this paper
• Network Traffic Behavioral Analytics for Detection of DDoS Attacks

  2019influential reference
• Survey of intrusion detection systems: techniques, datasets and challenges

  2019influential reference
• Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

  2018influential reference
• Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

  2018cited by this paper
• Attention is All you Need

  2017cited by this paper
• Deep Residual Learning for Image Recognition

  2015cited by this paper
• Efficient Estimation of Word Representations in Vector Space

  2013influential reference
• Visualizing Data using t-SNE

  2008cited by this paper
• SSL and TLS: Designing and Building Secure Systems

  2000cited by this paper

• SegSub: Balancing Security and Efficiency for Large-Scale Decentralized Data Subscription in Web3

  2026cites this paper
• CL-ViME: Contrastive Learning and Vision Mixture of Experts for Encrypted Traffic Classification

  2026cites this paper
• A Unified Framework for Robust Encrypted Malicious Traffic Detection in Adverse Environments via Graph Structure Learning

  2026cites this paper
• Enabling Verifiable Keyword Search Over Encrypted Data via Dynamic Version-Aware Indexing

  2026cites this paper
• NFTracker: Fine-Grained NFT Behavior Traffic Identification Over Encrypted Tunnel

  2026cites this paper
• Shaping Multi-Dimensional Traffic Features for Covert Communication in QUIC Streaming

  2025cites this paper
• Next-Packet Prediction with Temporal Transformer Networks: A Non-Contrastive Self-Supervised Approach for AI-Powered Cybersecurity Threat Detection

  2025cites this paper
• Knowledge-Enhanced Zero-Shot Graph Learning-Based Mobile Application Identification

  2025cites this paper
• ESCA: Encrypted Stream Cadence Analysis via Spectral Fingerprinting

  2025cites this paper
• Deep Learning for Adaptive Intrusion Detection in Open-World: A Survey

  2025influential citation
• Toward Robust Encrypted Traffic Detection via Graph Contrastive Learning

  2025influential citation
• Multiview Correlation-Aware Network Traffic Detection on Flow Hypergraph

  2025cites this paper
• ROBY: A Byzantine-Robust and Privacy-Preserving Serverless Federated Learning Framework

  2025cites this paper
• Self-Supervised Learning Meets Custom Autoencoder Classifier: A Semi-Supervised Approach for Encrypted Traffic Anomaly Detection

  2025cites this paper
• Fine-Grained and Class-Incremental Malicious Account Detection in Ethereum via Dynamic Graph Learning

  2025cites this paper
• Connector: Enhancing the Traceability of Decentralized Bridge Applications via Automatic Cross-Chain Transaction Association

  2024cites this paper