Our Center Makes Progress in Malicious Traffic Detection Technology
With the popularity of encryption technologies such as TLS and VPN, attackers are increasingly using encrypted traffic to hide their malicious activities. Traditional detection methods based on content or interaction patterns are often inadequate when facing evolving new types of attacks and are easily evaded.
To solve this problem, the research team of the Security Department of our center proposed a new unsupervised malicious traffic detection model, BSTS-Net. The model focuses on the relationships between traffic flows, innovatively introduces the concept of traffic microelements, extracts fine-grained interaction patterns from metadata such as packet length, direction, and periodicity, and uses these patterns as key fingerprints for identifying traffic behavior. The BSTS-Net model constructs a traffic microelement space through an optimized siamese neural network, mapping different traffic flows into a vector space that reflects their similarity. On this basis, the model dynamically establishes a baseline for each service and combines it with a reputation mechanism for continuous updates, thereby detecting abnormal traffic that deviates from normal behavior in real time.
Experimental results show that BSTS-Net achieved an F1 score of over 99.6% on multiple large datasets, outperforming existing mainstream methods. Even in simulated adversarial attack scenarios, its performance dropped by only about 1%, demonstrating strong robustness.

BSTS-Net Model Structure Diagram
This research result has been accepted and published by IEEE Transactions on Information Forensics and Security (IEEE TIFS). IEEE TIFS is a top academic journal in the field of cybersecurity, rated as a Class A journal by the China Computer Federation (CCF), with a 2025 Impact Factor of 8.0. The first author of the paper is Fu Hao, a PhD student at our center, and the corresponding author is Senior Engineer Long Chun.
Related Results: H. Fu, D. Sun, J. Wei, W. Wan and C. Long, "Flow Microelement-Driven Traffic Relationship Analysis: Robust Detection of Malicious Encrypted Traffic," in IEEE Transactions on Information Forensics and Security, vol. 20, pp. 10604-10619, 2025, doi: 10.1109/TIFS.2025.3613971.
