Research on encrypted malicious traffic detection in power information interaction: application of the electricity multi-granularity flow representation learning approach

Research on encrypted malicious traffic detection in power information interaction: application of the electricity multi-granularity flow representation learning approach

Abstract With the rapid digital transformation of power systems, encrypted communication technologies are increasingly adopted to enhance data privacy and security. However, this trend also creates potential covert channels for malicious traffic, making the detection of encrypted malicious traffic a...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhifu Wu, Xianfu Zhou, Xindai Lu, Liqiang Yang, Siqi Shen, Dong Yan
Format: Article
Language:English
Published: Nature Portfolio 2025-05-01
Series:Scientific Reports
Subjects:
Crypto malicious traffic detection
Multi-granularity representation learning
Power systems
Network security
Information interaction
Online Access:https://doi.org/10.1038/s41598-025-02565-z
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract With the rapid digital transformation of power systems, encrypted communication technologies are increasingly adopted to enhance data privacy and security. However, this trend also creates potential covert channels for malicious traffic, making the detection of encrypted malicious traffic a critical challenge. Current detection methods often struggle to capture both fine-grained semantic interactions during the TLS handshake and global temporal patterns in traffic behavior, particularly in domain-specific contexts like power systems. This paper proposes the Electricity Multi-Granularity Flow Representation Learning (E-MGFlow) approach to address these issues. E-MGFlow integrates field-level and packet-level granularity analyses, leveraging a multi-head attention mechanism and bidirectional LSTM to effectively capture local semantic details and global traffic dynamics. The method is further optimized for power systems by incorporating device state information and bidirectional communication features. Experimental results on the DataCon dataset and a power information interaction dataset demonstrate that E-MGFlow significantly improves detection performance, achieving 93.64% precision and 93.76% recall with a low false positive rate of 6.52%. The approach offers substantial practical value for securing power system networks against sophisticated cyber threats, ensuring timely detection and defense against potential attacks.
ISSN:2045-2322

Similar Items