Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion

Fu Chunhui; Yang Zhi; Guo Yuanbo; Li Yongfei; Jin Shuyuan

doi:10.11959/j.issn.1000-436x.2026075

Chinese

您当前的位置：

首页 >

文章列表页 >

Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion

Papers | 更新时间：2026-05-07

- Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion
- Journal on Communications Vol. 47, Issue 4, Pages: 126-144(2026)
- 作者机构：
  
  1.信息工程大学密码工程学院，河南郑州 450004
  2.海南大学网络空间安全学院，海南海口 570228
  3.中山大学计算机学院，广东广州 510275
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(62472456)
- DOI：10.11959/j.issn.1000-436x.2026075
  CLC： TP393
- Received：31 December 2025，
  
  Revised：2026-03-12，
  
  Accepted：13 March 2026，
  
  Published：20 April 2026
- 稿件说明：
移动端阅览
付春辉,杨智,郭渊博等.基于时序双模特征融合的加密FTP指令细粒度识别方法[J].通信学报,2026,47(04):126-144.

Fu Chunhui,Yang Zhi,Guo Yuanbo,et al.Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion[J].Journal on Communications,2026,47(04):126-144.
付春辉,杨智,郭渊博等.基于时序双模特征融合的加密FTP指令细粒度识别方法[J].通信学报,2026,47(04):126-144. DOI： 10.11959/j.issn.1000-436x.2026075.

Fu Chunhui,Yang Zhi,Guo Yuanbo,et al.Fine-grained recognition method for encrypted FTP commands based on temporal dual-mode feature fusion[J].Journal on Communications,2026,47(04):126-144. DOI： 10.11959/j.issn.1000-436x.2026075.

摘要

针对当前网络流量应用层指令细粒度识别方面存在的不足，提出一种基于时序双模特征融合的加密FTP指令细粒度识别方法，并解决IPsec-ESP加密隧道下的FTP指令识别问题。首先，设计基于加密代理的多约束匹配算法，实现对ESP加密流量的指令级精确标注；然后，构建包含时序双模特征融合的流量分析框架，从宏观流量模式和微观时序动态两个维度提取特征。实验基于加密代理环境获取真实FTP流量数据，实现对24种FTP指令细粒度（响应）的匹配标注和精确识别，并通过5种机器学习模型的对比实验，验证了该方法的有效性。实验结果表明，该方法在加密FTP指令级分类任务中的准确率达95.4%，显著优于传统单模特征方法，为加密网络环境下的应用层流量识别提供新的技术路径。

Abstract

To address deficiencies in fine-grained identification of application-layer commands in network traffic

a fine-grained recognition method for encrypted FTP commands based on temporal dual-modal feature fusion was proposed

solving FTP command identification under IPsec-ESP encrypted tunnels. First

a multi-constraint matching algorithm based on the encrypted proxy was designed to achieve accurate instruction-level annotation of ESP encrypted traffic. Then

a traffic analysis framework with temporal dual-modal feature fusion was constructed to extract features from macroscopic traffic patterns and microscopic temporal dynamics. In experiments

real FTP traffic was obtained in the encrypted proxy environment to realize matching annotation and accurate identification of 24 fine-grained FTP commands (responses). Comparative experiments with five machine learning models verify the effectiveness of the proposed method. The results show that the proposed method achieves 95.4% accuracy in encrypted FTP command-level classification

significantly outperforming traditional single-modal feature methods

providing a new technical approach for application-layer traffic identification in encrypted networks.

关键词

Keywords

references

Cisco . Cisco annual Internet report (2018-2023) [R ] . (2024-12-08) [2025-12-31 ] .

Sharma A , Gupta B B , Singh A K , et al . Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense [J ] . Computers & Security , 2022 , 115 : 102627 .

Talabani H S , Abdul Z K , Mohammed Saleh H M . DNS over HTTPS tunneling detection system based on selected features via ant colony optimization [J ] . Future Internet , 2025 , 17 ( 5 ): 211 .

中国国家互联网应急中心 . 关于国家授时中心遭受美国国家安全局网络攻击事件的技术分析报告 [R ] . (2025-10-19)[2025-12-31 ] .

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) . Technical analysis report on the cyber attack against the National Time Service Center (NTSC) by the national security agency (NSA) [R ] . (2025-10-19) [2025-12-31 ] .

Papadogiannaki E , Ioannidis S . A survey on encrypted network traffic analysis applications, techniques, and countermeasures [J ] . ACM Computing Surveys , 2022 , 54 ( 6 ): 1 - 35 .

Wang P , Chen X J , Ye F , et al . A survey of techniques for mobile service encrypted traffic classification using deep learning [J ] . IEEE Access , 2019 , 7 : 54024 - 54033 .

Catal C , Giray G , Tekinerdogan B . Applications of deep learning for mobile malware detection: a systematic literature review [J ] . Neural Computing and Applications , 2022 , 34 ( 2 ): 1007 - 1032 .

Shen M , Ye K , Liu X T , et al . Machine learning-powered encrypted network traffic analysis: a comprehensive survey [J ] . IEEE Communications Surveys & Tutorials , 2023 , 25 ( 1 ): 791 - 824 .

付钰 , 刘涛涛 , 王坤 , 等 . 基于机器学习的加密流量分类研究综述 [J ] . 通信学报 , 2025 , 46 ( 1 ): 167 - 191 .

Fu Y , Liu T T , Wang K , et al . Survey of research on encrypted traffic classification based on machine learning [J ] . Journal on Communications , 2025 , 46 ( 1 ): 167 - 191 .

Zuo M , Guo C Y , Xu H Y , et al . METC: a hybrid deep learning framework for cross-network encrypted DNS over HTTPS traffic detection and tunnel identification [J ] . Information Fusion , 2025 , 121 : 103125 .

Lin P , Ye K J , Hu Y S , et al . A novel multimodal deep learning framework for encrypted traffic classification [J ] . IEEE/ACM Transactions on Networking , 2023 , 31 ( 3 ): 1369 - 1384 .

Yin J N , Cui L , Hao Z Y , et al . BTRFormer: hierarchical learning of encrypted traffic using a masked autoencoder with block-based traffic representation [C ] // Proceedings of the 2025 IEEE 33rd International Conference on Network Protocols (ICNP) . Piscataway : IEEE Press , 2025 : 1 - 12 .

Najm I A , Saeed A H , Ahmad B A , et al . Enhanced network traffic classification with machine learning algorithms [C ] // Proceedings of the Cognitive Models and Artificial Intelligence Conference . New York : ACM , 2024 : 322 - 327 .

Bagui S S , Mink D , Bagui S C , et al . Introducing UWF-ZeekData22: a comprehensive network traffic dataset based on the MITRE ATT&CK framework [J ] . Data , 2023 , 8 ( 1 ): 18 .

Wang Y P , Yun X C , Zhang Y Z , et al . Rethinking robust and accurate application protocol identification [J ] . Computer Networks , 2017 , 129 : 64 - 78 .

Luo J , Chen Z C , Chen W X , et al . A study on the application of the T5 large language model in encrypted traffic classification [J ] . Peer-to-Peer Networking and Applications , 2025 , 18 : 15 .

Wang Z H , Yang Y , Wang Y J . A survey of encrypted traffic classification: datasets, representation, approaches and future thinking [C ] // Proceedings of the 2024 IEEE/ACIS 24th International Conference on Computer and Information Science (ICIS) . Piscataway : IEEE Press , 2024 : 113 - 120 .

张国敏 , 屠智鑫 , 邢长友 , 等 . 基于对抗样本的流量时序特征混淆方法 [J ] . 信息网络安全 , 2024 , 24 ( 12 ): 1882 - 1895 .

Zhang G M , Tu Z X , Xing C Y , et al . Traffic obfuscation method for temporal features based on adversarial example [J ] . Netinfo Security , 2024 , 24 ( 12 ): 1882 - 1895 .

Seydali M , Khunjush F , Akbari B , et al . CBS: a deep learning approach for encrypted traffic classification with mixed spatio-temporal and statistical features [J ] . IEEE Access , 2023 , 11 : 141674 - 141702 .

Wang W , Zhu M , Wang J L , et al . End-to-end encrypted traffic classification with one-dimensional convolution neural networks [C ] // Proceedings of the 2017 IEEE International Conference on Intelligence and Security Informatics (ISI) . Piscataway : IEEE Press , 2017 : 43 - 48 .

Bu Z Y , Zhou B , Cheng P Y , et al . Encrypted network traffic classification using deep and parallel network-in-network models [J ] . IEEE Access , 2020 , 8 : 132950 - 132959 .

Akbari I , Salahuddin M A , Aniva L , et al . A look behind the curtain: traffic classification in an increasingly encrypted web [J ] . Proceedings of the ACM on Measurement and Analysis of Computing Systems , 2021 , 5 ( 1 ): 1 - 26 .

Chen Z H , Cheng G , Wei Z J , et al . Higher layers, better results: application layer feature engineering in encrypted traffic classification [C ] // Proceedings of International Conference on Wireless Algorithms, Systems, and Applications . Cham : Springer , 2022 : 548 - 556 .

Xu S J , Kong K C , Jin X B , et al . Unveiling traffic paths: Explainable path signature feature-based encrypted traffic classification [J ] . Computers & Security , 2025 , 150 : 104283 .

Kala J , Soukup D . Automated annotation of network traffic with data from Web browser [C ] // Proceedings of 10th Prague Embedded Systems Workshop . Prague : Czech Technical University in Prague , 2022 : 87 - 94 .

Torres J L G , Catania C A , Veas E . Active learning approach to label network traffic datasets [J ] . Journal of Information Security and Applications , 2019 , 49 : 102388 .

Ravi V , Poornima A S . Designing a robust network traffic annotator and classifier using active learning technique [C ] // Proceedings of the 2024 Asia Pacific Conference on Innovation in Technology (APCIT) . Piscataway : IEEE Press , 2024 : 1 - 5 .

Cordero C G , Vasilomanolakis E , Wainakh A , et al . On generating network traffic datasets with synthetic attacks for intrusion detection [J ] . ACM Transactions on Privacy and Security , 2021 , 24 ( 2 ): 1 - 39 .

Heng Y Q , Chandrasekhar V , Andrews J G . UTMobileNetTraffic2021: a labeled public network traffic dataset [J ] . IEEE Networking Letters , 2021 , 3 ( 3 ): 156 - 160 .

Bomma H P . Navigating the challenges of data encryption and compliance regulations: FTP vs SFTP [J ] . International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences , 2021 , 9 ( 5 ): 1 - 6 .

Faouzi J . Time series classification: a review of algorithms and implementations [C ] // Proceedings of Time Series Analysis-Recent Advances, New Perspectives and Applications . London : IntechOpen , 2024 : 298 - 332 .

Dai J B , Xu X L , Gao H H , et al . CMFTC: cross modality fusion efficient multitask encrypt traffic classification in IIoT environment [J ] . IEEE Transactions on Network Science and Engineering , 2023 , 10 ( 6 ): 3989 - 4009 .

Polák M , Sedlák D , Fesl J , et al . Real data center network traffic dataset and analysis [C ] // Proceedings of the 2024 IEEE 13th International Conference on Cloud Networking (CloudNet) . Piscataway : IEEE Press , 2024 : 1 - 5 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Survey on key technologies for native-intelligence-driven spectrum management towards 6G

Enhanced membership inference attack method leveraging data characteristics

Research on network malicious traffic classification based on parallel branch joint coding

Survey of IP geolocation: theory, methods, and innovative applications

Related Author

Wang Xianmei

Ren Yuzheng

Jiang Tianyu

Zhang Haijun

Ma Xu

NIU Jun

SHEN Kuo

WANG Yuecong

Related Institution

Hebei Key Laboratory of Space-Air-Ground Intelligent Communication, University of Science and Technology Beijing

National Computer Network Intrusion Protection Center (University of Chinese Academy of Sciences)

School of Telecommunications Engineering, Xidian University

School of Hangzhou Institute of Technology, Xidian University

School of Cyber Engineering, Xidian University

AI问答

Postal code：100079
Tel：（010）53879206 Email：tmw@bjxintong.com.cn
Technical support is provided by Beijing Founder electronics co., LTD 京ICP备09082226号-64 京公网安备11010602201714号
It is recommended to read the content of this site in Chrome&IE9+. Please switch to extreme mode in browser 360.
Cookies We use cookies to help provide and enhance our service and tailor content. By continuing, you agree to the use of cookies.

⁰