FlowSpectrum: a concrete characterization scheme of network traffic behavior for anomaly detection

Luming Yang, Shaojing Fu*, Xuyun Zhang, Shize Guo, Yongjun Wang, Chi Yang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

2 Citations (Scopus)


As the 5G rolls out around the world, many edge applications will be deployed by app vendors and accessed by massive end-users. Efficient detection of malicious network behavior is paid more and more attention. The current traffic detection work is still stuck on the analysis of high-dimensional data. It will restrict the improvement of threat monitoring and network governance when facing massive network flows. Characterization of network flows within simple domains is required to simplify the process of network analysis. Traffic characterization is a key task that allows service providers to detect and intercept anomalous traffic, such that high QoS (Quality of Service) and service availability are maintained and spread of malicious content is prevented. Unfortunately, there is still a lack of research on the concrete characterization of network data. Analogous to spectrum, in this paper, we proposed the concept of FlowSpectrum for the first time in order to represent the network flow, concretely. In the FlowSpectrum, network flow is represented as a spectral line rather than the raw data or a feature vector of the network flow. All flows are able to be mapped as spectral lines, and traffic identification is achieved by analyzing the positions of spectral lines. FlowSpectrum can significantly reduce the complexity of network traffic behavior analysis while enhancing the interpretability of detection and facilitating cyberspace behavior management. We designed a neural network structure based on semi-supervised AutoEncoder for decomposition and dimensionality reduction of network flows in FlowSpectrum. The characterization capability of FlowSpectrum is proved by thorough experiments. Moreover, we realized the correspondence between network behaviors and intervals of spectral lines, preliminarily. Generally speaking, FlowSpectrum can provide new ideas for the field of network traffic analysis.

Original languageEnglish
Pages (from-to)2139-2161
Number of pages23
JournalWorld Wide Web
Issue number5
Early online date28 Apr 2022
Publication statusPublished - Sept 2022
Externally publishedYes


  • FlowSpectrum
  • Network flow analysis
  • Anomaly detection
  • Characterization


Dive into the research topics of 'FlowSpectrum: a concrete characterization scheme of network traffic behavior for anomaly detection'. Together they form a unique fingerprint.

Cite this