Zhong Guan,Chang Liu,Gang Xiong,Zhen Li,Gaopeng Gou

DOI: https://doi.org/10.1016/j.cose.2022.103018

IF: 5.105

2023-01-01

Computers & Security

Abstract:Tor is the most widely used anonymous network which provides anonymity by using proxy nodes to route data. However, many researches have proved that flow correlation attacks can break the anonymity of users’ communication relationships: once attackers have access to the ingress and egress traffic flows at both ends of the network, they will find the specific user who is visiting a monitored Internet service by observing the traffic shape. Existing flow correlation attacks have limited effects because of insufficient traffic shape features, network noise influence and lack of differentiated learning on unrelated flows. In this paper, we propose an improved flow correlation attacking model named FlowTracker which contains four modules: In flow cumulative representation module, raw and normalized cumulative sequences are combined to construct robust traffic shape features. In noise resistant mapping module, stacked auto-encoders are adopted to learn the mapping relationship between related ingress and egress cumulative representations and filter out the network noise. Moreover, we leverage contrast learning in distance optimization module to generate the optimized representation in which difference between unrelated representations is amplified, further reducing the false correlation rate with similar but unrelated flows. Finally, the target flow is reported through a multi-layer decision process in the hierarchical judgment module. We evaluate FlowTracker and other advanced comparison methods on the public and self-built datasets with the more realistic unidirectional setting, experiment results demonstrate that FlowTracker has the highest attacking success rate under general and targeted scenarios, especially when the traffic shape is seriously destroyed by traffic obfuscation.

Jing Tian,Gaopeng Gou,Yangyang Guan,Wei Xia,Gang Xiong,Chang Liu

DOI: https://doi.org/10.1109/IPCCC51483.2021.9679433

2021-01-01

Abstract:Tor is a popular anonymous social network. However, it is also concerned by censors or other malicious attackers. A large body of work examines Tor’s susceptibility to flow correlation attacks. Moreover, the existing methods to defend against such attacks have two inherent drawbacks. One is they will bring high delay to the system, the other is they lack of theoretical basis to prove their effecti...

Hongxin Zhang,Jiaxin Liu,Ying Tang,Gang Xiong

DOI: https://doi.org/10.1109/case48305.2020.9216966

2020-01-01

Abstract:Predicting traffic flow is one of the fundamental issue to smart cities. However it is still challenging in vehicular cyber-physical systems because of ever-increasing urban traffic data. Most previous models for traffic flow prediction suffers the problem with variance error depends on time and location. In this paper, a novel graph convolution network (GCN) approach is proposed for predicting citywide traffic flow. Our key idea is to introduce spatial and temporal attention to the GCN model to lessen the impact of urban data complexity. A framework of flow-based graph convolutional network is established to improve traffic flow prediction while investigating the spatial and temporal correlation of traffic flow. We further propose practical strategies that efficiently learn parameters of the model. Experimental results demonstrate that the proposed approach to traffic flow prediction outperforms state-of-the-art approaches.

Qiumei Cheng,Chunming Wu,Shiying Zhou

DOI: https://doi.org/10.1109/lcomm.2020.3048995

IF: 3.5529

2021-01-01

IEEE Communications Letters

Abstract:The alert correlation process that aggregates computer network security alerts to the same attack scenario provides a coherent view of network status at a higher abstraction level. This letter proposes a framework called Alert-GCN to correlate alerts that belong to the same attack using graph convolutional networks (GCN). The intuition is that the stacked convolutional layers help aggregate alert information from farther neighbors in the alert graph, thus facilitating attack scenario discovery. Alert-GCN first transforms alerts into alert graph with one-hot encoding and then feeds the graph into the GCN to perform node classification. The experimental results indicate that Alert-GCN outperforms traditional classification models in correlating alerts.

Zixuan Chen,Chao Zheng,Zhao Li,Jinqiao Shi,Zeyu Li

DOI: https://doi.org/10.1109/cscwd61410.2024.10580831

2024-01-01

Abstract:Stepping-stones are widely used by attackers to conceal their identities and gain unauthorized access to restricted targets. Numerous strategies have been suggested to identify stepping-stones and counteract evasive behaviors, with flow correlation standing out as the key technique used in many deanonymization methods. Existing attempts to tackle the flow correlation issue rely on long-flow observations and feature-based methods. Yet, these approaches meet substantial limitations in their suitability across diverse scenarios, network noises influence and accuracy, particularly in the stepping-stone environment. In this paper, we introduce an improved flow correlation model, FlowLinker, which aims to resolve these issues. Specifically, we combined multidimensional statistical features and cumulative flow sequences to construct a robust traffic feature. Then, we leveraged the triplet network to produce an optimized representation, amplifying the difference between unrelated representations. Consequently, it significantly reduces the false correlation rate with flows that seem similar but are unrelated. The experiments on real-world datasets from different network environments we collected show that FlowLinker outperforms other state-of-the-art methods with shorter lengths of flow observations.

Xiaobin Tan,Chuang Peng,Peng Xie,Hao Wang,Mengxiang Li,Shuangwu Chen,Cliff Zou

DOI: https://doi.org/10.1109/tifs.2024.3441935

IF: 7.231

2024-08-24

IEEE Transactions on Information Forensics and Security

Abstract:Website fingerprinting has emerged as a prominent topic in the area of network management. However, the proliferation of encrypted network traffic poses new challenges for website fingerprinting. In this paper, we analyze the behavior and correlations among the network flows generated by browsing a webpage and conclude that there exist specific spatio-temporal correlations among these network flows. Based on this finding, we propose the construction of an inter-flow spatio-temporal correlation graph (STCG) to model these correlations. In the STCG, each node represents a flow, with its features capturing the properties of the flow itself, and each edge with a weight vector represents the spatio-temporal correlation between two flows. Subsequently, we propose a graph neural network-based website fingerprinting method (STC-WF) by considering the inter-flow spatio-temporal correlations, in which the Graph Attention Network (GAT) and Self-Attention Graph Pooling (SAGPool) mechanisms are employed to acquire a comprehensive representation of the STCG. To evaluate the performance of STC-WF, we construct a real-world traffic dataset and conduct comprehensive evaluations. The experimental results demonstrate that STC-WF outperforms state-of-the-art methods in terms of accuracy and time consumption.

computer science, theory & methods,engineering, electrical & electronic

Ting-Li Huoh,Yan Luo,Peilong Li,Tong Zhang

DOI: https://doi.org/10.1109/tnsm.2022.3227500

2022-01-01

IEEE Transactions on Network and Service Management

Abstract:Classifying encrypted traffic from emerging applications is important but challenging as many conventional traffic classification approaches are ineffective, thus calling for novel methods for identifying encrypted network flows. Recent machine learning and deep learning-based approaches are severely limited by their feature selection and inherent neural network architecture. More importantly, they overlook the opportunity to capture latent information in the temporal dimension of packets. As network data by nature are of non-Euclidean distance space and carry abundant chronological and temporal relations, we are inspired to utilize geometric deep learning that simultaneously takes into account packet raw bytes, metadata and packet relations for classifying encrypted network traffic. Our proposed graph neural network (GNN) model outperforms the two reference methods, convolutional neural networks (CNN) and recurrent neural networks (RNN) quantitatively as indicated by three metrics: sensitivity, precision and F1 score.

computer science, information systems

Weiguo Zhu,Yongqi Sun,Xintong Yi,Yan Wang

DOI: https://doi.org/10.48550/arXiv.2205.10365

2022-07-17

Abstract:The technology of traffic flow forecasting plays an important role in intelligent transportation systems. Based on graph neural networks and attention mechanisms, most previous works utilize the transformer architecture to discover spatiotemporal dependencies and dynamic relationships. However, they have not considered correlation information among spatiotemporal sequences thoroughly. In this paper, based on the maximal information coefficient, we present two elaborate spatiotemporal representations, spatial correlation information (SCorr) and temporal correlation information (TCorr). Using SCorr, we propose a correlation information-based spatiotemporal network (CorrSTN) that includes a dynamic graph neural network component for integrating correlation information into spatial structure effectively and a multi-head attention component for modeling dynamic temporal dependencies accurately. Utilizing TCorr, we explore the correlation pattern among different periodic data to identify the most relevant data, and then design an efficient data selection scheme to further enhance model performance. The experimental results on the highway traffic flow (PEMS07 and PEMS08) and metro crowd flow (HZME inflow and outflow) datasets demonstrate that CorrSTN outperforms the state-of-the-art methods in terms of predictive performance. In particular, on the HZME (outflow) dataset, our model makes significant improvements compared with the ASTGNN model by 12.7%, 14.4% and 27.4% in the metrics of MAE, RMSE and MAPE, respectively.

Machine Learning,Artificial Intelligence

Zhong Guan,Chang Liu,Gaopeng Gou,Zhen Li,Gang Xiong,Yangyang Ding,Chengshang Hou

DOI: https://doi.org/10.1016/j.comnet.2024.110831

2024-01-01

Abstract:Tor is the most widely used anonymous communication system at present which can anonymize users' network behavior. At the same time, many illegal network activities also appear more frequently with the help of Tor, posing serious challenges for cyberspace security. Therefore, flow fingerprinting and flow correlation analysis methods are put forward to de-anonymize the malicious anonymous behaviors, which utilize external traffic features as the side-channel information. However, the adversary often reduces the ability of above two methods by adding the disturbance to the anonymous traffic. As a countermeasure against the interference, disturbance-resistant analysis methods can effectively identify those adversarial behaviors while knowing how the traffic is modified. However, in real scenarios, it is unrealistic to distinguish between disturbed and nondisturbed anonymous traffic, let alone to have a clear grasp of the disturbing strategy. In this paper, we propose a blind anonymous traffic analysis method called Blind Analyzer based on pattern reconstruction skills in a "masking-generation" manner. Specifically, Blind Analyzer extracts the pattern knowledge from non-disturbed traffic samples by masking and reconstructing them. During the method application, disturbed anonymous traces are processed following the same way, aiming at removing the incremental noise at the masking stage and restoring the original shape at the reconstruction stage. Besides, a conditional discriminator is designed to determine whether the generated sample has obvious class characteristics. Benefited from the proposed method, we can improve the effectiveness of the anonymous network behavior analysis since the disturbed traffic can be restored as normal ones accurately enough. Experiment results on three datasets show that reconstructed traffic samples output by Blind Analyzer are more useful for base analysis models, which improve the corresponding metric values by 11.23% and 6.61% in max for flow fingerprinting and correlation tasks, respectively.

Meng Xiaoyuan,Lang bo,Yanxi Liu,Yuhao Yan

2024-03-25

Abstract:Nowadays, botnets have become one of the major threats to cyber security. The characteristics of botnets are mainly reflected in bots network behavior and their intercommunication relationships. Existing botnet detection methods use flow features or topology features individually, which overlook the other type of feature. This affects model performance. In this paper, we propose a botnet detection model which uses graph convolutional network (GCN) to deeply fuse flow features and topology features for the first time. We construct communication graphs from network traffic and represent nodes with flow features. Due to the imbalance of existing public traffic flow datasets, it is impossible to train a GCN model on these datasets. Therefore, we use a balanced public communication graph dataset to pretrain a GCN model, thereby guaranteeing its capacity for identify topology features. We then feed the communication graph with flow features into the pretrained GCN. The output from the last hidden layer is treated as the fusion of flow and topology features. Additionally, by adjusting the number of layers in the GCN network, the model can effectively detect botnets under both C2 and P2P structures. Validated on the public ISCX2014 dataset, our approach achieves a remarkable recall rate 92.90% and F1-score 92.76% for C2 botnets, alongside recall rate 94.66% and F1-score of 92.35% for P2P botnets. These results not only demonstrate the effectiveness of our method, but also outperform the performance of the currently leading detection models.

Cryptography and Security

Jin Wang,Jianping Wang,Chuan Wu,Kejie Lu,Naijie Gu

DOI: https://doi.org/10.1109/infcom.2011.5934873

2011-04-01

Abstract:Flow untraceability is one critical requirement for anonymous communication with network coding, which prevents malicious attackers with wiretapping and traffic analysis abilities from relating the senders to the receivers, using linear dependency of the received packets. There have recently been proposals advocating encryptions on the Global Encoding Vectors (GEV) of network coding to thwart such attacks [1], [2]. Nevertheless, there has been no exploration of the capability of networking coding itself, to constitute more efficient and effective algorithms which guarantee anonymity. In this paper, we design a novel, simple, and effective linear network coding mechanism (ALNCode) to achieve flow untraceability in a communication network with multiple unicast flows. With solid theoretical analysis, we first show that linear network coding (LNC) can be applied to thwart traffic analysis attacks without the need of encrypting GEVs. Our key idea is to mix multiple flows at their intersection nodes by generating downstream GEVs from the common basis of upstream GEVs belonging to multiple flows, in order to hide the correlation of upstream and downstream GEVs in each flow. We then design a deterministic LNC scheme to implement our idea, by which the downstream GEVs produced are guaranteed to obfuscate their correlation with the corresponding upstream GEVs. We also give extensive theoretical analysis on the intersection probability of GEV bases and the influential factors to the effectiveness of our scheme, as well as the algorithm complexity to support its efficiency.

Junhua Gu,Zhihao Jia,Taotao Cai,Xiangyu Song,Adnan Mahmood

DOI: https://doi.org/10.3390/s23062897

IF: 3.9

2023-03-08

Sensors

Abstract:Modeling complex spatial and temporal dependencies in multivariate time series data is crucial for traffic forecasting. Graph convolutional networks have proved to be effective in predicting multivariate time series. Although a predefined graph structure can help the model converge to good results quickly, it also limits the further improvement of the model due to its stationary state. In addition, current methods may not converge on some datasets due to the graph structure of these datasets being difficult to learn. Motivated by this, we propose a novel model named Dynamic Correlation Graph Convolutional Network (DCGCN) in this paper. The model can construct adjacency matrices from input data using a correlation coefficient; thus, dynamic correlation graph convolution is used for capturing spatial dependencies. Meanwhile, gated temporal convolution is used for modeling temporal dependencies. Finally, we performed extensive experiments to evaluate the performance of our proposed method against ten existing well-recognized baseline methods using two original and four public datasets.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Hansika Weerasena,Prabhat Mishra

DOI: https://doi.org/10.1145/3677034

IF: 2.013

2024-07-10

ACM Journal on Emerging Technologies in Computing Systems

Abstract:Network-on-Chip (NoC) is widely used to facilitate communication between components in sophisticated System-on-Chip (SoC) designs. Security of the on-chip communication is crucial because exploiting any vulnerability in shared NoC would be a goldmine for an attacker that puts the entire computing infrastructure at risk. We investigate the security strength of existing anonymous routing protocols in NoC architectures, making two pivotal contributions. Firstly, we develop and perform a machine learning (ML)-based flow correlation attack on existing anonymous routing techniques in Network-on-Chip (NoC) systems, revealing that they provide only packet-level anonymity. Secondly, we propose a novel, lightweight anonymous routing protocol featuring outbound traffic tunneling and traffic obfuscation. This protocol is designed to provide robust defense against ML-based flow correlation attacks, ensuring both packet-level and flow-level anonymity. Experimental evaluation using both real and synthetic traffic demonstrates that our proposed attack successfully deanonymizes state-of-the-art anonymous routing in NoC architectures with high accuracy (up to 99%) for diverse traffic patterns. It also reveals that our lightweight anonymous routing protocol can defend against ML-based attacks with minor hardware and performance overhead.

engineering, electrical & electronic,computer science, hardware & architecture,nanoscience & nanotechnology

Yajun Ge,Jiannan Wang,Bo Zhang,Fan Peng,Jing Ma,Chenyu Yang,Yue Zhao,Ming Liu

DOI: https://doi.org/10.3390/math12193159

IF: 2.4

2024-10-10

Mathematics

Abstract:Accurate traffic flow prediction in road networks is essential for intelligent transportation systems (ITS). Since traffic data are collected from the road network with spatial topological and time series sequences, the traffic flow prediction is regarded as a spatial–temporal prediction task. With the powerful ability to model the non-Euclidean data, the graph convolutional network (GCN)-based models have become the mainstream framework for traffic forecasting. However, existing GCN-based models either use the manually predefined graph structure to capture the spatial features, ignoring the heterogeneity of road networks, or simply perform 1-D convolution with fixed kernel to capture the temporal dependencies of traffic data, resulting in insufficient long-term temporal feature extraction. To solve those issues, a spatial–temporal correlation constrained dynamic graph convolutional network (STC-DGCN) is proposed for traffic flow forecasting. In STC-DGCN, a spatial–temporal embedding encoder module (STEM) is first constructed to encode the dynamic spatial relationships for road networks at different time steps. Then, a temporal feature encoder module with heterogeneous time series correlation modeling (TFE-HCM) and a spatial feature encoder module with dynamic multi-graph modeling (SFE-DCM) are designed to generate dynamic graph structures for effectively capturing the dynamic spatial and temporal correlations. Finally, a spatial–temporal feature fusion module based on a gating fusion mechanism (STM-GM) is proposed to effectively learn and leverage the inherent spatial–temporal relationships for traffic flow forecasting. Experimental results from three real-world traffic flow datasets demonstrate the superior performance of the proposed STC-DGCN compared with state-of-the-art traffic flow forecasting models.

mathematics

Xiaoheng Deng,Jincai Zhu,Xinjun Pei,Lan Zhang,Zhen Ling,Kaiping Xue

DOI: https://doi.org/10.1109/tnsm.2022.3213807

2022-01-01

IEEE Transactions on Network and Service Management

Abstract:Given the distributed nature of the massively connected “Things” in IoT, IoT networks have been a primary target for cyberattacks. Although machine learning based network intrusion detection systems (NIDS) can effectively detect abnormal network traffic behaviors, most existing approaches are based on a large amount of labeled traffic flow data, which hinders their implementation in the highly dynamic IoT networks with limited labeling. In this paper, we develop a novel Flow Topology based Graph Convolutional Network (FT-GCN) approach for label-limited IoT network intrusion detection. Our main idea is to leverage the underlying traffic flow patterns, $i.e.$ , the flow topological structure, to unlock the full potential of the traffic flow data with limited labeling, where the FT-GCN will be deployed at the edge servers in IoT networks to detect intrusions via software defined network technologies. Specifically, FT-GCN first takes the time correlation of traffic flows into account to construct an interval-constrained traffic graph (ICTG). Besides, a Node-Level Spatial (NLS) attention mechanism is designed to further enhance the key statistical features of traffic flows in ICTG. Finally, the combined representation of statistical flow features and flow topological structure are learned by the cost-effective Topology Adaptive Graph Convolutional Networks (TAGCN) for intrusion identification in IoT networks. Extensive experiments are conducted on three real-world datasets, which demonstrate the effectiveness of the proposed FT-GCN compared to state-of-the-art approaches.

Aniss Maghsoudlou,Oliver Gasser,Ingmar Poese,Anja Feldmann

DOI: https://doi.org/10.1145/3555050.3569135

2022-11-11

Abstract:Knowing customer's interests, e.g. which Video-On-Demand (VoD) or Social Network services they are using, helps telecommunication companies with better network planning to enhance the performance exactly where the customer's interests lie, and also offer the customers relevant commercial packages. However, with the increasing deployment of CDNs by different services, identification, and attribution of the traffic on network-layer information alone becomes a challenge: If multiple services are using the same CDN provider, they cannot be easily distinguished based on IP prefixes alone. Therefore, it is crucial to go beyond pure network-layer information for traffic attribution. In this work, we leverage real-time DNS responses gathered by the clients' default DNS resolvers. Having these DNS responses and correlating them with network-layer headers, we are able to translate CDN-hosted domains to the actual services they belong to. We design a correlation system for this purpose and deploy it at a large European ISP. With our system, we can correlate an average of 81.7% of the traffic with the corresponding services, without any loss on our live data streams. Our correlation results also show that 0.5% of the daily traffic contains malformatted, spamming, or phishing domain names. Moreover, ISPs can correlate the results with their BGP information to find more details about the origin and destination of the traffic. We plan to publish our correlation software for other researchers or network operators to use.

Networking and Internet Architecture

Xiaolin Song,Yuyang Zhao,Jingyu Yang,Cuiling Lan,Wenjun Zeng

DOI: https://doi.org/10.1016/j.neucom.2021.11.037

IF: 6

2022-01-01

Neurocomputing

Abstract:Optical flow estimation is a challenging problem in the field of video analytics yet. Features of different semantics levels in a convolutional neural network (CNN) provide information of different granularity. To exploit such flexible and comprehensive information, we propose a Feature Pyramidal Correlation and Residual Reconstruction Network (FPCR-Net) for optical flow estimation from frame pairs. It consists of two main modules: pyramid correlation mapping and residual reconstruction. The pyramid correlation mapping module takes advantage of the multi-scale correlations of global/local representation by aggregating features of different scales to form a multi-level cost volume. The residual reconstruction module aims at reconstructing the sub-band high-frequency residuals of finer optical flow at each stage. Based on the pyramid correlation mapping, we further propose a correlation-warping-normalization (CWN) module to efficiently exploit the correlation dependency. Furthermore, considering the characteristics of flow warping and alignment, we integrate unsupervised and supervised losses to explore the implicit relevance and explicit constraint. Experimental results show that the proposed network achieves the promising performance for two-frame-based optical flow estimation on the challenging Sintel and KITTI 2012/2015 datasets.

computer science, artificial intelligence

Minghao Jiang,Zhen Li,Peipei Fu,Wei Cai,Mingxin Cui,Gang Xiong,Gaopeng Gou

DOI: https://doi.org/10.1016/j.comnet.2022.109309

IF: 5.493

2022-11-09

Computer Networks

Abstract:Identifying mobile applications (apps) from encrypted network traffic (also known as app fingerprinting) plays an important role in areas like network management, advertising analysis, and quality of service. Existing methods mainly extract traffic features from packet-level information (e.g. packet size sequence) and build up classifiers to obtain good performance. However, the packet-level information suffers from small discrimination for the common traffic across apps (e.g. advertising traffic) and rapidly changing for the traffic before and after apps’ updating. As a result, their performance declines in these two real scenes. In this paper, we propose FG-Net, a novel app fingerprinting based on graph neural network (GNN). FG-Net leverages a novel kind of information: flow-level relationship, which is distinctive between different apps and stable across apps’ versions. We design an information-rich graph structure, named FRG, to embed both raw packet-level information and flow-level relationship of traffic concisely. With FRG, we transfer the problem of mobile encrypted traffic fingerprinting into a task of graph representation learning, and we designed a powerful GNN-based traffic fingerprint learner. We conduct comprehensive experiments on both public and private datasets. The results show the FG-Net outperforms the SOTAs in classifying traffic with about 18% common traffic. Without retraining, FG-Net obtains the most robustness against the updated traffic and increases the accuracy by 5.5% compared with the SOTAs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Menghan Wang,Kun Zhang,Gulin Li,Keping Yang,Luo Si

DOI: https://doi.org/10.48550/arXiv.1912.05977

IF: 5.414

2019-12-12

Machine Learning

Abstract:Graph Convolutional Networks (GCNs) have gained significant developments in representation learning on graphs. However, current GCNs suffer from two common challenges: 1) GCNs are only effective with shallow structures; stacking multiple GCN layers will lead to over-smoothing. 2) GCNs do not scale well with large, dense graphs due to the recursive neighborhood expansion. We generalize the propagation strategies of current GCNs as a \emph{"Sink$\to$Source"} mode, which seems to be an underlying cause of the two challenges. To address these issues intrinsically, in this paper, we study the information propagation mechanism in a \emph{"Source$\to$Sink"} mode. We introduce a new concept "information flow path" that explicitly defines where information originates and how it diffuses. Then a novel framework, namely Flow Graph Network (FlowGN), is proposed to learn node representations. FlowGN is computationally efficient and flexible in propagation strategies. Moreover, FlowGN decouples the layer structure from the information propagation process, removing the interior constraint of applying deep structures in traditional GCNs. Further experiments on public datasets demonstrate the superiority of FlowGN against state-of-the-art GCNs.

Yinxin Bao,Jiashuang Huang,Qinqin Shen,Yang Cao,Weiping Ding,Zhenquan Shi,Quan Shi

DOI: https://doi.org/10.1016/j.engappai.2023.106044

IF: 8

2023-01-01

Engineering Applications of Artificial Intelligence

Abstract:Traffic flow prediction remains an ongoing hot topic in the field of Intelligent Transportation System. The state-of-the-art traffic flow prediction models can effectively extract both spatial and temporal features of traffic flow data, but ignore the correlation and external interference between traffic nodes. To this end, this paper proposes a novel method based on Spatial–Temporal Complex Graph Convolution Network (ST-CGCN) for traffic flow prediction. Specifically, we first constructs the distance matrix, the data correlation matrix, and the comfort measurement matrix according to the geographical locations, the historical data record, and the external interference between traffic nodes. Then, these three matrices are fused into a complex correlation matrix by introducing self-learning dynamic weights to improve the joint modeling ability of spatial–temporal features and external factors. Next, a spatial feature extraction module and a temporal feature extraction module are designed to characterize dynamic spatial–temporal features. The spatial feature extraction module consists of a graph convolution operator with a proposed complex correlation matrix and a residual unit. The temporal feature extraction module consists of a 3D convolution operator and a Long Short-Term Memory (LSTM). Experiments constructed on five real-world datasets demonstrate that the new proposed ST-CGCN is more effective than several existing deep learning based traffic flow prediction models. The key source code and data are available at https://github.com/Bounger2/ST-CGCN .