Multitask Learning for Network Traffic Classification

Traffic classification has various applications in today's Internet, from resource allocation, billing and QoS purposes in ISPs to firewall and malware detection in clients. Classical machine learning algorithms and deep learning models have been widely used to solve the traffic classification task. However, training such models requires a large amount of labeled data. Labeling data is often the most difficult and time-consuming process in building a classifier. To solve this challenge, we reformulate the traffic classification into a multi-task learning framework where bandwidth requirement and duration of a flow are predicted along with the traffic class. The motivation of this approach is twofold: First, bandwidth requirement and duration are useful in many applications, including routing, resource allocation, and QoS provisioning. Second, these two values can be obtained from each flow easily without the need for human labeling or capturing flows in a controlled and isolated environment. We show that with a large amount of easily obtainable data samples for bandwidth and duration prediction tasks, and only a few data samples for the traffic classification task, one can achieve high accuracy. We conduct two experiment with ISCX and QUIC public datasets and show the efficacy of our approach

Multi-view Multi-label Anomaly Network Traffic Classification based on MLP-Mixer Neural Network

Network traffic classification is the basis of many network security applications and has attracted enough attention in the field of cyberspace security. Existing network traffic classification based on convolutional neural networks (CNNs) often emphasizes local patterns of traffic data while ignoring global information associations. In this paper, we propose a MLP-Mixer based multi-view multi-label neural network for network traffic classification. Compared with the existing CNN-based methods, our method adopts the MLP-Mixer structure, which is more in line with the structure of the packet than the conventional convolution operation. In our method, the packet is divided into the packet header and the packet body, together with the flow features of the packet as input from different views. We utilize a multi-label setting to learn different scenarios simultaneously to improve the classification performance by exploiting the correlations between different scenarios. Taking advantage of the above characteristics, we propose an end-to-end network traffic classification method. We conduct experiments on three public datasets, and the experimental results show that our method can achieve superior performance.Comment: 15 pages,6 figure

AutoML4ETC: Automated Neural Architecture Search for Real-World Encrypted Traffic Classification

Deep learning (DL) has been successfully applied to encrypted network traffic classification in experimental settings. However, in production use, it has been shown that a DL classifier's performance inevitably decays over time. Re-training the model on newer datasets has been shown to only partially improve its performance. Manually re-tuning the model architecture to meet the performance expectations on newer datasets is time-consuming and requires domain expertise. We propose AutoML4ETC, a novel tool to automatically design efficient and high-performing neural architectures for encrypted traffic classification. We define a novel, powerful search space tailored specifically for the near real-time classification of encrypted traffic using packet header bytes. We show that with different search strategies over our search space, AutoML4ETC generates neural architectures that outperform the state-of-the-art encrypted traffic classifiers on several datasets, including public benchmark datasets and real-world TLS and QUIC traffic collected from the Orange mobile network. In addition to being more accurate, AutoML4ETC's architectures are significantly more efficient and lighter in terms of the number of parameters. Finally, we make AutoML4ETC publicly available for future research.Comment: 14 pages, 13 figure

Network Traffic Classification Based on External Attention by IP Packet Header

As the emerging services have increasingly strict requirements on quality of service (QoS), such as millisecond network service latency ect., network traffic classification technology is required to assist more advanced network management and monitoring capabilities. So far as we know, the delays of flow-granularity classification methods are difficult to meet the real-time requirements for too long packet-waiting time, whereas the present packet-granularity classification methods may have problems related to privacy protection due to using excessive user payloads. To solve the above problems, we proposed a network traffic classification method only by the IP packet header, which satisfies the requirements of both user's privacy protection and classification performances. We opted to remove the IP address from the header information of the network layer and utilized the remaining 12-byte IP packet header information as input for the model. Additionally, we examined the variations in header value distributions among different categories of network traffic samples. And, the external attention is also introduced to form the online classification framework, which performs well for its low time complexity and strong ability to enhance high-dimensional classification features. The experiments on three open-source datasets show that our average accuracy can reach upon 94.57%, and the classification time is shortened to meet the real-time requirements (0.35ms for a single packet).Comment: 12 pages, 5 figure

Using deep learning to classify community network traffic

Traffic classification is an important aspect of network management. This aspect improves the quality of service, traffic engineering, bandwidth management and internet security. Traffic classification methods continue to evolve due to the ever-changing dynamics of modern computer networks and the traffic they generate. Numerous studies on traffic classification make use of the Machine Learning (ML) and single Deep Learning (DL) models. ML classification models are effective to a certain degree. However, studies have shown they record low prediction and accuracy scores. In contrast, the proliferation of various deep learning techniques has recorded higher accuracy in traffic classification. The Deep Learning models have been successful in identifying encrypted network traffic. Furthermore, DL learns new features without the need to do much feature engineering compared to ML or Traditional methods. Traditional methods are inefficient in meeting the demands of ever-changing requirements of networks and network applications. Traditional methods are unfeasible and costly to maintain as they need constant updates to maintain their accuracy. In this study, we carry out a comparative analysis by adopting an ML model (Support Vector Machine) against the DL Models (Convolutional Neural Networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU to classify encrypted internet traffic collected from a community network. In this study, we performed a comparative analysis by adopting an ML model (Support vector machine). Machine against DL models (Convolutional Neural networks (CNN), Gated Recurrent Unit (GRU) and a hybrid model: CNNGRU) and to classify encrypted internet traffic that was collected from a community network. The results show that DL models tend to generalise better with the dataset in comparison to ML. Among the deep Learning models, the hybrid model outperformed all the other models in terms of accuracy score. However, the model that had the best accuracy rate was not necessarily the one that took the shortest time when it came to prediction speed considering that it was more complex. Support vector machines outperformed the deep learning models in terms of prediction speed

An Effective Cost-Sensitive Convolutional Neural Network for Network Traffic Classification

The volume, and density of computer network traffic are increasing dramatically with the technology advancements, which has led to the emergence of various new protocols. Analyzing the huge data in large business networks has become important for the owners of those networks. As the majority of the developed applications need to guarantee the network services, while some traditional applications may work well enough without a specific service level. Therefore, the performance requirements of future internet traffic will increase to a higher level. Increasing pressure on the performance of computer networks requires addressing several issues, such as maintaining the scalability of new service architectures, establishing control protocols for routing, and distributing information to identified traffic streams. The main concern is flow detection and traffic detection mechanisms to help establish traffic control policies. A cost-sensitive deep learning approach for encrypted traffic classification has been proposed in this research, to confront the effect of the class imbalance problem on the low-frequency traffic data detection. The developed model can attain a high level of performance, particularly for low-frequency traffic data. It outperformed the other traffic classification methods