Shuqin Cao,Libing Wu,Rui Zhang,Yanjiao Chen,Jianxin Li,Qin Liu

DOI: https://doi.org/10.1109/tvt.2024.3365213

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:As one of the most significant components of Intelligent Transportation Systems (ITS), traffic prediction has gained much popularity given its enormous application value in vehicular communications, traffic management, and traffic control. As such, many traffic prediction models have been proposed. The current methods commonly adopt graph convolution networks (GCNs) to capture spatial correlations. GCN-based approaches mainly focus on pair-wise interactions between road vertices (i.e. dyadic relations). However, the interactions between road vertices are not necessarily dyadic, but also can be high-order (i.e., multivariate relations). Further, few existing works focus on how to mine correlations between different types of traffic data. To this end, we develop STGHCN, a spatial-temporal gated hypergraph convolution network, that not only captures pair-wise and high-order spatial patterns between vertices but also characterizes the type-aware traffic data influences. Specifically, we adopt a spatial gated graph convolution and a hypergraph convolution to explore pair-wise and high-order interactions. More importantly, we design a spatial-temporal aware channel attention mechanism to mine hidden patterns between cross-type traffic features. Extensive experiments conducted on four real-world traffic datasets validate the effectiveness of STGHCN, with STGHCN's MAE, RMSE, and MAPE at between 6.91%-10.00%, 5.42%-8.90%, and 2.54%-5.03% lower than the state-of-the-art methods.

Lu Chen,Tao Zhang,Yuanyuan Ma,Mu Chen

DOI: https://doi.org/10.1109/iist62526.2024.00098

2024-01-01

Abstract:With the increasing complexity, automation, and intelligence of network attacks, new types of attacks are constantly emerging in the network, posing great challenges to network attack detection and timely response based on prior rules. In order to more effectively and accurately identify abnormal traffic, a network abnormal traffic detection algorithm based on improved convolutional neural networks is proposed. The algorithm first inputs the key features of traffic anomaly monitoring, converts them into color images through visualization technology, extracts higher dimensional features, and then uses neural structure search technology to find a lightweight convolutional network structure with high accuracy and less time consumption. The optimal model is used to output the type of traffic anomaly. The results indicate that the algorithm has a higher accuracy and the shortest classification time for a single image.

Xiao Qi,Yongcai Wang,Yuexuan Wang,Liwen Xu

DOI: https://doi.org/10.1109/INFOCOM.2014.6848054

2014-01-01

Abstract:Compressive sensing over graphs has recently attracted great research attentions, which takes limited number end-to-end measurements along paths (walks) to recover sparse vectors representing link/node properties. Unlike traditional compressive sensing, the along-path measurements rule out the freedom of random sampling, which introduces path constraints to the measurement matrix. The constraint makes explicit analysis of recovery performance difficult Only for undirected graphs, early results showed that O(klog(n)) end-to-end measurements taken by random walks are sufficient to recover k-sparse edge vector. However, the problem becomes more difficult when directed graphs are considered, because of the easy state absorbing and the difficulty of evaluating the stationary distribution. But digraphs inherently model many network systems. In this paper, particularly for strongly connected digraphs with low node degrees, we presents bounds for the stationary distribution of random walks, and present deliberative proofs which put forward that O(klog(n)) path measurements are sufficient to recover k-sparse edge vectors. Further more, because urban road networks are exactly strongly connected, low degree digraphs, we designed efficient recovery methods to estimate road delays by a small number of probing cars. Although the road delay vector is actually not sparse, we leverage the empirical non-congested road delays as references and develop an algorithm which divide the problem to iteratively recover several k-sparse vectors. Simulation results show that when less than 10% edges are congested, more than 90% congestion states can be recovered correctly by 10% measurements.

Juan Zheng,Zhiyong Zeng,Tao Feng

DOI: https://doi.org/10.1155/2022/4274139

IF: 1.968

2022-01-22

Security and Communication Networks

Abstract:Encrypted network traffic is the principal foundation of secure network communication, and it can help ensure the privacy and integrity of confidential information. However, it hides the characteristics of the data, increases the difficulty of detecting malicious traffic, and protects such malicious behavior. Therefore, encryption alone cannot fundamentally guarantee information security. It is also necessary to monitor traffic to detect malicious actions. At present, the more commonly used traffic classification methods are the method based on statistical features and the method based on graphs. However, these two methods are not always reliable when they are applied to the problem of encrypted malicious traffic detection due to their limitations. The former only focuses on the internal information of the network flow itself and ignores the external connections between the network flows. The latter is just the opposite. This paper proposes an encrypted malicious traffic detection method based on a graph convolutional network (GCN) called GCN-ETA, which considers the statistical features (internal information) of network flows and the structural information (external connections) between them. GCN-ETA consists of two parts: a feature extractor that uses an improved GCN and a classifier that uses a decision tree. Improving on the traditional GCN, the effect and speed of encrypted malicious traffic detection can be effectively improved and the deployment of the detection model in the real environment is increased, which provides a reference for the application of GCN in similar scenarios. This method has achieved excellent performance in experiments using real-world encrypted network traffic data for malicious traffic detection, with the accuracy, AUC, and F1-score exceeding 98% and more than 1,300 flows detected per second.

computer science, information systems,telecommunications

Shuang Mo,Yifei Wang,Ding Xiao,Wenrui Wu,Shaohua Fan,Chuan Shi

DOI: https://doi.org/10.1007/978-3-030-65390-3_17

2020-01-01

Abstract:Traffic classification plays a vital role in the field of network management and network security. Because of the continuous evolution of new applications and services and the widespread use of encrypted communication technologies, it has become a difficult task. In this paper, we study the classification of encrypted traffic, where the purpose is to firstly distinguish betweenVirtual Private Networks (VPN) and regular encrypted traffic, and then classify the traffic into different traffic categories, such as file, email, etc. The available information in encrypted traffic classification is composed of two parts: the complex traffic-level features and the diverse network-side behaviors. To fully utilize these two parts of information, we propose an approach, called Encrypted Traffic Classification using Graph Convolutional Networks (ETC-GCN), which incorporates traffic-level characteristics with convolutional neural networks (CNN) and network-wide behavior with graph convolutional networks (GCN) in the communication network. We compare the proposed approach with existing start-of-the-art methods on four experiment scenarios, and the results demonstrate that ETC-GCN can improve the classification performance by considering the information of neighbor endpoints that communicated, and the internal features of the traffic together.

Bo Pang,Yongquan Fu,Siyuan Ren,Ye Wang,Qing Liao,Yan Jia

DOI: https://doi.org/10.48550/arXiv.2110.09726

IF: 5.414

2021-10-19

Machine Learning

Abstract:Traffic classification associates packet streams with known application labels, which is vital for network security and network management. With the rise of NAT, port dynamics, and encrypted traffic, it is increasingly challenging to obtain unified traffic features for accurate classification. Many state-of-the-art traffic classifiers automatically extract features from the packet stream based on deep learning models such as convolution networks. Unfortunately, the compositional and causal relationships between packets are not well extracted in these deep learning models, which affects both prediction accuracy and generalization on different traffic types. In this paper, we present a chained graph model on the packet stream to keep the chained compositional sequence. Next, we propose CGNN, a graph neural network based traffic classification method, which builds a graph classifier over automatically extracted features over the chained graph. Extensive evaluation over real-world traffic data sets, including normal, encrypted and malicious labels, show that, CGNN improves the prediction accuracy by 23\% to 29\% for application classification, by 2\% to 37\% for malicious traffic classification, and reaches the same accuracy level for encrypted traffic classification. CGNN is quite robust in terms of the recall and precision metrics. We have extensively evaluated the parameter sensitivity of CGNN, which yields optimized parameters that are quite effective for traffic classification.

JiuJin Wang,Xu Gu,Xiangzhan Yu

DOI: https://doi.org/10.1145/3444370.3444615

2020-01-01

Abstract:The amount of compressed data in network traffic is gradually increasing. Such traffic effectively reduces the transmission time and improves the data transmission efficiency in the network, but it poses a challenge to the existing network traffic identification mechanism. At present, the identification method used for the compression traffic is often used to recover the complete compressed data for content identification. However, this method takes a lot of time to restore the complete compressed data and subsequent content matching.

Boyu Sun,Wenyuan Yang,Mengqi Yan,Dehao Wu,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/ipccc50635.2020.9391542

2020-01-01

Abstract:The increase in the source and size of encrypted network traffic brings significant challenges for network traffic analysis. The challenging problem in the encrypted traffic classification field is obtaining high classification accuracy with small number of labeled samples. To solve this problem, we propose a novel encryption traffic classification method that learns the feature representation from the traffic structure and the traffic flow data in this paper. We construct a K-Nearest Neighbor (KNN) traffic graph to represent the structure of traffic data, which contains more similarity information about the traffic. We utilize a two-layer Graph Convolutional Network (GCN) architecture for flows feature extraction and encrypted traffic classification. We further use the autoencoder to learn the representation of the flow data itself and integrate it into the GCN-learned representation to form a more complete feature representation. The proposed method leverages the benefits of the GCN and the autoencoder, which can obtain higher classification performance with only very few labeled data. The experimental results on two public datasets demonstrate that our method achieves impressive results compared to the state-of-the-art competitors.

Jingwei Zheng,Dagang Li

DOI: https://doi.org/10.1109/ICC.2019.8761115

2019-01-01

Abstract:For machine-learning-based network traffic classification, we usually need large number of correctly labeled samples (ground truth) for model-training to get high accuracy. However in practical environments obtaining ground truth may betime-consuming and needs massive manual work, so achieving higher accuracy at low labeling rate is still a tricky problem. In this paper we propose a novel Graph Convolutional Network (GCN) based network traffic classification method named GCN-TC. We combine the traffic trace graph with statistical features in GCN model-training, so as to take advantage of both of them to achieve higher classification accuracy with very few labeled data. Experiment results show that the proposed model achieves the best performance with 13 % higher in F1-score and 7.7 % higher in accuracy than the best method ofthe rest.

Min Lu,Bin Zhou,Zhiyong Bu,Kecheng Zhang,Zhenhua Ling

DOI: https://doi.org/10.1109/wcnc49053.2021.9417340

2021-01-01

Abstract:Accurate traffic classification is critical for network QoS provisioning and cyberspace security. Recently, classifying different traffic using convolutional neural networks (CNN) has achieved high accuracy. However, these large CNN models have millions of parameters, which are not suitable for edge computing hardware deployment. In this work, we propose a compressed network in network (NIN) model for traffic identification. A stepwise pruning and knowledge distillation (KD) is designed for training the compressed model, which aims at reducing storage and computing resources. Our method is validated with the public ISCX VPN-nonVPN traffic dataset. Experimental results show that without degrading classification accuracy, our minimum model can save more than 50% of the number of parameters and 30% of the computation time comparing with the uncompressed NIN model. The test set average F1 score of 0.9805 of the minimum model is higher than that of the state-of-the-art model, which is a CNN model.

Jianjin ZHAO,Qi LI,Shengli LIU,Yanqing YANG,Yueping HONG

DOI: https://doi.org/10.1360/ssi-2021-0280

2022-01-01

Abstract:As an important direction for the evolution of next-generation wireless communication technology, 6G will comprehensively promote the wave of economic and social digitization. Services carried by 6G network will rely heavily on the sharing and processing of massive amounts of data between entities, data security is therefore of great importance. Currently, most network applications utilize SSL/TLS protocols to ensure the confidentiality and security of network communications, while encryption mechanism also brings huge challenges to network security supervision. Though encrypted malicious traffic detection in traditional networks has become a research hotspot, existing technologies cannot be directly applied in 6G networks. In a 6G network with massive, instant and unlimited communications between heterogeneous terminals, network communication behavior patterns are much more diversified, which makes the boundary between normal traffic and malicious traffic more blurred in 6G networks than in traditional networks. Existing studies either analyze encrypted traffic in isolation or aggregation, while they all ignore the rich correlations among encrypted traffic. To this end, we propose an encrypted malicious traffic detection framework based on the graph neural network towards the network security problem of future 6G networks, ET-RSGAT. First, considering the characteristics of super high speed and super large connection of 6G network, we design a simple feature extraction method of encrypted traffic: extracting the TLS handshake raw bytes and TLS record length sequence for one single encrypted session. Second, in view of the correlations of large numbers of heterogeneous terminals and the coexistence of multi-source heterogeneous data communication in 6G networks, we analyze the correlations between encrypted sessions from 2 aspects, which are service correlations and communication behavior correlations. Then we construct an encrypted traffic graph, named ETG. On the basis of ETG, we introduce a graph attention network to utilize the correlations between encrypted sessions to enrich the feature representation of nodes. With rich representation, we build the detection model based on a multi-layer perceptron to identify threats. Considering that the simulation environment of 6G networks is immature, we deploy a variety of heterogeneous terminal nodes and run various network services to simulate the 6G communication scenario, and design related experiments for the interconnection of many heterogeneous terminals in 6G networks. The evaluation and experimental results show that our method can obtain satisfactory detection results in both traditional network and simulated environment datasets.

Guangwu Hu,Xi Xiao,Meng Shen,Bin Zhang,Xia Yan,Yunxia Liu

DOI: https://doi.org/10.1016/j.engappai.2023.106531

IF: 8

2023-01-01

Engineering Applications of Artificial Intelligence

Abstract:Network traffic classification is the fundamental and vital function for network management, network security and so on. With the traffic scenarios becoming more and more complex, current commonly used practices, e.g., port-based and payload-based classification methods, can hardly work. Even though the new emerging resorts, i.e., machine learning or deep learning methods, have increased classification accuracy, the performance is still under improvement. To improve the classification accuracy and performance, we propose a novel Graph Neural Network (GNN) based Traffic Classification proposal named TCGNN considering the insight of observing packets from a graph aspect. TCGNN first transforms each network packet into an undirected graph. Then it adopts a two-layer graph convolutional network with three different aggregation strategies so as to learn the latent application representation from the packet-transformed graph. Finally, relying on GNN’s powerful ability in learning graph representation, TCGNN can identify unknown network packets with an extremely high accuracy rate. Extensive experiments on two real-world traffic classification datasets demonstrate the superior effectiveness of TCGNN over the existing packet-grained traffic classification methods.

Tanzeela Altaf,Xu Wang,Wei Ni,Guangsheng Yu,Ren Ping Liu,Robin Braun

DOI: https://doi.org/10.3390/electronics13122274

IF: 2.9

2024-06-11

Electronics

Abstract:This research introduces a novel framework utilizing a sequential gated graph convolutional neural network (GGCN) designed specifically for botnet detection within Internet of Things (IoT) network environments. By capitalizing on the strengths of graph neural networks (GNNs) to represent network traffic as complex graph structures, our approach adeptly handles the temporal dynamics inherent to botnet attacks. Key to our approach is the development of a time-stamped multi-edge graph structure that uncovers subtle temporal patterns and hidden relationships in network flows, critical for recognizing botnet behaviors. Moreover, our sequential graph learning framework incorporates time-sequenced edges and multi-edged structures into a two-layered gated graph model, which is optimized with specialized message-passing layers and aggregation functions to address the challenges of time-series traffic data effectively. Our comparative analysis with the state of the art reveals that our sequential gated graph convolutional neural network achieves substantial improvements in detecting IoT botnets. The proposed GGCN model consistently outperforms the conventional model, achieving improvements in accuracy ranging from marginal to substantial—0.01% for BoT IoT and up to 25% for Mirai. Moreover, our empirical analysis underscores the GGCN's enhanced capabilities, particularly in binary classification tasks, on imbalanced datasets. These findings highlight the model's ability to effectively navigate and manage the varying complexity and characteristics of IoT security threats across different datasets.

engineering, electrical & electronic,physics, applied,computer science, information systems

Tangda Yu,Futai Zou,Linsen Li,Ping Yi

DOI: https://doi.org/10.1109/cyberc.2019.00020

2019-01-01

Abstract:In recent years, with the widespread use of encrypted traffic communication technology, network traffic encryption has been gradually becoming a standard of communication. This phenomenon has a great impact on traditional traffic detection methods, especially on anomaly detection methods, which are highly dependent on the type of network protocol types and traffic data. By surveying the existing encrypted traffic classification and analyzing these methods, we found that there are two main methods for detection: payload-based detection and feature-based detection. On this basis, this paper puts forward an Encrypted Malicious Traffic Detection System which is based on multi-AEs(Autoencoder). We use malicious sandbox for traffic data collection, mark malicious flow and normal flow with labels. After that, we use multilayer networks of AEs for feature extraction and training classifier model. Our system analyzes the feature of cryptographic protocol from handshake phase to Authentication phase on the basis of existing research, and we extract the traffic feature for a better classification by further expanding flow feature vector to the higher dimensions. In addition, we compared the performance of our model with the traditional learning model under the same environment. The experimental results showed that our system had higher detection accuracy and lower loss rate. We also studied the influence of dataset imbalance on results in the detection of encrypted traffic by several experiments. According to the experimental evaluation, dataset imbalance will lead to the decrease of positive rate.

Zitong Hu,Bo Qu,Xiang Li,Cong Li

DOI: https://doi.org/10.1007/978-981-97-5101-3_21

2024-01-01

Abstract:The exponential increase in encrypted traffic presents significant challenges to conventional traffic classification methodologies. The integration of deep learning and time series analysis has emerged as a contemporary approach, but the crucial higher interaction information among encrypted traffic packets is often neglected. Based on the fact that distinct categories of encrypted traffic manifest unique spatial structures and temporal patterns, we introduce a novel deep learning framework, termed Higher-Interaction-Graph encrypted classifier (HIGEC). This framework employs graph convolutional networks (GCN) and higher interaction information among packets for the precise classification of encrypted traffic flows. Initially, our approach incorporates a newly designed module that leverages metadata to transform each encrypted traffic flow into a graph structure, preserving the temporal information and spatial structure between packets. Subsequently, we introduce an advanced graph pooling and merge layer atop the GCN architecture that dynamically derives multi-order graph representations, augmenting our adaptability to diverse network environments. Meanwhile, we propose a new encrypted traffic dataset that addresses the inherent limitations of currently available public datasets to validate the effectiveness of our model. Comprehensive testing on our proposed dataset and two more public real-world datasets demonstrates that the HIGEC model significantly enhances accuracy, outperforming existing state-of-the-art methods.

Zhuoqun Fu,Mingxuan Liu,Yue Qin,Jia Zhang,Yuan Zou,Qilei Yin,Qi Li,Haixin Duan

DOI: https://doi.org/10.1145/3545948.3545983

2022-01-01

Abstract:Malicious activities on the Internet continue to grow in volume and damage, posing a serious risk to society. Malware with remote control capabilities is considered one of the most threatening malicious activities, as it can enable arbitrary types of cyber-attacks. As a countermeasure, many malware detection methods are proposed to identify malicious behaviours based on traffic characteristics. However, the emerging encryption and evasion techniques pose substantial barriers to the full exploitation of network information. This significantly impairs the effectiveness of existing malware detection methods relying on a singular type of characteristics. In this paper, we propose ST-Graph to resolve this issue. In addition to traditional stream attributes, ST-Graph explores spatial and temporal characteristics of network behaviours based on a graph representation learning algorithm and integrates all available information to boost the detection decision. To illustrate the effectiveness of ST-Graph, we evaluate it on two datasets. Experimental results demonstrate that ST-Graph outperforms state-of-the-art malware detection systems and also shows good performance in efficiency, generalizability, and robustness. Specifically, it achieves over 99% precision and recall, and its False Positive Rate is even two orders of magnitude lower than (nearly 0.02 times) that of baseline models. Meanwhile, the deployment of ST-Graph in two real network scenarios for around one year shows an outstanding efficiency with only 160 seconds time cost for 5-minute traffic in 1.7 Gbps bandwidth.

In-Su Jung,Yu-Rae Song,Lelisa Adeba Jilcha,Deuk-Hun Kim,Sun-Young Im,Shin-Woo Shim,Young-Hwan Kim,Jin Kwak

DOI: https://doi.org/10.3390/sym16060733

2024-06-13

Symmetry

Abstract:With the continuously growing requirement for encryption in network environments, web browsers are increasingly employing hypertext transfer protocol security. Despite the increase in encrypted malicious network traffic, the encryption itself limits the data accessible for analyzing such behavior. To mitigate this, several studies have examined encrypted network traffic by analyzing metadata and payload bytes. Recent studies have furthered this approach, utilizing graph neural networks to analyze the structural data patterns within malicious encrypted traffic. This study proposed an enhanced encrypted traffic analysis leveraging graph neural networks which can model the symmetric or asymmetric spatial relations between nodes in the traffic network and optimized feature dimensionality reduction. It classified malicious network traffic by leveraging key features, including the IP address, port, CipherSuite, MessageLen, and JA3 features within the transport-layer-security session data, and then analyzed the correlation between normal and malicious network traffic data. The proposed approach outperformed previous models in terms of efficiency, using fewer features while maintaining a high accuracy rate of 99.5%. This demonstrates its research value as it can classify malicious network traffic with a high accuracy based on fewer features.

multidisciplinary sciences

Dawen Xia,Yuce Ao,Xiaoduo Wei,Yunsong Li,Yan Chen,Yang Hu,Yantao Li,Huaqing Li

DOI: https://doi.org/10.1007/s11042-024-19479-z

IF: 2.577

2024-06-16

Multimedia Tools and Applications

Abstract:Accurate traffic flow prediction is essential to address traffic issues and assist traffic managers make informed decisions in intelligent transportation systems. Extracting potential features from traffic data is challenging due to the complex topology of urban road networks and the time-varying traffic flow. To capture the global spatiotemporal characteristics of traffic flow, we propose a novel model based on graph convolutional networks with a parallel attention network and stacked gated recurrent units (PAGCN-SGRU). First, the parallel attention (PA) network enhances the feature representation of global traffic road nodes and road segments. Then, the graph convolutional networks (GCN) are designed to extract spatial characteristics. Next, the stacked gate recurrent units (SGRU) are employed to capture temporal features. Finally, PAGCN-SGRU discovers global spatiotemporal features for traffic flow prediction. The experimental results demonstrate that the accuracy of PAGCN-SGRU under the SZ-dataset is improved by 9.76 , 72.54 , 5.76 , 16.07 , 2.07 , 1.82 , 3.35 , and 6.59 , respectively, compared to that of HA, ARIMA, SVR, GCN, T-GCN, A3T-GCN, ST-GCN, and DCRNN. In the Los-dataset, the accuracy values increase by 7.11 , 8.94 , 6.66 , 7.77 , 3.43 , 2.45 , 2.28 , and 4.09 , respectively.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Zhewei Liang,Jingyi Wang,Shuliang Ren,Yin Yu,Qingfeng Guan

DOI: https://doi.org/10.1111/tgis.13022

IF: 2.568

2023-01-31

Transactions in GIS

Abstract:A non‐recurrent road traffic anomaly refers to a sudden change in the capacity of a road segment, which deviates from the general traffic patterns, and is usually caused by abnormal traffic events such as traffic accidents and unexpected road maintenance. Timely and accurate detection of non‐recurrent road traffic anomalies facilitates immediate handling to reduce the wastage of resources and the risk of secondary accidents. Compared with other types of traffic anomaly detection methods, prediction algorithms are suitable for detecting non‐recurrent anomalies for their potential ability to distinguish non‐recurrent anomalies from recurrent congestion (e.g., rush hours). A typical prediction algorithm detects an anomaly when the difference between the predicted traffic parameter (i.e., speed) and the actual one is greater than a threshold. However, the subjective setting of thresholds in many prediction algorithms greatly affects the detection performance. This study proposes a novel framework for non‐recurrent road traffic anomaly detection (NRRTAD). The temporal graph convolutional network (T‐GCN) model acts as the predictor to learn the general traffic patterns of road segments by capturing both the topological effects and temporal patterns of traffic flows, and to predict the "normal" traffic speeds. The hierarchical time memory detector (HTM‐detector) algorithm acts as the detector to evaluate the differences between the predicted speeds and the actual speeds to detect non‐recurrent anomalies without setting a threshold. In the experiments with traffic datasets of Beijing, NRRTAD outperformed other methods, not only achieving the highest detection rates but also exhibiting higher resilience to noise. The main advantages of NRRTAD are as follows: (1) adopting the T‐GCN with a weighted graph to integrate differentiated connection strengths of multiple types of topological relations between road segments as well as temporal traffic patterns improves the prediction performance; and (2) utilizing a flexible mechanism in the HTM‐detector to adapt to changing stream data not only avoids subjective setting of a threshold, but also improves the accuracy and robustness of anomaly detection.

geography

Pan Wang,Shuhang Li,Feng Ye,Zixuan Wang,Moxuan Zhang

DOI: https://doi.org/10.1109/icc40277.2020.9148946

2020-06-01

Abstract:With the popularity of Deep Learning (DL), researchers have begun to apply DL to tackle with encrypted traffic classification problems. Although these methods can automatically extract traffic features to improve the ability of feature engineering of traditional methods like DPI, a large amount of data is still needed to learn the characteristics of various types of traffic. Therefore, the performance of classification model always significantly depends on the quality of datasets. Nonetheless, the building of datasets is a time-consuming and costly task, especially encrypted traffic. Apparently, it is often more difficult to collect a large amount of traffic samples of those unpopular applications than well-known ones, which often leads to the problem of class imbalance between major and minor encrypted applications in datasets. In this paper, we proposed a novel traffic data augmenting method called PacketCGAN using Conditional GAN, which can control the modes of data to be generated. PacketCGAN exploit the benefit of CGAN to generate specified samples with the input of applications’ types as conditional and thereby achieve data balancing. As a proof of concept, three classical DL models including CNN were adopted to classify four types of encrypted traffic datasets augmented by Random Over Sampling (ROS), SMOTE(Synthetic Minority Over-sampling Techinique), vanilla GAN and PacketCGAN respectively using public datasets. The experimental evaluation results demonstrate that DL based encrypted traffic classifier over our new dataset augmented by PacketCGAN can achieve better performance than the other three in terms of encrypted traffic classification.