Yao Li,Xingshu Chen,Wenyi Tang,Yi Zhu,Zhenhui Han,Yawei Yue

DOI: https://doi.org/10.1016/j.asoc.2024.111423

IF: 8.7

2024-01-01

Applied Soft Computing

Abstract:Accurately classifying encrypted traffic is the indispensable cornerstone for network management and Quality of Service (QoS) improvement. Although existing works that learn from non-interaction features of communication behavior have achieved a satisfactory performance, there still remains an unsolved crux before practical application that current works fail to distinguish different encrypted traffic generated by the same application. Such similar but distinct traffic is widely-existed since applications typically employ similar communication settings and encryption technology for diverse data transmission. To address the above issues, this work proposes that interaction features of communication behavior provide substantial information in terms of traffic classification, while directly leveraging such diversiform interaction information is non-trivial. As a solution, we devise a novel graph structure preserving the information of interactive process, referred to interactive behavior graph, to represent communication behaviors. Specifically, the proposed interactive behavior graph respectively stores the transition status and interaction status of the interactive actions during the interactive process in the edges and vertices with attributes. In addition, a classification model is tailored based on sampling subgraphs, which capture communication behavior patterns from the strong interaction correlation among neighboring interactive actions. Comprehensive experimental results demonstrate the superiority of our method over solid comparisons. Particularly, in distinguishing similar encrypted traffic, our method achieves an accuracy rate exceeding 98%, which outperforms the state-of-the-art methods. Furthermore, we validate the generalizability of our proposed method on two well-known encrypted traffic datasets, attaining an accuracy rate of 94%.

Zhu Hejun,Zhu Liehuang

DOI: https://doi.org/10.1007/s10586-017-1329-y

2016-01-01

Journal of Residuals Science and Technology

Abstract:In order to solve the problem of encrypted traffic identification, the identification method based on dynamic time warping (DTW) and k-nearest neighbor (KNN) for the encrypted network behaviors was proposed. The method took the encrypted Twitter traffic as an example of research, and a large number of encrypted Twitter network behaviors were deeply analyzed, and then the features representing the encrypted network behaviors were extracted, and the specific encrypted network behavior module database based on DTW and KNN were established, and the DTW between the collection data set and the module database were calculated, and then were normalized, and then the encrypted network behaviors were classified by comparing with the preset empirical threshold, and the distance information were also considered by DTW algorithm, at the same time, the influence of TCP retransmission and duplicate ACK packets can be effectively eliminated by the dynamic time warping algorithm. In order to overcome the noise interference of the similar data traffic except the distance information, the similar filtered data packets were classified as the true behavior or the false behavior by KNN algorithm, and then the encrypted network behaviors were identified automatically and in real time, compared with the only correlation coefficient method or only DTW method, the online correct recognition rate by DTW and KNN has been greatly increased and reached to about 93%, and the missed detection rate is almost same with the traditional methods, the experiments and actual project applications showed that the proposed method was effective.

Zhongkai Zhang,Lei Liu,Xudong Lu,Zhongmin Yan,Hui Li

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom51426.2020.00114

2020-01-01

Abstract:With the growing number of the network based applications, the quality and usability of various applications require distinguished requirements in light of network performance. The Internet is a vast network of independently-managed networks. The traffic is heterogeneous and consists of flows from multiple applications. For the sake of Internet governance, identifying who is who has become an impressing demand. The purpose of Internet governance is to properly distinguish the demands across the limited recourse. Traffic classification is the very beginning that helps identify who and how much the application requires. Hence, the classification and identification of encrypted traffic has drawn much research attention. Compare to the traditional methods such as port-based methods and payload-based methods, this study establishes a two-stage traffic classification framework based on convolutional neural network. Experimental results suggest that the developed method has a good degree of traffic classification subject to fewer bytes in the packet.

Hong Huang,Xingxing Zhang,Ye Lu,Ze Li,Shaohua Zhou

DOI: https://doi.org/10.32604/cmc.2024.047918

2024-01-01

Abstract:While encryption technology safeguards the security of network communications, malicious traffic also uses encryption protocols to obscure its malicious behavior. To address the issues of traditional machine learning methods relying on expert experience and the insufficient representation capabilities of existing deep learning methods for encrypted malicious traffic, we propose an encrypted malicious traffic classification method that integrates global semantic features with local spatiotemporal features, called BERT-based Spatio-Temporal Features Network (BSTFNet). At the packet-level granularity, the model captures the global semantic features of packets through the attention mechanism of the Bidirectional Encoder Representations from Transformers (BERT) model. At the byte-level granularity, we initially employ the Bidirectional Gated Recurrent Unit (BiGRU) model to extract temporal features from bytes, followed by the utilization of the Text Convolutional Neural Network (TextCNN) model with multi-sized convolution kernels to extract local multi-receptive field spatial features. The fusion of features from both granularities serves as the ultimate multidimensional representation of malicious traffic. Our approach achieves accuracy and F1-score of 99.39% and 99.40%, respectively, on the publicly available USTC-TFC2016 dataset, and effectively reduces sample confusion within the Neris and Virut categories. The experimental results demonstrate that our method has outstanding representation and classification capabilities for encrypted malicious traffic.

computer science, information systems,materials science, multidisciplinary

Ding Li, Wenzhong Li, Xiaoliang Wang, Cam-Tu Nguyen, Sanglu Lu

DOI: https://doi.org/10.1109/SAHCN.2019.8824928

2019-01-01

Abstract:Despite the increasing popularity of mobile applications and the widespread adoption of encryption techniques, mobile devices are still susceptible to security and privacy risks. In this paper, we propose ActiveTracker, a new type of sniffing attack that can reveal the fine-grained trajectory of user’s mobile app usage from a sniffed encrypted Internet traffic stream. It firstly adopts a sliding window based approach to divide the encrypted traffic stream into a sequence of segments corresponding to different app activities. Then each traffic segment is represented by a normalized temporal-spacial traffic matrix and a traffic spectrum vector. Based on the normalized representation, a deep neural network (DNN) classification algorithm is developed to recognize the crucial activities conducted with different apps by the user. We show by extensive experiments on real-world app usage traffic collected from volunteers that the proposed approach achieves up to 78.5% accuracy in recognizing app trajectory over encrypted traffic streams.

Yuhang Shan,Guang Cheng,Zihan Chen

DOI: https://doi.org/10.1109/msn60784.2023.00128

2023-01-01

Abstract:Smartphones and mobile Internet development have promoted the rise of short video applications. Douyin, the most popular short video application in China, has very complex in-app functions. Due to users’ need for privacy protection, encryption protocols are widely used. But it also makes it difficult to supervise malicious user behaviors. The encrypted traffic of Douyin user behaviors has the characteristics of a small sample and instantaneity. It is easy to be covered by the huge background traffic, which brings challenges to the research of Douyin user behavior identification. To solve this problem, we first proposed an automated method for labeling encrypted traffic of Douyin user behaviors based on multistage packet filtration technology, which can improve labeling efficiency and sample purity. Secondly, we propose a multi-layer identification method to identify Douyin user behaviors. Specifically, we first analyze the global and local characteristics of Douyin traffic to identify user behavior flows. Then, the user behavior flow is segmented into packet subsequences based on the local burstiness of the user behavior traffic. Finally, we extract the features of subsequences to identify Douyin user behaviors. The results can achieve an average of 0.980 precision, 0.966 recall, and 0.971 f1-score.

Ding Li,Wenzhong Li,Xiaoliang Wang,Cam-Tu Nguyen,Sanglu Lu

DOI: https://doi.org/10.1016/j.comnet.2020.107372

IF: 5.493

2020-01-01

Computer Networks

Abstract:Despite the increasing popularity of mobile applications and the widespread adoption of encryption techniques, mobile devices are still susceptible to security and privacy risks. In this paper, we propose ActiveTracker, a new type of sniffing attack that can reveal the fine-grained trajectory of userâs mobile app usage from a sniffed encrypted Internet traffic stream. It firstly adopts a sliding window based approach to divide the encrypted traffic stream into a sequence of segments corresponding to different app activities. Then each traffic segment is represented by a normalized temporal-spacial traffic matrix and a traffic spectrum vector. Based on the normalized representation, a deep neural network (DNN) model which consists of an app filter and an activity classifier is developed to extract comprehensive features from the input and uncover the crucial app usage trajectory conducted by the user. By extensive experiments on real-world app usage traffic collected from volunteers and on our synthetic traffic data, we show that the proposed approach achieves up to 79.65% accuracy in recognizing app trajectory over encrypted traffic streams.

Cong Dong,Chen Zhang,Zhigang Lu,Baoxu Liu,Bo Jiang

DOI: https://doi.org/10.1016/j.comnet.2020.107258

IF: 5.493

2020-01-01

Computer Networks

Abstract:Encrypted traffic classification is of great significance for advanced network services. Though encryption methods seem unbroken in protecting users' privacy, existing studies have demonstrated that with sophisticated designed approaches utilizing the methods of machine learning or deep learning, the traffic can be identified as generated from which application type or even the specific application. However, most of the previous approaches either lack the generalization ability in different tasks or can hardly achieve the precise performance. One of the reasons is that they perform the classification from an incomplete perspective. To our best knowledge, none of which consider combing the payload content and payload statistics for encrypted traffic classification. Hence, in this paper, we propose the comprehensive effective traffic information analytics (CETAnalytics) framework to tackle the problem. Firstly, the comprehensive effective traffic information is specified and the motivation for combing the two aspects of the traffic is introduced. Based on the specification, the CETAnalytics framework utilizing the consolidated information and its devising implementation details are elaborated. Briefly, the implementation is totally built on the neural network for its high flexibility and powerful functionality to integrate the two dimensional analytics. Among the challenges tackled in the implementation, a substructure network Attract designed with the purpose of matching the traffic structure is proposed to realize the payload content analytics, which is one of the highlights of our work. For evaluation, several solid experiments are conducted using three designed tasks originated from the ISCXVPN2016 dataset. The experiment results show that (i) the effectiveness of the framework design for encrypted traffic classification; (ii) our implementation can achieve both high precision and robust generalization performance at the same time.

Xiaodan Gu,Ming Yang,Jiaxuan Fei,Zhen Ling,Junzhou Luo

DOI: https://doi.org/10.1109/cbd.2015.44

2015-01-01

Abstract:Currently, people round the world daily use the Internet to access various services, such as, email and online shopping. However, the behavior-based tracking attacks have posed a considerable threat to users' privacy. Relying on characteristic patterns within the Internet activities, this attack can link a user's multiple sessions which are composed of a period of user's traffic. Once a user's personally identifiable information is disclosed in some session, the attacker can obtain the user's other network activities according to the linked sessions. In this paper, we investigate this behavior-based tracking attack and discuss the possible countermeasures. We preprocess the raw traffic data and then extract features ranging from lower layer network packets to high level application related traffic. Specifically, we focuses on four types of application-level traffic to infer users' habits, including HTTP, IM, Email, and P2P. A Multinomial Naive Bayes Classifier is employed to correlate users' sessions in distinct period. To evaluate the feasibility of our approach, we collect traffic in real-world environment to construct two distinct sizes of datasets. In the first dataset, we have 55 users' traffic during five weeks and the accuracy of our approach could reach 100%. To further illustrate the scalability of this approach, 509 users are selected from the second dataset in terms of the user's active degree. Finally, we can correctly correlate average 85.61% instances. Our extensive empirical experiments demonstrate the effectiveness and efficiency of our approach.

Xiaodong Zang,Tongliang Wang,Xinchang Zhang,Jian Gong,Peng Gao,Guowei Zhang

DOI: https://doi.org/10.1016/j.comnet.2024.110598

IF: 5.493

2024-01-01

Computer Networks

Abstract:The focus on privacy protection has brought much-encrypted network traffic. However, attackers always abuse traffic encryption to conceal malicious behaviors. Although researchers have proposed several enlightening detection methods, they must enhance the generalization ability or improve detection performance. Our inspiration is that the packet header fields, as do the underlying grammatical rules for constructing sentences, have a strict order. We consider the original packet as text and devise a robust approach with natural language processing and a deep learning model to improve the generalization ability and detection performance. We capture the critical keywords as characteristic representations of the traffic and design an adaptive domain generalization algorithm with a new loss function. It is robust against various datasets by generating more malicious samples to augment the minority of malicious samples. Simultaneously, we design an efficient feature selection algorithm, which obtains an optimal feature subset and reduces feature dimensions by 75.3%. To evaluate our work, we conducted extensive experiments with open-source datasets (CICIDS 2017, CICDDoS 2019, and USTC-TFC 2016), the synthetic dataset from IoT-23, and Internet backbone traffic (CERNET). Experimental results demonstrate that our proposal improves detection accuracy by up to 22.8% compared to others not using domain generalization algorithms and achieves an average detection latency of 0.67 s in the backbone. Besides, our work applies to the Industrial Internet of Things (IIoT) environment. It can be deployed at edge nodes to provide network security support for IIoT devices.

Zheng Li,Yanbei Liu,Changqing Zhang,Wanjin Shan,Haifeng Zhang,Xiaoming Zhu

DOI: https://doi.org/10.21203/rs.3.rs-2107276/v1

2022-01-01

Abstract:Abstract Network traffic classification refers to the identification of collected network traffic data of various applications, which is widely used in research fields such as network resource allocation, traffic scheduling and intrusion detection systems. With the widespread application of encryption technology in the network, encrypted traffic classification has become a hot research topic. At present, most existing methods only focus on the accuracy of network traffic classification. Yet, few work studies the reliability of the classification model, which plays an important role in network regulation and network security. In this paper, we propose a novel traffic classification method based on trustworthy deep learning model, which can effectively improve the reliability of encrypted traffic classification models by correcting the confidence of model output. Specifically, we firstly perform data preprocessing on the original network traffic, and then adopt a ConvNet for feature learning and a ClassifyNet for traffic classification in the initial stage. At the same time, we utilize a trustworthy confidence criterion to design a ConfidNet trained according to the probability of the true class. The ConfidNet can provide a reliable confidence measure for the prediction of the classification model. Finally, we demonstrate the effectiveness of our framework through comprehensive experiments on two benchmark datasets ISCX VPN-nonVPN and USTC-TFC2016, and show that our method can improve the reliability of the classification model and has a good ability to identify misclassified samples compared with state-of-the-art methods.

Tangda Yu,Futai Zou,Linsen Li,Ping Yi

DOI: https://doi.org/10.1109/cyberc.2019.00020

2019-01-01

Abstract:In recent years, with the widespread use of encrypted traffic communication technology, network traffic encryption has been gradually becoming a standard of communication. This phenomenon has a great impact on traditional traffic detection methods, especially on anomaly detection methods, which are highly dependent on the type of network protocol types and traffic data. By surveying the existing encrypted traffic classification and analyzing these methods, we found that there are two main methods for detection: payload-based detection and feature-based detection. On this basis, this paper puts forward an Encrypted Malicious Traffic Detection System which is based on multi-AEs(Autoencoder). We use malicious sandbox for traffic data collection, mark malicious flow and normal flow with labels. After that, we use multilayer networks of AEs for feature extraction and training classifier model. Our system analyzes the feature of cryptographic protocol from handshake phase to Authentication phase on the basis of existing research, and we extract the traffic feature for a better classification by further expanding flow feature vector to the higher dimensions. In addition, we compared the performance of our model with the traditional learning model under the same environment. The experimental results showed that our system had higher detection accuracy and lower loss rate. We also studied the influence of dataset imbalance on results in the detection of encrypted traffic by several experiments. According to the experimental evaluation, dataset imbalance will lead to the decrease of positive rate.

Tao Hou,Tao Wang,Zhuo Lu,Yao Liu

DOI: https://doi.org/10.1109/GlobalSIP45357.2019.8969428

2019-01-01

Abstract:Wireless networks nowadays are ubiquitous in our daily life. Due to the open channel nature, wireless networks are vulnerable to eavesdropping attacks. Though wireless conversation can be encrypted against eavesdropping, attackers can still infer a user's activities via traffic analysis on encrypted data. Nevertheless, previous inference methods usually have the limitation that they can only achieve a relatively high accuracy in a specific domain. In this paper, we propose a smart spying strategy that can infer a user's activities of multiple domains with a higher accuracy. We also develop a prototype tool on top of this strategy to conduct experiments. The evaluation results show our strategy works effectively in activity inference on encrypted data, with an accuracy rate as high as 99.17%.

Zitong Hu,Bo Qu,Xiang Li,Cong Li

DOI: https://doi.org/10.1007/978-981-97-5101-3_21

2024-01-01

Abstract:The exponential increase in encrypted traffic presents significant challenges to conventional traffic classification methodologies. The integration of deep learning and time series analysis has emerged as a contemporary approach, but the crucial higher interaction information among encrypted traffic packets is often neglected. Based on the fact that distinct categories of encrypted traffic manifest unique spatial structures and temporal patterns, we introduce a novel deep learning framework, termed Higher-Interaction-Graph encrypted classifier (HIGEC). This framework employs graph convolutional networks (GCN) and higher interaction information among packets for the precise classification of encrypted traffic flows. Initially, our approach incorporates a newly designed module that leverages metadata to transform each encrypted traffic flow into a graph structure, preserving the temporal information and spatial structure between packets. Subsequently, we introduce an advanced graph pooling and merge layer atop the GCN architecture that dynamically derives multi-order graph representations, augmenting our adaptability to diverse network environments. Meanwhile, we propose a new encrypted traffic dataset that addresses the inherent limitations of currently available public datasets to validate the effectiveness of our model. Comprehensive testing on our proposed dataset and two more public real-world datasets demonstrates that the HIGEC model significantly enhances accuracy, outperforming existing state-of-the-art methods.

Tianci Zhou,Yong Zeng,Yitao Chen,Zhihong Liu,Jianfeng Ma

DOI: https://doi.org/10.1109/icc45041.2023.10279018

2023-01-01

Abstract:Recent studies show that the traffic fingerprints constructed by encrypted voice traffic features will uncover users' activities. Current researches have focused on using machine learning models to build traffic fingerprints, however, they pay less attention to the distribution of traffic data. We note that encrypted voice traffic data is bimodal distributed, which is different from other encrypted traffic following Gaussian distribution. It means that present encoding model may destroy the distribution characteristics of encrypted voice traffic data, leading to a decrease in classification accuracy. To ameliorate this issue, our study proposes the combination of Discrete Fourier Transform and Stacked Autoencoder as traffic feature encoding model. The former is able to map the encrypted voice traffic features from bimodal distribution to frequency-domain space while keeping the trend of its features. And the latter can further improve features utilization in classification model. Finally, we achieved 96.08% accuracy on Amazon Echo dataset and 99.53% accuracy on Google Home dataset, which get the SOTA(state of the art) results on both encrypted voice traffic datasets.

Junming Liu,Yanjie Fu,Jingci Ming,Yong Ren,Leilei Sun,Hui Xiong

DOI: https://doi.org/10.1145/3097983.3098049

2017-01-01

Abstract:The mobile in-App service analysis, aiming at classifying mobile internet traffic into different types of service usages, has become a challenging and emergent task for mobile service providers due to the increasing adoption of secure protocols for in-App services. While some efforts have been made for the classification of mobile internet traffic, existing methods rely on complex feature construction and large storage cache, which lead to low processing speed, and thus not practical for online real-time scenarios. To this end, we develop an iterative analyzer for classifying encrypted mobile traffic in a real-time way. Specifically, we first select an optimal set of most discriminative features from raw features extracted from traffic packet sequences by a novel M aximizing I nner activity similarity and M inimizing D ifferent activity similarity (MIMD) measurement. To develop the online analyzer, we first represent a traffic flow with a series of time windows, which are described by the optimal feature vector and are updated iteratively at the packet level. Instead of extracting feature elements from a series of raw traffic packets, our feature elements are updated when a new traffic packet is observed and the storage of raw traffic packets is not required. The time windows generated from the same service usage activity are grouped by our proposed method, namely, recursive time continuity constrained KMeans clustering (rCKC). The feature vectors of cluster centers are then fed into a random forest classifier to identify corresponding service usages. Finally, we provide extensive experiments on real-world Internet traffic data from Wechat, Whatsapp, and Facebook to demonstrate the effectiveness and efficiency of our approach. The results show that the proposed analyzer provides high accuracy in real-world scenarios, and has low storage cache requirement as well as fast processing speed.

Xiuli Ma,Wenbin Zhu,Jieling Wei,Yanliang Jin,Dongsheng Gu,Rui Wang

DOI: https://doi.org/10.1016/j.cose.2023.103175

IF: 5.105

2023-01-01

Computers & Security

Abstract:With the advent of big data, encrypted traffic is widely used, and it is gradually becoming a new challenge for network security and management. Many researchers have obtained good results by converting encrypted traffic into images and feeding them to deep learning-based classification models. However, these methods have some limitations in that they cannot do sustainable learning. They have to retrain a new classifier when new traffic is encountered. To tackle this issue, we propose an extended encrypted traffic classification algorithm based on incremental learning. This approach extracts content and statistical information from encrypted traffic and supports multi-label prediction for VPN channels and applications. We can add new classes to the model without completely retraining and accelerate the update cycle of the model. The results show that the proposed model performs well in classification experiments, which can achieve 98.1% and 96.0% classification accuracy on ISCXVPN2016 and self-collected dataset respectively. In addition, our method can retain high accuracy under the situation of limited memory space while the number of new classes of data increases gradually. It demonstrates the superiority of constructing a generic unforgetting basis for classifying encrypted communication.

In-Su Jung,Yu-Rae Song,Lelisa Adeba Jilcha,Deuk-Hun Kim,Sun-Young Im,Shin-Woo Shim,Young-Hwan Kim,Jin Kwak

DOI: https://doi.org/10.3390/sym16060733

2024-06-13

Symmetry

Abstract:With the continuously growing requirement for encryption in network environments, web browsers are increasingly employing hypertext transfer protocol security. Despite the increase in encrypted malicious network traffic, the encryption itself limits the data accessible for analyzing such behavior. To mitigate this, several studies have examined encrypted network traffic by analyzing metadata and payload bytes. Recent studies have furthered this approach, utilizing graph neural networks to analyze the structural data patterns within malicious encrypted traffic. This study proposed an enhanced encrypted traffic analysis leveraging graph neural networks which can model the symmetric or asymmetric spatial relations between nodes in the traffic network and optimized feature dimensionality reduction. It classified malicious network traffic by leveraging key features, including the IP address, port, CipherSuite, MessageLen, and JA3 features within the transport-layer-security session data, and then analyzed the correlation between normal and malicious network traffic data. The proposed approach outperformed previous models in terms of efficiency, using fewer features while maintaining a high accuracy rate of 99.5%. This demonstrates its research value as it can classify malicious network traffic with a high accuracy based on fewer features.

multidisciplinary sciences

Meng Shen,Yiting Liu,Liehuang Zhu,Ke Xu,Xiaojiang Du,Nadra Guizani

DOI: https://doi.org/10.1109/mnet.011.1900366

IF: 10.294

2020-01-01

IEEE Network

Abstract:Traffic classification is a technology for classifying and identifying sensitive information from cluttered traffic. With the increasing use of encryption and other evasion technologies, traditional content- based network traffic classification becomes impossible, and traffic classification is increasingly related to security and privacy. Many studies have been conducted to investigate traffic classification in various scenarios. A major challenge to existing schemes is extending traffic classification technology to a broader space. In other words, most traffic classification work is not universal and can only show great performance on specific datasets. In this article, we present a systematic approach to optimizing feature selection for encrypted traffic classification. We summarize the optional encrypted traffic features and analyze the approaches of feature selection in detail for different datasets. The experimental result demonstrates that our scheme is more accurate and universal than other state-of-the-art approaches. More precisely, our mechanism provides a guideline for future research in the field of traffic classification.

Cheng Wang,Wei Zhang,Hao Hao,Huiling Shi

DOI: https://doi.org/10.3390/electronics13071236

IF: 2.9

2024-03-28

Electronics

Abstract:The demand for encrypted communication is increasing with the continuous development of secure and trustworthy networks. In edge computing scenarios, the requirement for data processing security is becoming increasingly high. Therefore, the accurate identification of encrypted traffic has become a prerequisite to ensure edge intelligent device security. Currently, encrypted network traffic classification relies on single-feature extraction methods. These methods have simple feature extraction, making distinguishing encrypted network data flows and designing compelling manual features challenging. This leads to low accuracy in multi-classification tasks involving encrypted network traffic. This paper proposes a hybrid deep learning model for multi-classification tasks to address this issue based on the synergy of dilated convolution and gating unit mechanisms. The model comprises a Gated Dilated Convolution (GDC) module and a CA-LSTM module. The GDC module completes the spatial feature extraction of encrypted network traffic through dilated convolution and gating unit mechanisms. In contrast, the CA-LSTM module focuses on extracting temporal network traffic features. By employing a collaborative approach to extract spatio-temporal features, the model ensures feature extraction diversity, guarantees robustness, and effectively enhances the feature extraction rate. We evaluate our multi-classification model using the ISCX VPN-nonVPN public dataset. Experimental results show that the proposed method achieves an accuracy rate of over 95% and a recall rate of over 90%, significantly outperforming existing methods.

engineering, electrical & electronic,computer science, information systems,physics, applied