MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification
- URL: http://arxiv.org/abs/2412.15306v1
- Date: Thu, 19 Dec 2024 12:52:53 GMT
- Title: MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification
- Authors: Xu-Yang Chen, Lu Han, De-Chuan Zhan, Han-Jia Ye,
- Abstract summary: Classifying traffic is essential for detecting security threats and optimizing network management.
We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.
MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
- Score: 59.96233305733875
- License:
- Abstract: Network traffic includes data transmitted across a network, such as web browsing and file transfers, and is organized into packets (small units of data) and flows (sequences of packets exchanged between two endpoints). Classifying encrypted traffic is essential for detecting security threats and optimizing network management. Recent advancements have highlighted the superiority of foundation models in this task, particularly for their ability to leverage large amounts of unlabeled data and demonstrate strong generalization to unseen data. However, existing methods that focus on token-level relationships fail to capture broader flow patterns, as tokens, defined as sequences of hexadecimal digits, typically carry limited semantic information in encrypted traffic. These flow patterns, which are crucial for traffic classification, arise from the interactions between packets within a flow, not just their internal structure. To address this limitation, we propose a Multi-Instance Encrypted Traffic Transformer (MIETT), which adopts a multi-instance approach where each packet is treated as a distinct instance within a larger bag representing the entire flow. This enables the model to capture both token-level and packet-level relationships more effectively through Two-Level Attention (TLA) layers, improving the model's ability to learn complex packet dynamics and flow patterns. We further enhance the model's understanding of temporal and flow-specific dynamics by introducing two novel pre-training tasks: Packet Relative Position Prediction (PRPP) and Flow Contrastive Learning (FCL). After fine-tuning, MIETT achieves state-of-the-art (SOTA) results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors. Code is available at \url{https://github.com/Secilia-Cxy/MIETT}.
Related papers
- Less is More: Simplifying Network Traffic Classification Leveraging RFCs [3.8623569699070353]
We present NetMatrix, a minimalistic representation of network traffic that eliminates noisy attributes and focuses on meaningful features.
Compared to selected baselines, experimental evaluations demonstrate that LiM improves resource consumption by orders of magnitude.
This study underscores the effectiveness of simplicity in traffic representation and machine learning model selection, paving the way towards resource-efficient network traffic classification.
arXiv Detail & Related papers (2025-02-01T22:55:14Z) - Multi-view Correlation-aware Network Traffic Detection on Flow Hypergraph [5.64836465356865]
We propose a multi-view correlation-aware framework named FlowID for network traffic detection.
FlowID captures multi-view traffic features via temporal and interaction awareness, while a hypergraph encoder further explores higher-order relationships between flows.
We show that FlowID significantly outperforms existing methods in accuracy, robustness, and generalization across diverse network scenarios.
arXiv Detail & Related papers (2025-01-15T06:17:06Z) - Revolutionizing Encrypted Traffic Classification with MH-Net: A Multi-View Heterogeneous Graph Model [16.750119354563733]
MH-Net is a novel approach for classifying network traffic that leverages multi-view heterogeneous traffic graphs.
We employ contrastive learning in a multi-task manner to strengthen the robustness of the learned traffic unit representations.
arXiv Detail & Related papers (2025-01-05T16:50:41Z) - NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.
We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
arXiv Detail & Related papers (2024-12-30T00:47:49Z) - Hierarchical Information Enhancement Network for Cascade Prediction in Social Networks [51.54002032659713]
We propose a novel Hierarchical Information Enhancement Network (HIENet) for cascade prediction.
Our approach integrates fundamental cascade sequence, user social graphs, and sub-cascade graph into a unified framework.
arXiv Detail & Related papers (2024-03-22T14:57:27Z) - One Train for Two Tasks: An Encrypted Traffic Classification Framework
Using Supervised Contrastive Learning [18.63871240173137]
We propose an effective model named a Contrastive Learning Enhanced Temporal Fusion (CLE-TFE)
In particular, we utilize supervised contrastive learning to enhance the packet-level and flow-level representations.
We also propose cross-level multi-task learning, which simultaneously accomplishes the packet-level and flow-level classification tasks in the same model with one training.
arXiv Detail & Related papers (2024-02-12T09:10:09Z) - Lens: A Foundation Model for Network Traffic [19.3652490585798]
Lens is a foundation model for network traffic that leverages the T5 architecture to learn the pre-trained representations from large-scale unlabeled data.
We design a novel loss that combines three distinct tasks: Masked Span Prediction (MSP), Packet Order Prediction (POP), and Homologous Traffic Prediction (HTP)
arXiv Detail & Related papers (2024-02-06T02:45:13Z) - Cross-modal Orthogonal High-rank Augmentation for RGB-Event
Transformer-trackers [58.802352477207094]
We explore the great potential of a pre-trained vision Transformer (ViT) to bridge the vast distribution gap between two modalities.
We propose a mask modeling strategy that randomly masks a specific modality of some tokens to enforce the interaction between tokens from different modalities interacting proactively.
Experiments demonstrate that our plug-and-play training augmentation techniques can significantly boost state-of-the-art one-stream and two trackersstream to a large extent in terms of both tracking precision and success rate.
arXiv Detail & Related papers (2023-07-09T08:58:47Z) - Non-Separable Multi-Dimensional Network Flows for Visual Computing [62.50191141358778]
We propose a novel formalism for non-separable multi-dimensional network flows.
Since the flow is defined on a per-dimension basis, the maximizing flow automatically chooses the best matching feature dimensions.
As a proof of concept, we apply our formalism to the multi-object tracking problem and demonstrate that our approach outperforms scalar formulations on the MOT16 benchmark in terms of robustness to noise.
arXiv Detail & Related papers (2023-05-15T13:21:44Z) - Multi-view Multi-label Anomaly Network Traffic Classification based on
MLP-Mixer Neural Network [55.21501819988941]
Existing network traffic classification based on convolutional neural networks (CNNs) often emphasizes local patterns of traffic data while ignoring global information associations.
We propose an end-to-end network traffic classification method.
arXiv Detail & Related papers (2022-10-30T01:52:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.