UniNet: A Unified Multi-granular Traffic Modeling Framework for Network Security

• URL: http://arxiv.org/abs/2503.04174v1
• Date: Thu, 06 Mar 2025 07:39:37 GMT
• Title: UniNet: A Unified Multi-granular Traffic Modeling Framework for Network Security
• Authors: Binghui Wu, Dinil Mon Divakaran, Mohan Gurusamy,
• Abstract summary: UniNet is a unified framework that introduces a novel multi-granular traffic representation (T-Matrix)<n>UniNet sets a new benchmark for modern network security.
• Score: 4.206993135004622
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: As modern networks grow increasingly complex--driven by diverse devices, encrypted protocols, and evolving threats--network traffic analysis has become critically important. Existing machine learning models often rely only on a single representation of packets or flows, limiting their ability to capture the contextual relationships essential for robust analysis. Furthermore, task-specific architectures for supervised, semi-supervised, and unsupervised learning lead to inefficiencies in adapting to varying data formats and security tasks. To address these gaps, we propose UniNet, a unified framework that introduces a novel multi-granular traffic representation (T-Matrix), integrating session, flow, and packet-level features to provide comprehensive contextual information. Combined with T-Attent, a lightweight attention-based model, UniNet efficiently learns latent embeddings for diverse security tasks. Extensive evaluations across four key network security and privacy problems--anomaly detection, attack classification, IoT device identification, and encrypted website fingerprinting--demonstrate UniNet's significant performance gain over state-of-the-art methods, achieving higher accuracy, lower false positive rates, and improved scalability. By addressing the limitations of single-level models and unifying traffic analysis paradigms, UniNet sets a new benchmark for modern network security.

Related papers

• Research on Cloud Platform Network Traffic Monitoring and Anomaly Detection System based on Large Language Models [5.524069089627854]
  This paper introduces a large language model (LLM)-based network traffic monitoring and anomaly detection system. A pre-trained large language model analyzes and predicts the probable network traffic, and an anomaly detection layer considers temporality and context. Results show that the designed model outperforms traditional methods in detection accuracy and computational efficiency.
  arXiv  Detail & Related papers  (2025-04-22T07:42:07Z)
• PacketCLIP: Multi-Modal Embedding of Network Traffic and Language for Cybersecurity Reasoning [13.457018953474655]
  PacketCLIP is a multi-modal framework combining packet data with natural language semantics.<n>It integrates semantic reasoning with efficient classification, enabling robust detection of anomalies in encrypted network flows.<n>It achieves a 95% mean AUC, outperforms baselines by 11.6%, and reduces model size by 92%.
  arXiv  Detail & Related papers  (2025-03-05T18:58:58Z)
• NetFlowGen: Leveraging Generative Pre-training for Network Traffic Dynamics [72.95483148058378]
  We propose to pre-train a general-purpose machine learning model to capture traffic dynamics with only traffic data from NetFlow records.<n>We address challenges such as unifying network feature representations, learning from large unlabeled traffic data volume, and testing on real downstream tasks in DDoS attack detection.
  arXiv  Detail & Related papers  (2024-12-30T00:47:49Z)
• Learning in Multiple Spaces: Few-Shot Network Attack Detection with Metric-Fused Prototypical Networks [47.18575262588692]
  We propose a novel Multi-Space Prototypical Learning framework tailored for few-shot attack detection. By leveraging Polyak-averaged prototype generation, the framework stabilizes the learning process and effectively adapts to rare and zero-day attacks. Experimental results on benchmark datasets demonstrate that MSPL outperforms traditional approaches in detecting low-profile and novel attack types.
  arXiv  Detail & Related papers  (2024-12-28T00:09:46Z)
• MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
  Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
  arXiv  Detail & Related papers  (2024-12-19T12:52:53Z)
• AI Flow at the Network Edge [58.31090055138711]
  AI Flow is a framework that streamlines the inference process by jointly leveraging the heterogeneous resources available across devices, edge nodes, and cloud servers.<n>This article serves as a position paper for identifying the motivation, challenges, and principles of AI Flow.
  arXiv  Detail & Related papers  (2024-11-19T12:51:17Z)
• NetSafe: Exploring the Topological Safety of Multi-agent Networks [22.033551405492553]
  This paper focuses on the safety of multi-agent networks from a topological perspective. We identify several critical phenomena when multi-agent networks are exposed to attacks involving misinformation, bias, and harmful information. We find that highly connected networks are more susceptible to the spread of adversarial attacks, with task performance in a Star Graph Topology decreasing by 29.7%.
  arXiv  Detail & Related papers  (2024-10-21T06:54:27Z)
• Lens: A Foundation Model for Network Traffic [19.3652490585798]
  Lens is a foundation model for network traffic that leverages the T5 architecture to learn the pre-trained representations from large-scale unlabeled data. We design a novel loss that combines three distinct tasks: Masked Span Prediction (MSP), Packet Order Prediction (POP), and Homologous Traffic Prediction (HTP)
  arXiv  Detail & Related papers  (2024-02-06T02:45:13Z)
• netFound: Foundation Model for Network Security [10.84029318509573]
  This paper introduces a novel transformer-based network foundation model, netFound.<n>We employ self-supervised learning techniques on abundant, unlabeled network telemetry data for pre-training.<n>Our results demonstrate that netFound effectively captures the hidden networking context in production settings.
  arXiv  Detail & Related papers  (2023-10-25T22:04:57Z)
• Towards Intelligent Network Management: Leveraging AI for Network Service Detection [0.0]
  This study focuses on leveraging Machine Learning methodologies to create an advanced network traffic classification system. We introduce a novel data-driven approach that excels in identifying various network service types in real-time. Our system demonstrates a remarkable accuracy in distinguishing the network services.
  arXiv  Detail & Related papers  (2023-10-14T16:06:11Z)
• Learning Prototype-oriented Set Representations for Meta-Learning [85.19407183975802]
  Learning from set-structured data is a fundamental problem that has recently attracted increasing attention. This paper provides a novel optimal transport based way to improve existing summary networks. We further instantiate it to the cases of few-shot classification and implicit meta generative modeling.
  arXiv  Detail & Related papers  (2021-10-18T09:49:05Z)
• An Automated, End-to-End Framework for Modeling Attacks From Vulnerability Descriptions [46.40410084504383]
  In order to derive a relevant attack graph, up-to-date information on known attack techniques should be represented as interaction rules. We present a novel, end-to-end, automated framework for modeling new attack techniques from textual description of a security vulnerability.
  arXiv  Detail & Related papers  (2020-08-10T19:27:34Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.