Generalized Encrypted Traffic Classification Using Inter-Flow Signals

• URL: http://arxiv.org/abs/2508.21558v1
• Date: Fri, 29 Aug 2025 12:14:42 GMT
• Title: Generalized Encrypted Traffic Classification Using Inter-Flow Signals
• Authors: Federica Bianchi, Edoardo Di Paolo, Angelo Spognardi,
• Abstract summary: We present a novel encrypted traffic classification model that operates directly on raw PCAP data without requiring prior assumptions about traffic type.<n> Experimental results show that our model outperforms well-established methods in nearly every classification task and across most datasets, achieving up to 99% accuracy in some cases.
• Score: 0.0
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: In this paper, we present a novel encrypted traffic classification model that operates directly on raw PCAP data without requiring prior assumptions about traffic type. Unlike existing methods, it is generalizable across multiple classification tasks and leverages inter-flow signals - an innovative representation that captures temporal correlations and packet volume distributions across flows. Experimental results show that our model outperforms well-established methods in nearly every classification task and across most datasets, achieving up to 99% accuracy in some cases, demonstrating its robustness and adaptability.

Related papers

• Bias in the Shadows: Explore Shortcuts in Encrypted Network Traffic Classification [8.740413164300957]
  BiasSeeker is a semi-automated framework for detecting dataset-specific shortcut features in encrypted traffic.<n>We introduce a systematic categorization and apply category-specific validation strategies that reduce bias while preserving meaningful information.<n>We evaluate BiasSeeker on 19 public datasets across three NTC tasks.
  arXiv  Detail & Related papers  (2026-01-15T08:39:56Z)
• What Does Normal Even Mean? Evaluating Benign Traffic in Intrusion Detection Datasets [0.0]
  Supervised machine learning techniques rely on labeled data to achieve high task performance.<n>This paper evaluates the structure of benign traffic in several common intrusion detection datasets.
  arXiv  Detail & Related papers  (2025-09-11T15:55:21Z)
• Detection of Anomalous Vehicular Traffic and Sensor Failures Using Data Clustering Techniques [0.0]
  In this study, we employ clustering techniques to analyse traffic flow data from highway sensors.<n>We explore multiple clustering approaches, i.e. partitioning and hierarchical methods, combined with various time-series representations and similarity measures.<n>Our methodology is applied to real-world data from highway sensors, enabling us to assess the impact of different clustering frameworks on traffic pattern recognition.
  arXiv  Detail & Related papers  (2025-04-01T15:09:39Z)
• MIETT: Multi-Instance Encrypted Traffic Transformer for Encrypted Traffic Classification [59.96233305733875]
  Classifying traffic is essential for detecting security threats and optimizing network management.<n>We propose a Multi-Instance Encrypted Traffic Transformer (MIETT) to capture both token-level and packet-level relationships.<n>MIETT achieves results across five datasets, demonstrating its effectiveness in classifying encrypted traffic and understanding complex network behaviors.
  arXiv  Detail & Related papers  (2024-12-19T12:52:53Z)
• Diffusion Generative Flow Samplers: Improving learning signals through partial trajectory optimization [87.21285093582446]
  Diffusion Generative Flow Samplers (DGFS) is a sampling-based framework where the learning process can be tractably broken down into short partial trajectory segments. Our method takes inspiration from the theory developed for generative flow networks (GFlowNets)
  arXiv  Detail & Related papers  (2023-10-04T09:39:05Z)
• Facing Unknown: Open-World Encrypted Traffic Classification Based on Contrastive Pre-Training [5.318006462723139]
  We propose a novel Open-World Contrastive Pre-training (OWCP) framework for this. OWCP performs contrastive pre-training to obtain a robust feature representation. We conduct comprehensive ablation studies and sensitivity analyses to validate each integral component of OWCP.
  arXiv  Detail & Related papers  (2023-08-31T17:04:20Z)
• Consistency Regularization for Generalizable Source-free Domain Adaptation [62.654883736925456]
  Source-free domain adaptation (SFDA) aims to adapt a well-trained source model to an unlabelled target domain without accessing the source dataset. Existing SFDA methods ONLY assess their adapted models on the target training set, neglecting the data from unseen but identically distributed testing sets. We propose a consistency regularization framework to develop a more generalizable SFDA method.
  arXiv  Detail & Related papers  (2023-08-03T07:45:53Z)
• Single Domain Generalization via Normalised Cross-correlation Based Convolutions [14.306250516592304]
  Single Domain Generalization aims to train robust models using data from a single source. We propose a novel operator called XCNorm that computes the normalized cross-correlation between weights and an input feature patch. We show that deep neural networks composed of this operator are robust to common semantic distribution shifts.
  arXiv  Detail & Related papers  (2023-07-12T04:15:36Z)
• Multi-view Multi-label Anomaly Network Traffic Classification based on MLP-Mixer Neural Network [55.21501819988941]
  Existing network traffic classification based on convolutional neural networks (CNNs) often emphasizes local patterns of traffic data while ignoring global information associations. We propose an end-to-end network traffic classification method.
  arXiv  Detail & Related papers  (2022-10-30T01:52:05Z)
• MD-CSDNetwork: Multi-Domain Cross Stitched Network for Deepfake Detection [80.83725644958633]
  Current deepfake generation methods leave discriminative artifacts in the frequency spectrum of fake images and videos. We present a novel approach, termed as MD-CSDNetwork, for combining the features in the spatial and frequency domains to mine a shared discriminative representation.
  arXiv  Detail & Related papers  (2021-09-15T14:11:53Z)
• Task-agnostic Continual Learning with Hybrid Probabilistic Models [75.01205414507243]
  We propose HCL, a Hybrid generative-discriminative approach to Continual Learning for classification. The flow is used to learn the data distribution, perform classification, identify task changes, and avoid forgetting. We demonstrate the strong performance of HCL on a range of continual learning benchmarks such as split-MNIST, split-CIFAR, and SVHN-MNIST.
  arXiv  Detail & Related papers  (2021-06-24T05:19:26Z)
• Multi-fold Correlation Attention Network for Predicting Traffic Speeds with Heterogeneous Frequency [17.3908559850196]
  We propose new measurements to model the spatial correlations among traffic data. We show that the resulting correlation patterns vary significantly under various traffic situations. Experiments on real-world datasets demonstrate that the proposed MCAN model outperforms the state-of-the-art baselines.
  arXiv  Detail & Related papers  (2021-04-19T06:58:51Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.