Abstract
Network traffic classification aims to recognize different application or traffic types by analyzing received data packets. This paper presents a neural network model with deep and parallel network-in-network (NIN) structures for classifying encrypted network traffic. Comparing with standard convolutional neural networks (CNN), NIN adopts a micro network after each convolution layer to enhance local modeling. Besides, NIN utilizes a global average pooling instead of traditional fully connected layers before final classification, which reduces the number of model parameters significantly. In our proposed method, deep NIN models with multiple MLP convolutional layers are built to map fixed-length packet vectors towards application or traffic labels. Furthermore, a parallel decision strategy of building two sub-networks to process packet header and packet body separately is designed considering that they may carry different kinds of clues for classification. The results of our experiments on the “ISCX VPN-nonVPN” encrypted traffic dataset show that NIN models can achieve a better balance between classification accuracy and model complexity than conventional CNNs. The parallel decision strategy can further improve the accuracy of using single NIN model for encrypted network traffic classification. Finally, the test set F1 scores of 0.983 and 0.985 are achieved for traffic characterization and application identification respectively.
Highlights
Network traffic classification is the task of recognizing different application or traffic types by analyzing received data packets, which is important in modern communication networks [1]
We can see that our proposed convolutional neural networks (CNN) models achieved similar performance with CNNDeepPacket
We will focus on the comparison between our proposed NIN and CNN models
Summary
Network traffic classification is the task of recognizing different application or traffic types by analyzing received data packets, which is important in modern communication networks [1]. The conventional classifiers that have been investigated for traffic classification include k-nearest neighbor (k-NN) [4], C4.5 decision tree [5], support vector machine (SVM) [6], etc These machine learning based methods can achieve better performance of encrypted traffic classification than port-based and payload-based approaches, they still have two deficiencies. Some other issues with encrypted traffic classification, such as class imbalance [23] and multimodal learning [24], have been studied by proposing deep-learning-based models These deep-learning-based methods have achieved significantly higher accuracy of encrypted traffic classification than conventional classifiers, such as k-NNs and decision trees, they still have some limitations. NINs are employed into the task of encrypted traffic classification for the first time, which performs better than conventional CNNs and the existing Deep Packet model [21] on the ‘‘ISCX VPNnonVPN’’ dataset.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
