Global-Aware Prototypical Network for Few-Shot Encrypted Traffic Classification

Abstract

Performing encrypted traffic classification under a few-shot scenario is vital because of labor-intensive labeling and intrinsically rare samples. Most existing methods apply metric learning to solve the problem of few-shot encrypted traffic classification. However, those methods only involve local information of traffic inputs to distinguish different traffic types, which weakens classification performance. In this paper, we devise Global-aware Prototypical Network (GP-Net) for few-shot encrypted traffic classification by aggregating the global information of the traffic inputs. Specifically, GP-Net firstly captures the relations between any two bytes of payload sequence, regardless of the spatial distance, and then utilizes the byte-wise relationships to aggregate the global information of traffic inputs. Moreover, we model the position information of bytes in payload sequence by leveraging the relative position mechanism, which enhances the express ability of GP-Net. We conduct extensive experiments on the real-world traffic dataset to evaluate the effectiveness of GP-Net. The experimental results demonstrate that GP-Net achieves high performance when recognizing a new traffic type even when the number of traffic samples is less than 20, outperforming state-of-the-art (SOTA) few-shot encrypted traffic classification methods.