Year-end Sale % OFF 
Abstract
With the increase in the proportion of encrypted network traffic, encrypted traffic identification (ETI) is becoming a critical research topic for network management and security. At present, ETI under closed world assumption has been adequately studied. However, when the models are applied to the realistic environment, they will face unknown traffic identification challenges and model efficiency requirements. Considering these problems, in this paper, we propose a lightweight unknown traffic discovery model LightSEEN for open-world traffic classification and model update under practical conditions. The overall structure of LightSEEN is based on the Siamese network, which takes three simplified packet feature vectors as input on one side, uses the multihead attention mechanism to parallelly capture the interactions among packets, and adopts techniques including 1D-CNN and ResNet to promote the extraction of deep-level flow features and the convergence speed of the network. The effectiveness and efficiency of the proposed model are evaluated on two public data sets. The results show that the effectiveness of LightSEEN is overall at the same level as the state-of-the-art method and LightSEEN has even better true detection rate, but the parameter used in LightSEEN is 0.51 % of the baseline and its average training time is 37.9 % of the baseline.
Highlights
Network traffic identification refers to classifying network traffic into different sets by observing its characteristics according to specific targets, which is the focus of network behaviour analysis, network planning and construction, network anomaly detection, and network traffic model research [1]
To be deployable to practical applications, an encrypted traffic identification (ETI) model needs to discover unknown classes of traffic that were not anticipated in the training phase
We focus on improving the real-time performance and flexibility of unknown traffic discovery
Summary
Network traffic identification refers to classifying network traffic into different sets by observing its characteristics according to specific targets, which is the focus of network behaviour analysis, network planning and construction, network anomaly detection, and network traffic model research [1]. For the application in an open-world environment, there are more practical problems to be considered, including the challenge of unknown traffic discovery and model efficiency. Most of the existing models are based on the closed-world assumption, which means that the training dataset is assumed to contain all the traffic classes in the model deployment environment. Such assumption cannot be held in many practical applications. A model named SEEN is proposed for unknown traffic discovery [2], which applies the Siamese network in the ETI area for the first time.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
