Sustaining the High Performance of AI-Based Network Traffic Classification Models

Abstract

Network traffic classification plays an essential role in network measurement and management. Emerging Artificial Intelligence (AI) algorithms have become a viable solution to encrypted network traffic classification. Nonetheless, the classification performance of existing AI-based traffic classifiers is restricted to a limited number of network applications depending on the coverage of the knowledge database. Such AI-based traffic classifiers cannot maintain high performance to provide accurate traffic classification when dealing with updated or new network applications. To tackle the issues, we present an autonomous model update mechanism to sustain the high performance of AI-based traffic classifiers. Specifically, an instability check algorithm is derived to evaluate if the current classifier requires an update. A filtering algorithm is proposed to extract unknown traffic and build a new knowledge database based on a new metric, i.e., familiarity, defined based on the prediction confidence and instability. Extensive experiment results demonstrate that our proposed updating mechanism can provide prompt model updates and establish a proper new knowledge base to maintain high accuracy in various experimental scenarios. Moreover, the comparison is conducted and the results show the proposed familiarity-based filtering algorithm can filter about 7 and 3 times more true positive packets in the two considered scenarios, respectively.