Network traffic classification model based on attention mechanism and spatiotemporal features

Autor: Feifei Hu, Situo Zhang, Xubin Lin, Liu Wu, Niandong Liao, Yanqi Song
Jazyk: angličtina
Rok vydání: 2023
Předmět:
Zdroj: EURASIP Journal on Information Security, Vol 2023, Iss 1, Pp 1-25 (2023)
Druh dokumentu: article
ISSN: 2510-523X
DOI: 10.1186/s13635-023-00141-4
Popis: Abstract Traffic classification is widely used in network security and network management. Early studies have mainly focused on mapping network traffic to different unencrypted applications, but little research has been done on network traffic classification of encrypted applications, especially the underlying traffic of encrypted applications. To address the above issues, this paper proposes a network encryption traffic classification model that combines attention mechanisms and spatiotemporal features. The model firstly uses the long short-term memory (LSTM) method to analyze continuous network flows and find the temporal correlation features between these network flows. Secondly, the convolutional neural network (CNN) method is used to extract the high-order spatial features of the network flow, and then, the squeeze and excitation (SE) module is used to weight and redistribute the high-order spatial features to obtain the key spatial features of the network flow. Finally, through the above three stages of training and learning, fast classification of network flows is achieved. The main advantages of this model are as follows: (1) the mapping relationship between network flow and label is automatically constructed by the model without manual intervention and decision by network features, (2) it has strong generalization ability and can quickly adapt to different network traffic datasets, and (3) it can handle encrypted applications and their underlying traffic with high accuracy. The experimental results show that the model can be applied to classify network traffic of encrypted and unencrypted applications at the same time, especially the classification accuracy of the underlying traffic of encrypted applications is improved. In most cases, the accuracy generally exceeds 90%.
Databáze: Directory of Open Access Journals