The Journal of China Universities of Posts and Telecommunications ›› 2020, Vol. 27 ›› Issue (3): 21-30.doi: 10.19682/j.cnki.1005-8885.2020.0013

Previous Articles     Next Articles

End-to-end encrypted network traffic classification method based on deep learning


  • Received:2020-01-03 Revised:2020-04-12 Online:2020-06-24 Published:2020-08-30
  • Supported by:
    Research on Key Technologies and Applications of Self-service Big Data Governance of Power Grid

Abstract: Network traffic classification, which matches network traffic for a specific class of different granularities, plays a vital role in the domain of network administration and cyber security. With the rapid development of network communication techniques, more and more network applications adopt encryption techniques during communication, which brings significant challenges to traditional network traffic classification methods. On the one hand, traditional methods mainly depend on matching features on the application layer of the ISO/OSI reference model, which leads to the failure of classifying encrypted traffic. On the other hand, machine learning-based methods require human-made features from network traffic data by human experts, which renders it difficult for them to deal with complex network protocols. In this paper, the convolution attention network (CAT) is proposed to overcom those difficulties. As an end-to-end model, CAT takes raw data as input and returns classification results automatically, with engineering by human experts. In CAT, firstly, the importance of different bytes with an attention mechanism of network traffic is achieved. Then, convolution neural network (CNN) is used to learn features automatically and feed the output into a softmax function to get classification results. It enables CAT to learn enough information from network traffic data and ensure the classified accuracy. Extensive experiments on the public encrypted network traffic dataset ISCX2016 demonstrate the effectiveness of the proposed model.

Key words: network traffic classification, convolution neural network, attention mechanism, network management, cyber security