A Novel Multimodal Deep Learning Framework for Encrypted Traffic Classification

Traffic classification is essential for cybersecurity maintenance and network management, and has been widely used in QoS (Quality of Service) guarantees, intrusion detection, and other tasks. Recently, with the emergence of SSL/TLS encryption protocols in the modern Internet environment, the traditional payload-based classification methods are no longer effective. Some researchers have used machine learning methods to model the flow features of encrypted traffics (e.g. message type, length sequence, statistical features, etc.), and achieved good results in some cases. However, these high-level hand-designed features cannot be used for more fine-grained operations and may lead to the loss of important information, thus affecting the classification accuracy. To overcome this limitation, in this paper, we designed a novel multimodal deep learning framework for encrypted traffic classification called PEAN. PEAN uses the raw bytes and length sequence as the input, and uses the self-attention mechanism to learn the deep relationship among network packets in a biflow. Furthermore, unsupervised pre-training was introduced to enhance PEAN's ability to characterize network packets. Experiments on a real trace set captured in a large data center demonstrate the effectiveness of PEAN, which achieves better results than the state-of-the-art methods.

Automated summary

Traffic classification is crucial for cybersecurity maintenance and network management. Traditional payload-based methods are ineffective in the presence of SSL/TLS encryption protocols. This paper presents a novel multimodal deep learning framework called PEAN for encrypted traffic classification, which uses raw bytes and length sequence as input and leverages self-attention mechanism for learning deep network packet relationships. Unsupervised pre-training is also incorporated to enhance PEAN's ability to characterize network packets. Experimental results demonstrate the effectiveness of PEAN, outperforming state-of-the-art methods.