Research On Encrypted Traffic Classification Based On CNN-Transformer And Mutal Contrastive Learning

Network traffic classification techniques,which are widely applied in quality of service assurance,intrusion detection,traffic monitoring or other network activities,are one of the basic tools for network security maintenance and management.In recent years,with the emergence of a range of encryption protocols such as SSL/TLS in the modern Internet environment,traditional traffic classification methods,such as port matching-based approaches,are no longer effective.Some researchers have used machine learning methods to model the flow characteristics of encrypted traffic(e.g.,message types,length sequences,statistical features,etc.)with good results.However,the machine learning-based traffic classification approach is very labor-intensive since it relies on experts to extract features manually.And the manually extracted features may lead to the loss of important information and cannot be used for more fine-grained operations,and may also affect the accuracy of classification as a result.Moreover,most of today’s network traffic uses encryption protocols to protect users’ privacy and prevent information leakage.Although encryption is beneficial from the user’s point of view,many studies have found that some privacy-protecting protocols over-encrypt traffic information.While this prevents the leakage of user information,it also makes it more difficult to identify malicious traffic from the encrypted traffic.Due to the difficulties in collecting real malicious traffic data,the publicly available malicious traffic dataset is small.However,deep learning-based training requires a large number of samples with labeled data.In order to solve the above problems,the main research work of this paper on encrypted traffic classification method based on deep learning is as follows.1.A network encrypted traffic classification method based on CNN-Transformer hybrid architecture.In order to improve the accuracy of network encrypted traffic classification,this paper proposes a network encrypted traffic classification method based on CNN-Transformer hybrid architecture,which uses Convolutional Neural Network to get the local features of traffic and uses Transformer to learn the global information of traffic.The method combines the advantages of Convolutional Neural Network and Transformer,complementing each other to learn information from the original traffic and achieve high classification accuracy without additional manual extraction of statistical features and other supplementary information.2.The method of malicious traffic detection and classification based on mutual comparison learning.Regarding the problem that the samples of real malicious traffic data are small,this paper proposes a malicious traffic detection and classification method based on mutual comparison learning.Mutual contrast learning combines contrast learning and collaborative learning to learn between multiple classification models.And this method uses the idea of contrast learning to increase the distance between different categories and combines multiple network models to learn more extra knowledge and better feature representations,which can accurately detect malicious traffic even when there is insufficient data with labels.