SAT-Net: A staggered attention network using graph neural networks for encrypted traffic classification

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Network and Computer Applications Pub Date : 2024-11-15 DOI:10.1016/j.jnca.2024.104069

Zhiyuan Li, Hongyi Zhao, Jingyu Zhao, Yuqi Jiang, Fanliang Bu

{"title":"SAT-Net: A staggered attention network using graph neural networks for encrypted traffic classification","authors":"Zhiyuan Li, Hongyi Zhao, Jingyu Zhao, Yuqi Jiang, Fanliang Bu","doi":"10.1016/j.jnca.2024.104069","DOIUrl":null,"url":null,"abstract":"<div><div>With the increasing complexity of network protocol traffic in the modern network environment, the task of traffic classification is facing significant challenges. Existing methods lack research on the characteristics of traffic byte data and suffer from insufficient model generalization, leading to decreased classification accuracy. In response, we propose a method for encrypted traffic classification based on a Staggered Attention Network using Graph Neural Networks (SAT-Net), which takes into consideration both computer network topology and user interaction processes. Firstly, we design a Packet Byte Graph (PBG) to efficiently capture the byte features of flow and their relationships, thereby transforming the encrypted traffic classification problem into a graph classification problem. Secondly, we meticulously construct a GNN-based PBG learner, where the feature remapping layer and staggered attention layer are respectively used for feature propagation and fusion, enhancing the robustness of the model. Experiments on multiple different types of encrypted traffic datasets demonstrate that SAT-Net outperforms various advanced methods in identifying VPN traffic, Tor traffic, and malicious traffic, showing strong generalization capability.</div></div>","PeriodicalId":54784,"journal":{"name":"Journal of Network and Computer Applications","volume":"233 ","pages":"Article 104069"},"PeriodicalIF":7.7000,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Network and Computer Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1084804524002467","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

With the increasing complexity of network protocol traffic in the modern network environment, the task of traffic classification is facing significant challenges. Existing methods lack research on the characteristics of traffic byte data and suffer from insufficient model generalization, leading to decreased classification accuracy. In response, we propose a method for encrypted traffic classification based on a Staggered Attention Network using Graph Neural Networks (SAT-Net), which takes into consideration both computer network topology and user interaction processes. Firstly, we design a Packet Byte Graph (PBG) to efficiently capture the byte features of flow and their relationships, thereby transforming the encrypted traffic classification problem into a graph classification problem. Secondly, we meticulously construct a GNN-based PBG learner, where the feature remapping layer and staggered attention layer are respectively used for feature propagation and fusion, enhancing the robustness of the model. Experiments on multiple different types of encrypted traffic datasets demonstrate that SAT-Net outperforms various advanced methods in identifying VPN traffic, Tor traffic, and malicious traffic, showing strong generalization capability.

查看原文本刊更多论文

SAT-Net：使用图神经网络的交错注意力网络，用于加密流量分类

随着现代网络环境中网络协议流量的日益复杂，流量分类任务面临着巨大挑战。现有方法缺乏对流量字节数据特征的研究，模型泛化不足，导致分类准确率下降。为此，我们提出了一种基于图神经网络交错注意力网络（SAT-Net）的加密流量分类方法，该方法同时考虑了计算机网络的拓扑结构和用户交互过程。首先，我们设计了数据包字节图（PBG），以有效捕捉流量的字节特征及其关系，从而将加密流量分类问题转化为图分类问题。其次，我们精心构建了基于 GNN 的 PBG 学习器，其中特征重映射层和交错注意力层分别用于特征传播和融合，从而增强了模型的鲁棒性。在多个不同类型的加密流量数据集上的实验表明，SAT-Net 在识别 VPN 流量、Tor 流量和恶意流量方面的表现优于各种先进方法，显示出很强的泛化能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Network and Computer Applications 工程技术-计算机：跨学科应用

CiteScore

21.50

自引率

3.40%

发文量

142

审稿时长

37 days

期刊介绍： The Journal of Network and Computer Applications welcomes research contributions, surveys, and notes in all areas relating to computer networks and applications thereof. Sample topics include new design techniques, interesting or novel applications, components or standards; computer networks with tools such as WWW; emerging standards for internet protocols; Wireless networks; Mobile Computing; emerging computing models such as cloud computing, grid computing; applications of networked systems for remote collaboration and telemedicine, etc. The journal is abstracted and indexed in Scopus, Engineering Index, Web of Science, Science Citation Index Expanded and INSPEC.