CGNN: Traffic Classification with Graph Neural Network

by   Bo Pang, et al.

Traffic classification associates packet streams with known application labels, which is vital for network security and network management. With the rise of NAT, port dynamics, and encrypted traffic, it is increasingly challenging to obtain unified traffic features for accurate classification. Many state-of-the-art traffic classifiers automatically extract features from the packet stream based on deep learning models such as convolution networks. Unfortunately, the compositional and causal relationships between packets are not well extracted in these deep learning models, which affects both prediction accuracy and generalization on different traffic types. In this paper, we present a chained graph model on the packet stream to keep the chained compositional sequence. Next, we propose CGNN, a graph neural network based traffic classification method, which builds a graph classifier over automatically extracted features over the chained graph. Extensive evaluation over real-world traffic data sets, including normal, encrypted and malicious labels, show that, CGNN improves the prediction accuracy by 23% to 29% for application classification, by 2% to 37% for malicious traffic classification, and reaches the same accuracy level for encrypted traffic classification. CGNN is quite robust in terms of the recall and precision metrics. We have extensively evaluated the parameter sensitivity of CGNN, which yields optimized parameters that are quite effective for traffic classification.


page 9

page 10

page 12

page 16


Deep Learning for Encrypted Traffic Classification: An Overview

Traffic classification has been studied for two decades and applied to a...

AutoML4ETC: Automated Neural Architecture Search for Real-World Encrypted Traffic Classification

Deep learning (DL) has been successfully applied to encrypted network tr...

Classification of Traffic Using Neural Networks by Rejecting: a Novel Approach in Classifying VPN Traffic

Traffic flows are set of packets transferring between a client and a ser...

Differentiation of Sliding Rescaled Ranges: New Approach to Encrypted and VPN Traffic Detection

We propose a new approach to traffic preprocessing called Differentiatio...

HEDGE: Efficient Traffic Classification of Encrypted and Compressed Packets

As the size and source of network traffic increase, so does the challeng...

TEST: an End-to-End Network Traffic Examination and Identification Framework Based on Spatio-Temporal Features Extraction

With more encrypted network traffic gets involved in the Internet, how t...

Encrypted Internet traffic classification using a supervised Spiking Neural Network

Internet traffic recognition is an essential tool for access providers s...

Please sign up or login with your details

Forgot password? Click here to reset