Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Online Network Traffic Classification Based on External Attention and Convolution by IP Packet Header

Yahui Hu, Ziqian Zeng, Junping Song, Luyang Xu, Xu Zhou

TL;DR

The paper addresses privacy-preserving online network traffic classification by using only IP packet headers. It introduces the ECM model, which combines external attention for byte-level features with CNN for inter-byte semantics, achieving high accuracy (≈98% on ISCX) and millisecond-level per-packet latency. Through experiments on multiple datasets, ECM demonstrates strong performance and faster inference than payload-based baselines, highlighting the viability of header-only classification for real-time applications. The work also analyzes the discriminative power of header bytes and discusses privacy advantages and directions for broader service coverage.

Abstract

Network traffic classification is an important part of network monitoring and network management. Three traditional methods for network traffic classification are flow-based, session-based, and packet-based, while flow-based and session-based methods cannot meet the real-time requirements and existing packet-based methods will violate user's privacy. To solve the above problems, we propose a network traffic classification method only by the IP packet header, which satisfies the requirements of both the user's privacy protection and online classification performances. Through statistical analyses, we find that IP packet header information is effective on the network traffic classification tasks and this conclusion is also demonstrated by experiments. Furthermore, we propose a novel external attention and convolution mixed (ECM) model for online network traffic classification. This model adopts both low-computational complexity external attention and convolution to respectively extract the byte-level and packet-level characteristics for traffic classification. Therefore, it can achieve high classification accuracy and low time consumption. The experiments show that ECM can achieve the highest classification accuracy and the lowest delay, compared with other state-of-art models. The accuracy can respectively achieve 98.39% and 95.57% on two datasets and the classification time is shorten to meet the real-time requirements.

Online Network Traffic Classification Based on External Attention and Convolution by IP Packet Header

TL;DR

The paper addresses privacy-preserving online network traffic classification by using only IP packet headers. It introduces the ECM model, which combines external attention for byte-level features with CNN for inter-byte semantics, achieving high accuracy (≈98% on ISCX) and millisecond-level per-packet latency. Through experiments on multiple datasets, ECM demonstrates strong performance and faster inference than payload-based baselines, highlighting the viability of header-only classification for real-time applications. The work also analyzes the discriminative power of header bytes and discusses privacy advantages and directions for broader service coverage.

Abstract

Network traffic classification is an important part of network monitoring and network management. Three traditional methods for network traffic classification are flow-based, session-based, and packet-based, while flow-based and session-based methods cannot meet the real-time requirements and existing packet-based methods will violate user's privacy. To solve the above problems, we propose a network traffic classification method only by the IP packet header, which satisfies the requirements of both the user's privacy protection and online classification performances. Through statistical analyses, we find that IP packet header information is effective on the network traffic classification tasks and this conclusion is also demonstrated by experiments. Furthermore, we propose a novel external attention and convolution mixed (ECM) model for online network traffic classification. This model adopts both low-computational complexity external attention and convolution to respectively extract the byte-level and packet-level characteristics for traffic classification. Therefore, it can achieve high classification accuracy and low time consumption. The experiments show that ECM can achieve the highest classification accuracy and the lowest delay, compared with other state-of-art models. The accuracy can respectively achieve 98.39% and 95.57% on two datasets and the classification time is shorten to meet the real-time requirements.
Paper Structure (16 sections, 19 equations, 5 figures, 8 tables)

This paper contains 16 sections, 19 equations, 5 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Statistical Feature Analyses Of IP Packet Header
  4. Methodology
  5. Data Preprocessing
  6. Embedding layer
  7. External Attention
  8. Convolutional Layer
  9. Linear Layer and Output
  10. Experiments
  11. Experimental Environment and Evaluation
  12. Hyperparameter Selections
  13. Baselines Comparisons
  14. Verification of IP Packet Header Method on Another Dataset
  15. Performance Comparisons of ECM with Different Input Lengths
  16. ...and 1 more sections

Figures (5)

  • Figure 1: IPV4 Network Layer Header Structure
  • Figure 2: The statistical distribution of IP packet header byte information on ISCX dataset.
  • Figure 3: An external attention and convolution mixed model by IP packet header for network traffic classification, mainly including data preprocessing, embedding layer, external attention layer, convolutional layer, and linear layer.
  • Figure 4: One-dimensional valid convolution and concatenation operation
  • Figure 5: Performance comparisons of hypeparameter $S$ and $D$ with different values on ISCX dataset