AI-based Traffic Modeling for Network Security and Privacy: Challenges Ahead

TL;DR

The paper surveys AI-based network traffic modeling for security and privacy (NetS&P), addressing the challenge of analyzing encrypted traffic with statistical and deep learning methods. It covers key tasks—anomaly detection, attack classification, IoT device identification, and website fingerprinting—along with additional tasks and defense considerations, highlighting practical deployment constraints and explainability needs. A central theme is the data bottleneck and the move toward foundation models, synthetic data, in-network processing, and cross-task transfer to enable robust, scalable NetS&P solutions. The work guides researchers and practitioners toward deployable, privacy-preserving AI systems capable of handling high-speed networks and evolving threats, by outlining data, deployment, and model convergence challenges and proposing concrete avenues like programmable data planes and self-supervised learning.

Abstract

Network traffic analysis using AI (machine learning and deep learning) models made significant progress over the past decades. Traffic analysis addresses various challenging problems in network security, ranging from detection of anomalies and attacks to countering of Internet censorship. AI models are also developed to expose user privacy risks as demonstrated by the research works on fingerprinting of user-visiting websites, IoT devices, and different applications, even when payloads are encrypted. Despite these advancements, significant challenges remain in the domain of network traffic analysis to effectively secure our networks from evolving threats and attacks. After briefly reviewing the relevant tasks and recent AI models for traffic analysis, we discuss the challenges that lie ahead.