Facing Unknown: Open-World Encrypted Traffic Classification Based on Contrastive Pre-Training

TL;DR

This paper introduces OWCP, a contrastive pre-training framework for open-world encrypted traffic classification, effectively distinguishing known applications from unknown ones using synthetic flow generation and classifier modification.

Contribution

The paper presents a novel open-world contrastive pre-training approach that improves encrypted traffic classification by synthesizing flows and enhancing classifier sensitivity to unknown traffic.

Findings

OWCP outperforms existing methods on three datasets.

Synthetic flows improve unknown traffic detection.

Ablation studies validate each component's effectiveness.

Abstract

Traditional Encrypted Traffic Classification (ETC) methods face a significant challenge in classifying large volumes of encrypted traffic in the open-world assumption, i.e., simultaneously classifying the known applications and detecting unknown applications. We propose a novel Open-World Contrastive Pre-training (OWCP) framework for this. OWCP performs contrastive pre-training to obtain a robust feature representation. Based on this, we determine the spherical mapping space to find the marginal flows for each known class, which are used to train GANs to synthesize new flows similar to the known parts but do not belong to any class. These synthetic flows are assigned to Softmax's unknown node to modify the classifier, effectively enhancing sensitivity towards known flows and significantly suppressing unknown ones. Extensive experiments on three datasets show that OWCP significantly outperforms existing ETC and generic open-world classification methods. Furthermore, we conduct comprehensive ablation studies and sensitivity analyses to validate each integral component of OWCP.