Online Network Traffic Classification Based on External Attention and Convolution by IP Packet Header

TL;DR

This paper introduces a novel online network traffic classification method using only IP packet headers, employing an external attention and convolution mixed model to achieve high accuracy and real-time performance while protecting user privacy.

Contribution

It proposes a new ECM model combining external attention and convolution for efficient, privacy-preserving, and accurate online network traffic classification based solely on IP packet headers.

Findings

ECM achieves up to 98.39% accuracy on one dataset.

ECM reduces classification delay to meet real-time requirements.

IP header information is effective for traffic classification.

Abstract

Network traffic classification is an important part of network monitoring and network management. Three traditional methods for network traffic classification are flow-based, session-based, and packet-based, while flow-based and session-based methods cannot meet the real-time requirements and existing packet-based methods will violate user's privacy. To solve the above problems, we propose a network traffic classification method only by the IP packet header, which satisfies the requirements of both the user's privacy protection and online classification performances. Through statistical analyses, we find that IP packet header information is effective on the network traffic classification tasks and this conclusion is also demonstrated by experiments. Furthermore, we propose a novel external attention and convolution mixed (ECM) model for online network traffic classification. This model adopts both low-computational complexity external attention and convolution to respectively extract the byte-level and packet-level characteristics for traffic classification. Therefore, it can achieve high classification accuracy and low time consumption. The experiments show that ECM can achieve the highest classification accuracy and the lowest delay, compared with other state-of-art models. The accuracy can respectively achieve 98.39% and 95.57% on two datasets and the classification time is shorten to meet the real-time requirements.