Revolutionizing Encrypted Traffic Classification with MH-Net: A Multi-View Heterogeneous Graph Model

TL;DR

This paper presents MH-Net, a multi-view heterogeneous graph model that improves encrypted traffic classification by capturing complex byte correlations and using contrastive learning, outperforming existing methods on standard datasets.

Contribution

Introduces MH-Net, a novel multi-view heterogeneous graph approach that models diverse byte relationships and enhances traffic classification accuracy.

Findings

MH-Net outperforms SOTA methods on ISCX and CIC-IoT datasets.

Utilizes contrastive learning to improve robustness of traffic representations.

Effectively captures header-payload and other byte correlations.

Abstract

With the growing significance of network security, the classification of encrypted traffic has emerged as an urgent challenge. Traditional byte-based traffic analysis methods are constrained by the rigid granularity of information and fail to fully exploit the diverse correlations between bytes. To address these limitations, this paper introduces MH-Net, a novel approach for classifying network traffic that leverages multi-view heterogeneous traffic graphs to model the intricate relationships between traffic bytes. The essence of MH-Net lies in aggregating varying numbers of traffic bits into multiple types of traffic units, thereby constructing multi-view traffic graphs with diverse information granularities. By accounting for different types of byte correlations, such as header-payload relationships, MH-Net further endows the traffic graph with heterogeneity, significantly enhancing model performance. Notably, we employ contrastive learning in a multi-task manner to strengthen the robustness of the learned traffic unit representations. Experiments conducted on the ISCX and CIC-IoT datasets for both the packet-level and flow-level traffic classification tasks demonstrate that MH-Net achieves the best overall performance compared to dozens of SOTA methods.