Confidence Driven Classification of Application Types in the Presence of Background Network Traffic

TL;DR

This paper introduces a Gaussian Mixture Model-based framework to improve confidence estimation in application traffic classification, addressing background traffic heterogeneity and enhancing real-world classification accuracy.

Contribution

It proposes a novel confidence-driven classification method that effectively distinguishes application traffic from heterogeneous background traffic in real-world scenarios.

Findings

Enhanced classification accuracy in real-world data

Improved confidence measures for uncertain samples

Effective separation of application and background traffic

Abstract

Accurately classifying the application types of network traffic using deep learning models has recently gained popularity. However, we find that these classifiers do not perform well on real-world traffic data due to the presence of non-application-specific generic background traffic originating from advertisements, analytics, shared APIs, and trackers. Unfortunately, state-of-the-art application classifiers overlook such traffic in curated datasets and only classify relevant application traffic. To address this issue, when we label and train using an additional class for background traffic, it leads to additional confusion between application and background traffic, as the latter is heterogeneous and encompasses all traffic that is not relevant to the application sessions. To avoid falsely classifying background traffic as one of the relevant application types, a reliable confidence measure is warranted, such that we can refrain from classifying uncertain samples. Therefore, we design a Gaussian Mixture Model-based classification framework that improves the indication of the deep learning classifier's confidence to allow more reliable classification.