Research Of Network Traffic Classification Technology Based On Deep Learning

The rapid popularization of the network and the rapid development of network technology have brought great convenience to the residents’ work and lifestyle.However,complex applications and large-quantity traffic data have brought great challenges to the control of traffic quality of service(Qo S),network supervision,and network security.As a key part of traffic classification,with the popularization of encrypted traffic technology and the rapid growth of application types and quantities of network traffic,the classification accuracy and efficiency of traditional traffic classification technologies with a low degree of automation cannot meet the needs of practical applications.At the same time,the zero-day traffic that appears at any time in the open network environment also brings great challenges to the problem of traffic classification.This paper focuses on in-depth research on high-performance traffic classification models and zero-day traffic problems.The main works are as follows:(1)Based on the research on the data packet structure and specific field information,point out the differences in the characteristic patterns and encryption methods of the packet header and payload part of the packet.Accordingly,the header part is represented as a text mode,and the payload part is represented as a picture mode.A traffic preprocessing method is proposed,which preprocesses the packet header and payload separately and unifies the dimensions,and proposes the Flow Classifier Based on Spatial-Temporal Attention Module(FC-STAM)parallel extracte temporal features of the header and spatial features of the payload.respectively,The temporal attention mechanism and channel/spatial attention mechanism are used in the dual branches to help the feature extraction process.The effectiveness of FC-STAM is verified by the performance comparison on public datasets.(2)Aiming at the zero-day traffic problem in an open and changeable network environment,Flow Open-set Classifier based on Euclidean-Cosine Loss and Extreme Value Theory(FOC-ECLEVT)is proposed.A two-stage training framework is introduced to decouple feature training and classifier training.ECLoss training is used in the feature training stage,and the feature distribution of the excitation samples is compact within the class and separable between classes;in the classifier learning stage,the cross-entropy loss function is used for training.Extreme Value Theory(EVT)and Weibull distribution model are introduced to fit the feature distribution of tail samples for each known class,and zero-day traffic is classified by setting a threshold for the Weibull Cumulative Distribution Function(CDF)probability.The experiments use public datasets to simulate an open network environment,and design and contrast experiments to verify the effectiveness of FOC-ECLEVT.(3)FOC-ECLEVT update algorithm based on zero-day traffic self-labeling is proposed.The algorithm is divided into three modules: FOC-ECLEVT,zero-day traffic self-labeling,and model class incremental update.The FOC-ECLEVT module saves misclassified known traffic samples and recalled zero-day traffic samples;the zero-day traffic self-labeling module uses the saved initial open-set classification model as the prior knowledge for zero-day traffic clustering,The dimensionality reduction clustering method called PCA-X-means is used to labels the recalled zero-day traffic samples;the model class incremental update method also introduces a two-stage training framework for the problem that zero-day traffic belongs to a minority class:the feature learning model update process uses ECLoss for training,the training technique of progressive balanced sampling is introduced in the classifier updating process to improve the classification performance of zero-day traffic.The experimental part verifies the accuracy of zero-day traffic self-labeling and the classification performance of the updated classifier for zero-day traffic after segmentation.