{"title":"A balanced supervised contrastive learning-based method for encrypted network traffic classification","authors":"","doi":"10.1016/j.cose.2024.104023","DOIUrl":null,"url":null,"abstract":"<div><p>Encrypted network traffic classification plays an important role in enhancing network security and improving network performance. However, the imbalanced nature of traffic data makes the classification of encrypted network traffic challenging and may result in poor classification performance. Existing encrypted network traffic classification studies attempt to rebalance the data distribution through resampling strategies, which suffer from information loss, overfitting, and increased model complexity. Motivated by this, we propose an improved supervised contrastive learning approach to improve the classification performance of supervised contrastive learning classifiers for the traffic class imbalance problem in encrypted network traffic classification. Our method consists of two parts: data processing and traffic classification. In the data processing stage, we transform the raw network traffic data into grayscale images. In the traffic classification stage, we design optimized class-complement and class-averaging schemes in supervised contrastive learning. The construction of contrastive tasks is a critical link in contrastive learning. However, when constructing the set of positive and negative samples of network traffic, the samples generated by traditional methods do not conform to the salient features of network traffic. Traditional methods typically involve color modification, cropping, rotation, noise injection, and random erasure. When these traditional methods are applied to images generated from network traffic data, they may alter significant features of the network traffic data, such as changing the distribution of packet sizes. This is detrimental to maintaining the characteristics of traffic classes and does not aid the learning process. Therefore, we preprocess the traffic into images in a particular format suitable for contrastive learning, and then design a novel contrastive task construction method. The evaluation results on public datasets show that the proposed method can significantly improve the classification performance of encrypted traffic classification on imbalanced datasets.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003286","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Encrypted network traffic classification plays an important role in enhancing network security and improving network performance. However, the imbalanced nature of traffic data makes the classification of encrypted network traffic challenging and may result in poor classification performance. Existing encrypted network traffic classification studies attempt to rebalance the data distribution through resampling strategies, which suffer from information loss, overfitting, and increased model complexity. Motivated by this, we propose an improved supervised contrastive learning approach to improve the classification performance of supervised contrastive learning classifiers for the traffic class imbalance problem in encrypted network traffic classification. Our method consists of two parts: data processing and traffic classification. In the data processing stage, we transform the raw network traffic data into grayscale images. In the traffic classification stage, we design optimized class-complement and class-averaging schemes in supervised contrastive learning. The construction of contrastive tasks is a critical link in contrastive learning. However, when constructing the set of positive and negative samples of network traffic, the samples generated by traditional methods do not conform to the salient features of network traffic. Traditional methods typically involve color modification, cropping, rotation, noise injection, and random erasure. When these traditional methods are applied to images generated from network traffic data, they may alter significant features of the network traffic data, such as changing the distribution of packet sizes. This is detrimental to maintaining the characteristics of traffic classes and does not aid the learning process. Therefore, we preprocess the traffic into images in a particular format suitable for contrastive learning, and then design a novel contrastive task construction method. The evaluation results on public datasets show that the proposed method can significantly improve the classification performance of encrypted traffic classification on imbalanced datasets.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
