Unveiling traffic paths: Explainable path signature feature-based encrypted traffic classification

Abstract

Encryption technology ensures secure transmission for internet communications but poses significant challenges for effective encrypted traffic classification, which categorizes traffic into distinct groups, facilitating the process of monitoring network activities to uncover patterns and extract valuable information applicable in areas such as network management and anomaly detection. To this end, machine learning has emerged as a powerful technology for conducting encrypted traffic classification without compromising user data privacy. Machine learning-based classification demonstrates remarkable capabilities in processing vast amounts of data through sophisticated handcrafted features, with traffic path signature features representing the cutting edge of this field. This method shows stable performance improvements for common encrypted traffic types using only packet length information. However, it also yields a high dimensionality of path signature features, complicating the training of lightweight models and hindering further innovation due to a lack of model explainability. In this paper, we first propose leveraging feature selection to conduct feature dimensionality reduction, and then try to focus on the explanation of the model from both global and local perspectives. Performance comparisons indicate that our proposed method significantly reduces the number of path signature features while preserving classification performance, which enhances computational efficiency and meets the demand for lightweight models in various application scenarios. Furthermore, this significant reduction in the feature dimensionality allows for the interpretability of the model, which gives the user a clear understanding of the modeling decision-making process.