LightSEEN: Real-Time Unknown Traffic Discovery via Lightweight Siamese Networks

With the increase in the proportion of encrypted network traffic, encrypted traffic identification (ETI) is becoming a critical research topic for network management and security. At present, ETI under closed world assumption has been adequately studied. However, when the models are applied to the r...

Full description

Saved in:
Bibliographic Details
Published in:Security and communication networks 2021-10, Vol.2021, p.1-12
Main Authors: Li, Ji, Gu, Chunxiang, Wei, Fushan, Zhang, Xieli, Hu, Xinyi, Guo, Jiaxing, Liu, Wenfen
Format: Article
Language:English
Subjects:
Accuracy
Artificial neural networks
Classification
Clustering
Communications traffic
Deep learning
Efficiency
Experiments
Feature extraction
Lightweight
Machine learning
Neural networks
Protocol
Traffic models
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the increase in the proportion of encrypted network traffic, encrypted traffic identification (ETI) is becoming a critical research topic for network management and security. At present, ETI under closed world assumption has been adequately studied. However, when the models are applied to the realistic environment, they will face unknown traffic identification challenges and model efficiency requirements. Considering these problems, in this paper, we propose a lightweight unknown traffic discovery model LightSEEN for open-world traffic classification and model update under practical conditions. The overall structure of LightSEEN is based on the Siamese network, which takes three simplified packet feature vectors as input on one side, uses the multihead attention mechanism to parallelly capture the interactions among packets, and adopts techniques including 1D-CNN and ResNet to promote the extraction of deep-level flow features and the convergence speed of the network. The effectiveness and efficiency of the proposed model are evaluated on two public data sets. The results show that the effectiveness of LightSEEN is overall at the same level as the state-of-the-art method and LightSEEN has even better true detection rate, but the parameter used in LightSEEN is 0.51% of the baseline and its average training time is 37.9% of the baseline.
ISSN:1939-0114
1939-0122
DOI:10.1155/2021/8267298