A Encrypted Traffic Classification Model Based on GraphSAGE and Graph Attention Networks

doi:10.19678/j.issn.1000-3428.0252324

Abstract

Abstract: Currently, encrypted traffic classification has attracted significant research attention. However, many existing methods extract only flow-level features, which are often unreliable for short flows due to the instability of statistical characteristics. Moreover, they tend to treat packet headers and payloads equally, failing to explore the potential correlations between individual bytes. In addition, convolutional neural networks (CNNs) and recurrent neural networks (RNNs) struggle to capture the discriminative information embedded in raw bytes. To address these challenges, we propose a fine-grained encrypted traffic classification model（ETC-SAT）, which integrates GraphSAGE and Graph Attention Networks (GAT). This method constructs byte-level traffic graphs based on pointwise mutual information (PMI). Specifically, a dual embedding layer is designed to embed the byte-level traffic graphs into the graph model. Furthermore, we develop a traffic graph encoder that combines GraphSAGE and GAT: GraphSAGE provides stable neighbor feature aggregation, while GAT introduces an attention mechanism to enhance selective aggregation, thereby improving the quality of graph feature extraction. An adaptive deep feature fusion mechanism is then employed to integrate information from separately processed packet headers and payloads, resulting in stronger feature representations. Experimental results on two public datasets—ISCX-VPN2016 and ISCX-Tor2016—demonstrate that the ETC-SAT model can effectively identify types of encrypted traffic and significantly outperforms baseline methods in terms of classification performance.

摘要： 目前，加密流量分类的研究备受关注。然而，现有的许多加密流量分类方法仅提取流级特征，由于统计特征不可靠而无法处理短流量，或者将头部和有效负载同等对待，导致无法探索字节之间的潜在关联。此外，卷积神经网络（CNN）和循环神经网络（RNN）存在着无法获取原始字节中包含的判别信息的问题。因此，提出了一种GraphSAGE和GAT相结合的细粒度加密流量分类模型（ETC-SAT），该方法基于点互信息（PMI）来构建字节级流量图。具体而言，在该方法中设计了一个双重嵌入层，该层用于将字节级流量图嵌入到图模型当中。同时还设计了一个GraphSAGE和GAT相结合的流量图编码器，该编码器中GraphSAGE提供了稳定的邻居特征聚合方式，GAT通过引入注意力机制增强选择性聚合，从而更有利于图特征的提取。之后应用自适应深度特征融合机制，该机制可以将分别处理的数据包头部和有效载荷的信息融合在一起以获得更强的特征表示。在ISCX-VPN2016和ISCX-Tor2016这两个公开数据集上的实验结果表明，ETC-SAT算法能够有效识别加密流量的类型，而且性能明显优于基线算法。

Yan Qihong, Yang Wenjun. A Encrypted Traffic Classification Model Based on GraphSAGE and Graph Attention Networks[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0252324.

燕齐鸿, 杨文军. 基于GraphSAGE和图注意力网络的加密流量分类模型[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0252324.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0252324

References

[1] RAMADHANI E. Anonymity communication VPN and Tor: a comparative study [J]. Journal of Physics: Conference Series, 2018, 983(1): 01206 [2] SALMAN O, ELHAJJ I H, KAYSSI A, CHEHAB A. A review on machine learning–based approaches for Internet traffic classification [J]. Annals of Telecommunications, 2020, 75(11): 673-710. [3] DONG S. Multi class SVM algorithm with active learning for network traffic classification [J]. Expert Systems with Applications, 2021, 176: 114885. [4] ACETO G, CIUONZO D, MONTIERI A, PESCAPé A. Toward effective mobile encrypted traffic classification through deep learning [J]. Neurocomputing, 2020, 409: 306-15. [5] ACETO G, CIUONZO D, MONTIERI A, PESCAPé A. DISTILLER: Encrypted traffic classification via multimodal multitask deep learning [J]. Journal of Network and Computer Applications, 2021, 183-184: 102985. [6] LAN J, LIU X, LI B, et al. DarknetSec: A novel self-attentive deep learning method for darknet traffic classification and application identification [J]. Computers & Security, 2022, 116: 102663. [7] KIPF T, WELLING M. Semi-Supervised Classification with Graph Convolutional Networks [J]. 2017. [8] CAI W, GOU G, JIANG M, et al. MEMG: Mobile Encrypted Traffic Classification With Markov Chains and Graph Neural Network [Z]. 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). 2021: 478-86.10.1109/HPCC-DSS-SmartCity-DependSys53884.2021.00087 [9] HUOH T L, LUO Y, ZHANG T. Encrypted Network Traffic Classification Using a Geometric Learning Model; proceedings of the 2021 IFIP/IEEE International Symposium on Integrated Network Management (IM), F 17-21 May 2021, 2021 [C]. [10] LU J, GOU G, SU M, et al. GAP-WF: Graph Attention Pooling Network for Fine-grained SSL/TLS Website Fingerprinting [Z]. 2021 International Joint Conference on Neural Networks (IJCNN). 2021: 1-8.10.1109/ijcnn52387.2021.9533543 [11] PHAM T-D, HO T-L, TRUONG-HUU T, et al. MAppGraph: Mobile-App Classification on Encrypted Network Traffic using Deep Graph Convolution Neural Networks [Z]. Proceedings of the 37th Annual Computer Security Applications Conference. Virtual Event, USA; Association for Computing Machinery. 2021: 1025–38.10.1145/3485832.3485925 [12] SHEN M, ZHANG J, ZHU L, et al. Accurate Decentralized Application Identification via Encrypted Traffic Analysis Using Graph Neural Networks [J]. IEEE Transactions on Information Forensics and Security, 2021, 16: 2367-80. [13] ZAKI F, AFIFI F, ABD RAZAK S, et al. GRAIN: Granular multi-label encrypted traffic classification using classifier chain [J]. Computer Networks, 2022, 213: 109084. [14] XU S J, GENG G G, JIN X B, et al. Seeing Traffic Paths: Encrypted Traffic Classification With Path Signature Features [J]. IEEE Transactions on Information Forensics and Security, 2022, 17: 2166-81. [15] EDE T V, BORTOLAMEOTTI R, CONTINELLA A, et al. FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic [J]. Proceedings 2020 Network and Distributed System Security Symposium, 2020. [16] LIU C, HE L, XIONG G, et al. FS-Net: A Flow Sequence Network For Encrypted Traffic Classification; proceedings of the IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, F 29 April-2 May 2019, 2019 [C]. [17] ZHU P, WANG G, HE J, et al. 2024. An encrypted traffic identification method based on multi-scale feature fusion. Array [J], 21: 100338 [18] LIN X, XIONG G, GOU G, et al. ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification [Z]. Proceedings of the ACM Web Conference 2022. Virtual Event, Lyon, France; Association for Computing Machinery. 2022: 633–42.10.1145/3485447.3512217 [19] PARK J-T, CHOI Y-S, CHO B-S, et al. 2025. Multi-Level Pre-Training for Encrypted Network Traffic Classification. IEEE Access [J], 13: 68643-68659 [20] WANG X, CHEN S, SU J. App-Net: A Hybrid Neural Network for Encrypted Mobile Traffic Classification; proceedings of the IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), F 6-9 July 2020, 2020 [C]. [21] ZULU O, ERNEST F, ZHE H, et al. 2025. A graph representation framework for encrypted network traffic classification. Computers & Security [J], 148: 104134 [22] HUOH T-L, LUO Y, LI P, ZHANG T. Flow-Based Encrypted Network Traffic Classification With Graph Neural Networks [J]. IEEE Transactions on Network and Service Management, 2023, 20(2): 1224-37. [23] 唐瑛,王宝会.基于图神经网络的SSL/TLS加密恶意流量检测算法研究[J].计算机科学,2024,51(09):365-370. TANG Y, WANG B H. Study on SSL/TLS Encrypted Malicious Traffic Detection Algorithm Based on Graph Neural Networks[J].Computer Science, 2024,51(09):365-370. [24] 李孟想,彭闯,王浩,等.基于图神经网络的鲁棒加密流量识别[J].电信科学,2024,40(06):89-99. LI M X, PENG C,WANG H, et al.A robust encrypted traffic identification scheme based on graph neural network[J].Telecommunication Science, 2024,40(06):89-99. [25] 喻晓伟,陈丹伟.基于注意力机制的图神经网络加密流量分类研究[J].信息安全研究,2023,9(01):13-21. Yu X W, CHEN D W. Research on Encrypted Traffic Classification of Graph Neural Network Based on Attention Mechanism[J]. Journal of Information Security Research,2023,9(01):13-21. [26] ZHANG H, YU L, XIAO X, et al. TFE-GNN: A Temporal Fusion Encoder Using Graph Neural Networks for Fine-grained Encrypted Traffic Classification [Z]. Proceedings of the ACM Web Conference 2023. Austin, TX, USA; Association for Computing Machinery. 2023: 2066–75.10.1145/3543507.3583227 [27] HAN X, XU G, ZHANG M, et al. DE-GNN: Dual embedding with graph neural network for fine-grained encrypted traffic classification [J]. Computer Networks, 2024, 245: 110372. [28] LIANG Y, CHENGSHENG M, YUAN L. Graph convolutional networks for text classification [Z]. Proceedings of the Thirty-Third AAAI Conference on Artificial Intelligence and Thirty-First Innovative Applications of Artificial Intelligence Conference and Ninth AAAI Symposium on Educational Advances in Artificial Intelligence. Honolulu, Hawaii, USA; AAAI Press. 2019: Article 905.10.1609/aaai.v33i01.33017370 [29] HE K, ZHANG X, REN S, SUN J. Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification [J]. IEEE International Conference on Computer Vision (ICCV 2015), 2015, 1502. [30] IOFFE S, SZEGEDY C. Batch normalization: accelerating deep network training by reducing internal covariate shift [Z]. Proceedings of the 32nd International Conference on International Conference on Machine Learning - Volume 37. Lille, France; JMLR.org. 2015: 448–56 [31] LI Y, LIU L, QIN H, et al. Adaptive Deep Feature Fusion for Continuous Authentication With Data Augmentation [J]. IEEE Transactions on Mobile Computing, 2023, 22(10): 5690-705. [32] HOCHREITER S, SCHMIDHUBER J. Long Short-Term Memory [J]. Neural Comput, 1997, 9(8): 1735–80. [33] GIL G D, LASHKARI A H, MAMUN M S I, GHORBANI A A. Characterization of Encrypted and VPN Traffic using Time-related Features [Z]. Proceedings of the 2nd International Conference on Information Systems Security and Privacy. 2016: 407-14.10.5220/0005740704070414 [34] LASHKARI A H, GIL G D, MAMUN M S I, GHORBANI A A. Characterization of Tor Traffic using Time based Features [Z]. Proceedings of the 3rd International Conference on Information Systems Security and Privacy. 2017: 253-62.10.5220/0006105602530262 [35] WANG W, ZHU M, WANG J, et al. End to end encrypted traffic classification with one dimensional convolution neural networks. [Z]. 2017 IEEE International Conference on Intelligence and Security Informatics (ISI). Beijing,China. 2017: 43-8.10.1109/ISI.2017.8004872

Please choose a citation manager

Content to export