SHTree: A Structural Encrypted Traffic Fingerprint Generation Method for Multiple Classification Tasks

• Published in: 2024 IEEE Symposium on Computers and Communications (ISCC) pp. 1 - 7
• Main Authors: Ma, Minghao, Shi, Zhixin, Yin, Qilei, Zong, Yangyang
• Format: Conference Proceeding
• Language: English
• Published: IEEE 26.06.2024
• Subjects: Accuracy; Computer security; Computers; Decision making; Deep learning; Encryption; Feature extraction; Fingerprint recognition; Large language models; Network Security; Network Traffic Classification; Telecommunication traffic; Traffic Fingerprint
• ISSN: 2642-7389
• DOI: 10.1109/ISCC61673.2024.10733622

In recent years, encrypted traffic classification has been found widespread applications in the field of cybersecurity. Its main challenge lies in accurately represent traffic when features are obscured due to encryption. To address this, researchers utilize fingerprint construction methods based on statistical information or employ Deep Learning (DL) for traffic representation. However, in previous methods of feature selection, flat key-value pair features, or raw packet bytes are often used, ignoring the structured information embedded in packets and flows. Therefore, We propose a novel structured encrypted traffic fingerprint generation method called SHTree. It constructs traffic fingerprints using a set of tree-based structures to represent traffic, encapsulating structural features from the traffic, enhancing the representation of traffic. This enables it to adapt to various classification tasks through general feature selection. The experiments demonstrate that our method achieves comparable accuracy to state-of-the-art Large Language Models (LLMs), with an F1 score higher by 0.5% on specific tasks. Meanwhile, it outperforms by three orders of magnitude in classification speed. In unsupervised abnormal detection tasks, the True Positive Rate (TPR) exceeds 99%, while maintaining a False Positive Rate (FPR) of 0.5%.