TY - GEN
T1 - Continuous Select-and-Prune Incremental Learning for Encrypted Traffic Classification in Distributed SDN Networks
AU - Duong, Son
AU - Tran, Hai Anh
AU - Tran, Truong X.
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Traffic classification plays an indispensable role in Computer Networks and the Internet of Things. As the cybersecurity landscape evolves, a diverse array of encrypted protocols (e.g., HTTPS, GQUIC, and TLS) is becoming increasingly prevalent. Alongside this, the challenge of encrypted traffic classification has garnered renewed attention, fostered by the increasing adoption of Deep Learning (DL) methodologies. Nonetheless, the fast-paced release of new encrypted protocols necessitates frequent retraining of DL models on reformed datasets encompassing encrypted traffic from both known and unknown applications. This requirement can lead to the issues of catastrophic forgetting, particularly when classifying unknown applications. To address this shortcoming, we propose a novel two-stage Incremental Learning (IL) paradigm based on flowexemplar selection strategy and model pruning, CoSP, to enable continuous model evolution with unknown applications. Extensive experiments on encrypted traffic datasets in a Software-defined networking environment illustrate that our method outperforms other IL approaches, achieving 1.07% and 0.94% improvements in last accuracy and forgetting, respectively.
AB - Traffic classification plays an indispensable role in Computer Networks and the Internet of Things. As the cybersecurity landscape evolves, a diverse array of encrypted protocols (e.g., HTTPS, GQUIC, and TLS) is becoming increasingly prevalent. Alongside this, the challenge of encrypted traffic classification has garnered renewed attention, fostered by the increasing adoption of Deep Learning (DL) methodologies. Nonetheless, the fast-paced release of new encrypted protocols necessitates frequent retraining of DL models on reformed datasets encompassing encrypted traffic from both known and unknown applications. This requirement can lead to the issues of catastrophic forgetting, particularly when classifying unknown applications. To address this shortcoming, we propose a novel two-stage Incremental Learning (IL) paradigm based on flowexemplar selection strategy and model pruning, CoSP, to enable continuous model evolution with unknown applications. Extensive experiments on encrypted traffic datasets in a Software-defined networking environment illustrate that our method outperforms other IL approaches, achieving 1.07% and 0.94% improvements in last accuracy and forgetting, respectively.
UR - http://www.scopus.com/inward/record.url?scp=85214943859&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85214943859&partnerID=8YFLogxK
U2 - 10.1109/LCN60385.2024.10639717
DO - 10.1109/LCN60385.2024.10639717
M3 - Conference contribution
AN - SCOPUS:85214943859
T3 - Proceedings - Conference on Local Computer Networks, LCN
BT - Proceedings of the 49th IEEE Conference on Local Computer Networks, LCN 2024
A2 - Tschorsch, Florian
A2 - Thilakarathna, Kanchana
A2 - Solmaz, Gurkan
PB - IEEE Computer Society
T2 - 49th IEEE Conference on Local Computer Networks, LCN 2024
Y2 - 8 October 2024 through 10 October 2024
ER -