LGR-CE: Encrypted Traffic Classification EncoderBased on Lightweight Graph Representation

In recent years, traffic encryption technology has been widely used in user information protection, and the amount of encryptedtraffic in communication networks has increased dramatically. In view of the problems of unclear local key features and lowclassification accuracy in traditional malicious traffic detection and normal application classification, this paper proposes anencrypted traffic classification encoder based on lightweight graph representation. By converting the byte sequence of datapackets into a graph, a byte-level traffic graph is constructed. It is proposed to construct a weighted output of a weight matrix tolightweight the model. The lightweight graph representation is used as the network input. The embedding layer, the trafficencoder layer based on the graph neural network, and the time information extraction layer are mainly designed. The headerand the payload can be embedded separately. It is proposed to use GraphSAGE with sampling averaging to encode eachbyte-level traffic graph into the overall representation vector of each data packet. For end-to-end training, this paper adopts theimproved Transformer model of relative position encoding time series to obtain the final classification results of downstreamtasks. In order to evaluate the reliability of the method, the proposed method was used to classify network encrypted trafficand conduct ablation experiments on two application classification datasets, WWT and ISCX-2012, and finally compared withmore than a dozen other baseline models. The test results show that the F1 score can reach 0.9938. Through lightweightexperiments, it is found that its parameter volume is reduced by 18.2% compared with the original model TFE-GNN. Therefore,the results show that the proposed improved method can improve the accuracy of network traffic application and abnormalbehavior detection when the model parameters are reduced. Considering the two dimensions of model parameters andaccuracy, this paper proposes an encrypted traffic classification encoder based on lightweight graph representation, which isbetter than many existing models.