关键词: 加密流量, 网络流量分类, 联邦学习, 增量学习, 深度学习

Abstract: Recently, deep learning methods have been widely used to classify encrypted network traffic. But it still faces challenges, such as data privacy and the model’s sustainable learning capability. We propose an encrypted traffic classification method based on federated class prototype incremental learning (FPI-ETC). During the local model training phase on the client side, the Softmax classifier of the local model is replaced with a prototype classifier to mitigate the prediction bias associated with the Softmax classifier. In the new task phase, the client utilizes existing class prototype vectors to generate multiple exemplars of the old class, thereby preventing the local model from forgetting previously learned knowledge. The experimental results indicated that the final global accuracy of FPI-ETC for the ISCX VPN-nonVPN dataset was enhanced by 9.93 to 33.45 percentage points compared to other existing methods, assuming the number of tasks was set to 5 and the client sampling rate was 0.6. Additionally, the final global accuracies of FPI-ETC for the USTC-TFC2016 dataset showed an improvement of 5.06 to 10.92 percentage points over other existing methods. This demonstrates that the FPI-ETC method effectively addresses the catastrophic forgetting problem in dynamically updated encrypted network environments.

Key words: encrypted traffic, network traffic classification, federated learning, incremental learning, deep learning