Article Highlight | 13-Nov-2024

To know what you do not know: An evidential deep learning framework for traffic classification

Higher Education Press

Traffic classification is a crucial task for network security. One of the most difficult challenges is to accurately identify the traffic of unknown applications as well as discriminate the known classes. The current learning-based classifiers can achieve high classification accuracy for the known traffic. However, they are infeasible to classify the unknown traffic. The clustering-based methods can identify the unknown traffic, but they need lots of human intervention.

To solve the problems, a research team led by Deke Guo published their new research on 15 October 2024 in Frontiers of Computer Science co-published by Higher Education Press and Springer Nature.

The team proposed a new traffic classification framework based on evidential deep learning (noted as EdaTC) to detect unknown traffic. The empirical study on a standard real-world traffic dataset shows the effectiveness of EdaTC. Compared with the MC dropout method, EdaTC can achieve comparable accuracy and training time, while causing less inference time.

In the research, the team leveraged Evidential Deep Learning enabling the conventional classifier with the additional ability to quantify the prediction uncertainty under negligible overhead. Through this metric, the operators can evaluate if the classifier performs a reliable prediction on the known traffic or an unreliable prediction on the unknown ones. However, without the information of the unknown traffic, the setting of θ is almost infeasible only with the information of known traffic. By investigating the characteristics of uncertainty distribution, the team designed a heuristic method to optimize the setting of the operational threshold θ to divide the known traffic and the unknown ones. The proposed EdaTC can train DNN models allocating discriminative evidence and uncertainty between the known and the unknown traffic. This enables the DNN-based traffic classifier with the unknown traffic identification ability.

DOI: 10.1007/s11704-024-3922-6

Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.