簡易檢索 / 詳目顯示
| 研究生: |
李哲瑋 Lee, Zhe-Wei |
|---|---|
| 論文名稱: |
使用預訓練 GLM 與 Mamba 模型實現基於封包的流量分類 Packet Based Traffic Classification Using Pretrained GLM and Mamba Models |
| 指導教授: |
張燕光
Chang, Yeim-Kuan |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 資訊工程學系 Department of Computer Science and Information Engineering |
| 論文出版年: | 2025 |
| 畢業學年度: | 113 |
| 語文別: | 英文 |
| 論文頁數: | 69 |
| 中文關鍵詞: | 深度學習 、流量分類 、大型語言模型 、預訓練模型 |
| 外文關鍵詞: | Deep Learning, Traffic Classification, Large Language Models, Pretrained Models |
| 相關次數: | 點閱:94 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著加密技術(如 VPN)的普及,網路流量中加密封包的比例逐漸升高,對於流量分類任務提出更高挑戰。傳統流量分類方法如基於連接埠的識別與深度封包檢查(DPI)在加密情境下效果大幅下降,而深度學習模型則面臨訓練資料不足與計算成本高昂等問題。
為了解決上述問題,本研究提出兩種基於大型預訓練語言模型的應用策略,期望在資料有限的情況下依然能有效完成加密流量分類任務。第一種方法使用 GLM-4 模型,將封包特徵嵌入特定格式的 prompt 中,並以微調後的分類頭進行訓練;第二種方法則採用 Mamba 模型,將封包 payload 轉換為十六進位字串後進行 token 化,並透過線性時間的選擇性狀態空間架構完成分類。
實驗結果顯示,本研究方法在 ISCXP-VPN 與 ISCX-Tor 資料集上皆達到極高的準確率,與現有的深度學習方法相比展現出優異的表現,特別是在模型泛化能力與長序列處理效率方面更具潛力。
這篇論文展示了我們通過設計合理的資料前處理,成功應用了大型語言模型,並且在資料量稀缺的環境中達到一樣或更好的準確率。這些成果證明了預訓練模型在加密流量分類中的潛力,為未來網路領域提供了寶貴的技術參考。
With the widespread adoption of encryption technologies such as VPN, the proportion of encrypted packets in network traffic has significantly increased, posing greater challenges to traffic classification tasks. Traditional approaches, including port-based identification and deep packet inspection (DPI), suffer from drastic performance degradation under encrypted scenarios. Deep learning-based methods, on the other hand, often struggle with limited labeled data and high computational costs.
To address these challenges, this study proposes two strategies leveraging large pretrained language models to achieve effective encrypted traffic classification even in data-scarce environments. The first approach employs the GLM-4 model, where extracted packet features are embedded into structured prompts and processed by a fine-tuned classification head. The second approach utilizes the Mamba model, in which packet payloads are transformed into hexadecimal strings, tokenized, and classified through a linear-time selective state space architecture.
Experimental results on the ISCX-VPN and ISCX-Tor datasets demonstrate that the proposed methods achieve exceptionally high accuracy and outperform several state-of-the-art deep learning baselines. Notably, these methods exhibit strong generalization capabilities and improved efficiency in handling long sequences. This research highlights the potential of pretrained language models in encrypted traffic classification, offering valuable insights for future developments in the network security domain.
[1] Bujlow, T., Carela-Español, V., & Barlet-Ros, P. (2015). Independent comparison of popular DPI tools for traffic classification. Computer Networks, 76, 75–89.
[2] Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization.
[3] Velan, P., Čermák, M., Čeleda, P., & Drašar, M. (2015). A survey of methods for encrypted traffic classification and analysis. International Journal of Network Management, 25(5), 355–374.
[4] Nguyen, T. T., & Armitage, G. (2008). A survey of techniques for internet traffic classification using machine learning. IEEE Communications Surveys & Tutorials, 10(4), 56–76.
[5] Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., & Ghorbani, A. A. (2016). Characterization of Encrypted and VPN Traffic using Time-related Features.
[6] Rezaei, S., & Liu, X. (2019). Deep Learning for Encrypted Traffic Classification: An Overview. IEEE Communications Magazine, 57(5), 76–81.
[7] Liu, C., He, L., Xiong, G., Cao, Z., & Li, Z. (2019). FS-Net: A Flow Sequence Network For Encrypted Traffic Classification.
[8] Liu, C., Wang, W., Wang, M., Lv, F., & Konan, M. (2017). An efficient instance selection algorithm to reconstruct training set for support vector machine. Knowledge-Based Systems, 116, 58–73.
[9] LeCun, Y., Bengio, Y. & Hinton, G. Deep learning. Nature 521, 436–444 (2015).
[10] Lotfollahi, M., Siavoshani, M. J., Zade, R. S. H., & Saberian, M. (2019). Deep packet: a novel approach for encrypted traffic classification using deep learning. Soft Computing, 24(3), 1999–2012.
[11] Wang, N. W., Zhu, N. M., Zeng, N. X., Ye, N. X., & Sheng, N. Y. (2017). Malware traffic classification using convolutional neural network for representation learning.
[12] Wang, W., Zhu, M., Wang, J., Zeng, X., & Yang, Z. (2017). End-to-end encrypted traffic classification with one-dimensional convolution neural networks.
[13] Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., & Ghorbani, A. A. (2016). Characterization of Encrypted and VPN Traffic using Time-related Features.
[14] Lashkari, A. H., Gil, G. D., Mamun, M. S. I., & Ghorbani, A. A. (2017). Characterization of Tor Traffic using Time based Features.
[15] Van Ede, T., Bortolameotti, R., Continella, A., Ren, J., Dubois, D. J., Lindorfer, M., Choffnes, D., Van Steen, M., & Peter, A. (2020). FlowPrint: Semi-Supervised Mobile-App Fingerprinting on Encrypted Network Traffic.
[16] Zheng, W., Gou, C., Yan, L., & Mo, S. (2020). Learning to Classify: A Flow-Based Relation Network for Encrypted Traffic Classification.
[17] Vaswani, A., Shazeer, N.M., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., & Polosukhin, I. (2017). Attention is All you Need. Neural Information Processing Systems.
[18] Zhao, R., Huang, Y., Deng, X., Xue, Z., Li, J., Huang, Z., & Wang, Y. (2021). Flow Transformer: A Novel Anonymity Network Traffic Classifier with Attention Mechanism. 2021 17th International Conference on Mobility, Sensing and Networking.
[19] Luo, Y., Chen, X., Ge, N., Feng, W., & Lu, J. (2022). Transformer-Based Malicious Traffic Detection for Internet of Things. ICC 2022 - IEEE International Conference on Communications.
[20] A. Ali, T. Sheykh Esmaili, and M. H. Mahoor, “Enhancing Network Traffic Classification with Large Language Models,” arXiv preprint arXiv:2310.08321, 2023.
[21] Team GLM et al., “ChatGLM: A Family of Large Language Models from GLM-130B to GLM-4 All Tools,” arXiv preprint arXiv:2406.12793, 2024. [Online]. Available: https://arxiv.org/abs/2406.12793
[22] A. Gu, T. Dao, K. Goel, A. Rudra, and C. Ré, “Mamba: Linear-Time Sequence Modeling with Selective State Spaces,” arXiv preprint arXiv:2312.00752, 2023.
[23] Finsterbusch, M., Richter, C., Rocha, E., Muller, J. A., & Hanssgen, K. (2014). A Survey of Payload-Based Traffic Classification Approaches. IEEE Communications Surveys & Tutorials, 16(2), 1135–1156.
[24] Bujlow, T., Carela-Español, V., & Barlet-Ros, P. (2015b). Independent comparison of popular DPI tools for traffic classification. Computer Networks, 76, 75–89.
[25] Hochreiter, S., & Schmidhuber, J. (1997). Long Short-Term Memory. Neural Computation, 9(8), 1735–1780.
[26] https://scapy.net/
[27] https://www.wireshark.org/docs/man-pages/tshark.html
[28] X. Wang, J. Zhang, Y. Huang, Y. Du, L. Guo, and J. Cao, “YaTC: A Novel Self-Supervised Framework Based on Masked Autoencoder for Traffic Classification,” in *Proc. IEEE MASS*, Guangzhou, China, Oct. 2023, pp. 515–523, doi: 10.1109/MASS58274.2023.00085.
[29] He, H. Y., Yang, Z. G., & Chen, X. N. (2020). PERT: Payload Encoding Representation from Transformer for Encrypted Traffic Classification.
[30] Lin, X., Xiong, G., Gou, G., Li, Z., Shi, J., & Yu, J. (2022). ET-BERT: A Contextualized Datagram Representation with Pre-training Transformers for Encrypted Traffic Classification. Proceedings of the ACM Web Conference 2022.
2029-09-01公開