隨著互聯網的迅猛發展，網路流量的增長給網路安全和服務品質帶來了前所未有的挑戰。傳統的流量分類技術往往依賴於人為設定的特徵，這不僅耗時耗力，還可能因特徵選擇不當而影響分類的準確性。與此同時，深度學習技術的發展，尤其是卷積神經網路(CNN)，為流量分類提供了新的解決方案。然而，神經網路模型往往類似於黑盒子，使用者無法得知模型做出判斷的依據。我們提出了一種基於1D-CNN和類激活圖(Class Activation Map, CAM)的改進模型，通過可視化技術深入解析網路流量，以提高模型的解釋能力和性能。首先，我們對網路流量數據進行預處理，轉換成適合CNN模型的輸入格式，利用1D-CNN模型自動學習流量數據中的複雜模式，從而無需人工干預即可實現高效的流量分類。為了進一步提升模型的可解釋性，我們引入了類激活圖技術，通過可視化重要的特徵區域，幫助研究者和使用者理解模型的預測依據。同時，我們通過將類激活圖輸出作為權重返回到模型中，可以進一步優化模型訓練過程，加快模型的收斂速度。我們基於兩個公開的網路資料集進行實驗和模型評估，同時我們採用了準確率、精確率、召回率和F1分數等多個指標來全面評估模型性能。實驗結果表明，相比傳統的1D-CNN模型，我們提出的加權模型在多個性能指標上都優於原模型。在ISCXVPN2016數據集上，我們得到97.73%的準確率；在CIC-AndMal2017上則有66.39%的準確率。

With the rapid development of the internet, the increase in network traffic has brought unprecedented challenges to network security and quality of service. Traditional traffic classification techniques often rely on manually set features, which are not only time-consuming and labor-intensive but can also impact accuracy due to inappropriate feature selection. At the same time, the development of deep learning technologies, particularly convolutional neural networks (CNN), has provided new solutions for traffic classification. However, neural network models often resemble black boxes, making it unclear to users the basis on which decisions are made. We propose an improved model based on 1D-CNN and Class Activation Maps (CAM), which utilizes visualization techniques to deeply analyze network traffic, thereby enhancing the interpretability and performance of the model. Initially, we preprocess the network traffic data to convert it into a format suitable for the CNN model, allowing the 1D-CNN to automatically learn complex patterns in the traffic data, thus achieving efficient traffic classification without manual intervention. To further enhance the model's interpretability, we have introduced the Class Activation Map technique, which visualizes important feature areas to help researchers and users understand the basis of the model's predictions. Additionally, by using the output of the Class Activation Maps as weights fed back into the model, we can further optimize the training process and accelerate the convergence of the model. Our experiments and model evaluations are conducted on two public network datasets, and we utilize multiple metrics such as accuracy, precision, recall, and F1-score to comprehensively assess model performance. Experimental results show that compared to traditional 1D-CNN models, our proposed weighted model performs better across several performance metrics. On the ISCXVPN2016 dataset, we achieved an accuracy of 97.73%; on the CIC-AndMal2017, we reached an accuracy of 66.39%.

[1] Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, "Characterization of Encrypted and VPN Traffic Using Time-Related Features", In Proceedings of the 2nd International Conference on Information Systems Security and Privacy(ICISSP 2016) , pages 407-414, Rome, Italy.
[2] Arash Habibi Lashkari, Andi Fitriah A. Kadir, Laya Taheri, and Ali A. Ghorbani, “Toward Developing a Systematic Approach to Generate Benchmark Android Malware Datasets and Classification”, In the proceedings of the 52nd IEEE International Carnahan Conference on Security Technology (ICCST), Montreal, Quebec, Canada, 2018.
[3] Claffy, K., Polyzos, G. C., & Braun, H. W. (1995). A parameterizable methodology for Internet traffic flow profiling. IEEE Journal on Selected Areas in Communications, 13(8), 1481-1494.
[4] Dreger, H., Feldmann, A., Paxson, V., & Sommer, R. (2006). Operational experiences with high-volume network intrusion detection. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '06), 2-11.
[5] Moore, A. W., & Papagiannaki, K. (2005). Toward the accurate identification of network applications. In Proceedings of the 6th International Workshop on Passive and Active Network Measurement (PAM'05), 41-54.
[6] Zander, S., Nguyen, T. T., & Armitage, G. (2005). Automated traffic classification and application identification using machine learning. In Proceedings of the IEEE Conference on Local Computer Networks 30th Anniversary (LCN '05), 250-257.
[7] A. Krizhevsky, I. Sutskever and G. E. Hinton, "Imagenet classification with deep convolutional neural networks", Proc. Adv. Neural Inf. Process. Syst., pp. 1097-1105, 2012.
[8] Wei Wang, Ming Zhu, Xuewen Zeng, Xiaozhou Ye and Yiqiang Sheng, "Malware traffic classification using convolutional neural network for representation learning," 2017 International Conference on Information Networking (ICOIN), Da Nang, Vietnam, 2017, pp. 712-717, doi: 10.1109/ICOIN.2017.7899588.
[9] W. Wang, M. Zhu, J. Wang, X. Zeng and Z. Yang, "End-to-end encrypted traffic classification with one-dimensional convolution neural networks," 2017 IEEE International Conference on Intelligence and Security Informatics (ISI), Beijing, China, 2017, pp. 43-48, doi: 10.1109/ISI.2017.8004872.
[10] L. Garcia, G. Bartlett, S. Ravi, H. Ibrahim, W. Hardaker and E. Kline, "Explaining Deep Learning Models for Per-packet Encrypted Network Traffic Classification," 2022 IEEE International Symposium on Measurements & Networking (M&N), Padua, Italy, 2022, pp. 1-6, doi: 10.1109/MN55117.2022.9887744.
[11] N. Capuano, G. Fenza, V. Loia and C. Stanzione, "Explainable Artificial Intelligence in CyberSecurity: A Survey," in IEEE Access, vol. 10, pp. 93575-93600, 2022, doi: 10.1109/ACCESS.2022.3204171.
[12] Ribeiro, Marco Tulio et al. ““Why Should I Trust You?”: Explaining the Predictions of Any Classifier.” Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (2016): n. pag.
[13] A. Morichetta, P. Casas, and M. Mellia, “EXPLAIN-IT: Towards explain- 1974 able AI for unsupervised network traffic analysis,” in Proc. 3rd ACM 1975 CoNEXT Workshop Big DAta, Mach. Learn. Artif. Intell. Data Commun. 1976 Netw., Dec. 2019, pp. 22–28.
[14] SHAP Documentation, https://shap.readthedocs.io/en/latest/index.html, 2018
[15] C. Miao, P. Wang, Z. X. Wang and Z. Y. Li, "A Trusted Classification Method of Encrypted Traffic Based on Attention Mechanism," 2022 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), Falerna, Italy, 2022, pp. 1-8, doi: 10.1109/DASC/PiCom/CBDCom/Cy55231.2022.9928029.
[16] Zhou, Bolei et al. “Learning Deep Features for Discriminative Localization.” 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2015): 2921-2929.
[17] I. Cherepanov, A. Ulmer, J. G. Joewono and J. Kohlhammer, "Visualization Of Class Activation Maps To Explain AI Classification Of Network Packet Captures," 2022 IEEE Symposium on Visualization for Cyber Security (VizSec), Oklahoma City, OK, USA, 2022, pp. 1-11, doi: 10.1109/VizSec56996.2022.9941392.
[18] Selvaraju, Ramprasaath R. et al. “Grad-CAM: Visual Explanations from Deep Networks via GradientBased Localization.” International Journal of Computer Vision 128 (2016): 336-359.
[19] S. Machmeier, M. Hoecker and V. Heuveline, "Explainable Artificial Intelligence for Improving a Session-Based Malware Traffic Classification with Deep Learning," 2023 IEEE Symposium Series on Computational Intelligence (SSCI), Mexico City, Mexico, 2023, pp. 850-855, doi: 10.1109/SSCI52147.2023.10371980.
[20] D. Biondi, "dpkt, Version 1.9.8," Available: https://github.com/kbandla/dpkt., 2017.
[21] E. A. Chollet F. Keras library. https://keras.io, 2015.
[22] Son Nguyen, “A gentle explanation of Backpropagation in Convolutional Neural Network (CNN),” https://medium.com/@ngocson2vn/a-gentle-explanation-of-backpr opagation-in-convolutional-neural-network-cnn-1a70abff508b, 2020.