AutoML4ETC: Automated Neural Architecture Search for Real-World Encrypted Traffic Classification
This addresses the need for automated, efficient, and high-performing traffic classification in real-world network security, though it is incremental as it builds on existing AutoML and traffic classification methods.
The paper tackles the problem of performance decay in deep learning classifiers for encrypted traffic classification over time by proposing AutoML4ETC, an automated tool that designs neural architectures, resulting in models that outperform state-of-the-art classifiers on multiple datasets and are more efficient with fewer parameters.
Deep learning (DL) has been successfully applied to encrypted network traffic classification in experimental settings. However, in production use, it has been shown that a DL classifier's performance inevitably decays over time. Re-training the model on newer datasets has been shown to only partially improve its performance. Manually re-tuning the model architecture to meet the performance expectations on newer datasets is time-consuming and requires domain expertise. We propose AutoML4ETC, a novel tool to automatically design efficient and high-performing neural architectures for encrypted traffic classification. We define a novel, powerful search space tailored specifically for the early classification of encrypted traffic using packet header bytes. We show that with different search strategies over our search space, AutoML4ETC generates neural architectures that outperform the state-of-the-art encrypted traffic classifiers on several datasets, including public benchmark datasets and real-world TLS and QUIC traffic collected from the Orange mobile network. In addition to being more accurate, AutoML4ETC's architectures are significantly more efficient and lighter in terms of the number of parameters. Finally, we make AutoML4ETC publicly available for future research.