FlowletFormer: Network Behavioral Semantic Aware Pre-training Model for Traffic Classification
This work addresses network traffic analysis for cybersecurity and network management, offering a domain-specific incremental improvement over existing pre-training methods.
The paper tackled the problem of network traffic classification by proposing FlowletFormer, a BERT-based pre-training model that captures packet structures, flow behaviors, and protocol semantics, resulting in significant improvements in classification accuracy and few-shot learning capability.
Network traffic classification using pre-training models has shown promising results, but existing methods struggle to capture packet structural characteristics, flow-level behaviors, hierarchical protocol semantics, and inter-packet contextual relationships. To address these challenges, we propose FlowletFormer, a BERT-based pre-training model specifically designed for network traffic analysis. FlowletFormer introduces a Coherent Behavior-Aware Traffic Representation Model for segmenting traffic into semantically meaningful units, a Protocol Stack Alignment-Based Embedding Layer to capture multilayer protocol semantics, and Field-Specific and Context-Aware Pretraining Tasks to enhance both inter-packet and inter-flow learning. Experimental results demonstrate that FlowletFormer significantly outperforms existing methods in the effectiveness of traffic representation, classification accuracy, and few-shot learning capability. Moreover, by effectively integrating domain-specific network knowledge, FlowletFormer shows better comprehension of the principles of network transmission (e.g., stateful connections of TCP), providing a more robust and trustworthy framework for traffic analysis.