Revolutionizing Encrypted Traffic Classification with MH-Net: A Multi-View Heterogeneous Graph Model

Authors

  • Haozhen Zhang Tsinghua Shenzhen International Graduate School, Tsinghua University, Shenzhen, China Peng Cheng Laboratory, Shenzhen, China Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou, China
  • Haodong Yue Tsinghua Shenzhen International Graduate School, Tsinghua University, Shenzhen, China Peng Cheng Laboratory, Shenzhen, China Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou, China
  • Xi Xiao Tsinghua Shenzhen International Graduate School, Tsinghua University, Shenzhen, China Peng Cheng Laboratory, Shenzhen, China Key Laboratory of Cyberspace Security, Ministry of Education of China, Zhengzhou, China
  • Le Yu Nanjing University of Posts and Telecommunications, Nanjing, China
  • Qing Li Peng Cheng Laboratory, Shenzhen, China
  • Zhen Ling Southeast University, Nanjing, China
  • Ye Zhang National University of Singapore, Singapore

DOI:

https://doi.org/10.1609/aaai.v39i1.32091

Abstract

With the growing significance of network security, the classification of encrypted traffic has emerged as an urgent challenge. Traditional byte-based traffic analysis methods are constrained by the rigid granularity of information and fail to fully exploit the diverse correlations between bytes. To address these limitations, this paper introduces MH-Net, a novel approach for classifying network traffic that leverages multi-view heterogeneous traffic graphs to model the intricate relationships between traffic bytes. The essence of MH-Net lies in aggregating varying numbers of traffic bits into multiple types of traffic units, thereby constructing multi-view traffic graphs with diverse information granularities. By accounting for different types of byte correlations, such as header-payload relationships, MH-Net further endows the traffic graph with heterogeneity, significantly enhancing model performance. Notably, we employ contrastive learning in a multi-task manner to strengthen the robustness of the learned traffic unit representations. Experiments conducted on the ISCX and CIC-IoT datasets for both the packet-level and flow-level traffic classification tasks demonstrate that MH-Net achieves the best overall performance compared to dozens of SOTA methods.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Zhang, H., Yue, H., Xiao, X., Yu, L., Li, Q., Ling, Z., & Zhang, Y. (2025). Revolutionizing Encrypted Traffic Classification with MH-Net: A Multi-View Heterogeneous Graph Model. Proceedings of the AAAI Conference on Artificial Intelligence, 39(1), 1048–1056. https://doi.org/10.1609/aaai.v39i1.32091

Issue

Vol. 39 No. 1: AAAI-25 Technical Tracks 1

Section

AAAI Technical Track on Application Domains