Core Concepts
A flexible and generic deep learning architecture based on a multi-modal autoencoder can effectively learn compact representations from diverse network traffic measurements, enabling efficient solutions for various traffic analysis tasks.
Abstract
The content presents a generic deep learning architecture based on a multi-modal autoencoder (MAE) to learn compact representations from heterogeneous network traffic measurements. The key ideas are:
- The architecture consists of adaptation modules that handle different input data types (e.g., sequences of entities like IP addresses, quantities like packet statistics) and an integration module that merges the representations into a common embedding space.
- The adaptation modules leverage techniques like Word2Vec to learn representations from sequences of entities, while generic deep learning modules handle quantities like packet statistics and payload.
- The integrated MAE is trained in a self-supervised manner to reconstruct the input data, producing a compact multi-modal embedding that captures the salient features of the original measurements.
- The authors demonstrate the effectiveness of the MAE embeddings on three traffic classification tasks, showing that they perform on par or better than specialized models while reducing the complexity of the downstream classifiers.
- The authors also show that the MAE embeddings preserve the discriminative power of the original measurements, enabling effective use in distance-based algorithms and shallow learners.
- The proposed architecture aims to provide a generic and flexible solution for various network traffic analysis tasks, avoiding the need for custom and specialized deep learning models for each problem.
Stats
The minimum, maximum, average, and standard deviation of packet size per flow.
The minimum, maximum, average, and standard deviation of packet inter-arrival time per flow.
The minimum, maximum, average, and standard deviation of ports contacted by clients.
The length of the first k packets per flow.
The inter-arrival time of the first k packets per flow.
The TCP window size of the first k packets per flow.
Quotes
"We here advocate the need for a general DL architecture flexible enough to solve different traffic analysis tasks."
"The key idea is to let the general DL architecture produce a compact representation (or embeddings) of the often diverse and humongous input data. These embeddings could then be employed to solve other specific final problems (or tasks) without the burdens of building models from scratch starting from the raw features and measurements."
"Results show that our MAE architecture performs better or on par with the specialised models."