NTC-CIL: Characterizing and Classifying Encrypted Network Traffic using Class- Incremental Learning

Abstract

In the field of network security and management, accurately identifying and managing encrypted traffic is essential for mitigating potential attacks and optimizing resource usage. However, conventional methods often underperform in adapting to new traffic classes, require more manual intervention, time-consuming, and resource-intensive. These limitations reduce system performance and increase vulnerability issues. Conventional models also face scalability issues and are prone to catastrophic forgetting, where previously learned traffic patterns are lost as new ones are introduced, leading to reduced classification accuracy over time. To address these challenges, we propose a novel method: Network Traffic Classification using Class-Incremental Learning (NTC-CIL). NTC-CIL combines a random forest classifier with the Learning without Forgetting (LwF) method, an incremental learning method based on knowledge distillation. This approach enables the model to retain previously learned patterns while incorporating new traffic classes, including encrypted and evolving types. As a result, NTC-CIL can continuously adapt to unfamiliar network traffic without retraining from scratch. Experimental evaluations demonstrate that NTC-CIL outperforms existing techniques by achieving an accuracy of 97%. This marks a significant advancement for network security, offering a scalable and adaptive solution capable of detecting new threats in dynamic traffic environments.