To date, traffic obfuscation techniques have been widely adopted to protect network data privacy and security by obscuring the true patterns of traffic. Nevertheless, as the pre-trained models emerge, especially transformer-based classifiers, existing traffic obfuscation methods become increasingly vulnerable, as witnessed by current studies reporting the traffic classification accuracy up to 99\% or higher. To counter such high-performance transformer-based classification models, we in this paper propose a novel and effective \underline{adv}ersarial \underline{traffic}-generating approach (AdvTraffic\footnote{The code and data are available at: https://anonymous.4open.science/r/TrafficD-C461}). Our approach has two key innovations: (i) a pre-padding strategy is proposed to modify packets, which effectively overcomes the limitations of existing research against transformer-based models for network traffic classification; and (ii) a reinforcement learning model is employed to optimize network traffic perturbations, aiming to maximize adversarial effectiveness against transformer-based classification models. To the best of our knowledge, this is the first attempt to apply adversarial perturbation techniques to defend against transformer-based traffic classifiers. Furthermore, our method can be easily deployed into practical network environments. Finally, multi-faceted experiments are conducted across several real-world datasets, and the experimental results demonstrate that our proposed method can effectively undermine transformer-based classifiers, significantly reducing classification accuracy from 99\% to as low as 25.68\%.

翻译：迄今为止，流量混淆技术已被广泛采用，通过掩盖流量的真实模式来保护网络数据隐私和安全。然而，随着预训练模型的出现，特别是基于Transformer的分类器，现有的流量混淆方法变得越来越脆弱，当前研究报道的流量分类准确率高达99%或更高便证明了这一点。为了应对此类高性能的基于Transformer的分类模型，我们在本文中提出了一种新颖且有效的对抗性流量生成方法（AdvTraffic\footnote{代码和数据可在以下网址获取：https://anonymous.4open.science/r/TrafficD-C461}）。我们的方法有两个关键创新点：（i）提出了一种预填充策略来修改数据包，这有效克服了现有研究在针对基于Transformer的网络流量分类模型方面的局限性；（ii）采用强化学习模型来优化网络流量扰动，旨在最大化对基于Transformer的分类模型的对抗效果。据我们所知，这是首次尝试应用对抗性扰动技术来防御基于Transformer的流量分类器。此外，我们的方法可以轻松部署到实际的网络环境中。最后，我们在多个真实世界数据集上进行了多方面的实验，实验结果表明，我们提出的方法能够有效破坏基于Transformer的分类器，将分类准确率从99%显著降低至最低25.68%。