As the emerging services have increasingly strict requirements on quality of service (QoS), such as millisecond network service latency ect., network traffic classification technology is required to assist more advanced network management and monitoring capabilities. So far as we know, the delays of flow-granularity classification methods are difficult to meet the real-time requirements for too long packet-waiting time, whereas the present packet-granularity classification methods may have problems related to privacy protection due to using excessive user payloads. To solve the above problems, we proposed a network traffic classification method only by the IP packet header, which satisfies the requirements of both user's privacy protection and classification performances. We opted to remove the IP address from the header information of the network layer and utilized the remaining 12-byte IP packet header information as input for the model. Additionally, we examined the variations in header value distributions among different categories of network traffic samples. And, the external attention is also introduced to form the online classification framework, which performs well for its low time complexity and strong ability to enhance high-dimensional classification features. The experiments on three open-source datasets show that our average accuracy can reach upon 94.57%, and the classification time is shortened to meet the real-time requirements (0.35ms for a single packet).

翻译：随着新兴业务对服务质量（QoS）提出了毫秒级网络延迟等严苛要求，网络流量分类技术需支撑更先进的网络管理与监控能力。据我们所知，流粒度分类方法因数据包等待时间过长而难以满足实时性需求，而现有包粒度分类方法因过度使用用户负载可能引发隐私保护问题。针对上述问题，我们提出一种仅基于IP数据包头部的网络流量分类方法，同时满足用户隐私保护与分类性能需求。我们选择移除网络层头部信息中的IP地址，采用剩余12字节IP数据包头部信息作为模型输入，并分析不同类别网络流量样本的头部数值分布差异。同时引入外部注意力机制构建在线分类框架，该机制凭借低时间复杂度和强高维分类特征增强能力展现出优异性能。在三个开源数据集上的实验表明，我们的平均准确率可达94.57%，且分类时间缩短至满足实时性要求（单数据包处理时间0.35毫秒）。