This study uses various models to address network traffic classification, categorizing traffic into web, browsing, IPSec, backup, and email. We collected a comprehensive dataset from Arbor Edge Defender (AED) devices, comprising of 30,959 observations and 19 features. Multiple models were evaluated, including Naive Bayes, Decision Tree, Random Forest, Gradient Boosting, XGBoost, Deep Neural Networks (DNN), Transformer, and two Large Language Models (LLMs) including GPT-4o and Gemini with zero- and few-shot learning. Transformer and XGBoost showed the best performance, achieving the highest accuracy of 98.95 and 97.56%, respectively. GPT-4o and Gemini showed promising results with few-shot learning, improving accuracy significantly from initial zero-shot performance. While Gemini Few-Shot and GPT-4o Few-Shot performed well in categories like Web and Email, misclassifications occurred in more complex categories like IPSec and Backup. The study highlights the importance of model selection, fine-tuning, and the balance between training data size and model complexity for achieving reliable classification results.

翻译：本研究采用多种模型解决网络流量分类问题，将流量划分为网页、浏览、IPSec、备份和邮件等类别。我们从Arbor Edge Defender（AED）设备收集了包含30,959条观测数据和19个特征的综合数据集。评估了包括朴素贝叶斯、决策树、随机森林、梯度提升、XGBoost、深度神经网络（DNN）、Transformer以及两种大语言模型（包括采用零样本和少样本学习的GPT-4o与Gemini）在内的多种模型。Transformer与XGBoost表现出最佳性能，分别达到98.95%和97.56%的最高准确率。GPT-4o和Gemini在少样本学习模式下展现出良好潜力，其准确率较初始零样本性能有显著提升。尽管Gemini少样本与GPT-4o少样本在网页和邮件等类别表现优异，但在IPSec和备份等复杂类别中仍存在误判。本研究强调了模型选择、微调以及训练数据规模与模型复杂度之间平衡对于获得可靠分类结果的重要性。