Network Traffic Classification Using Machine Learning, Transformer, and Large Language Models

Files

2503.02141v1.pdf (377.48 KB)

Links to Files

https://ieeexplore.ieee.org/document/11141207

Permanent Link

https://doi.org/10.1109/ICMI65310.2025.11141207
 http://hdl.handle.net/11603/40453

Collections

UMBC Data Science

Author/Creator

Author/Creator ORCID

https://orcid.org/0000-0002-6835-8338

Date

2025-09-08

Type of Work

conference papers and proceedings
preprints
Text

Department

Program

Citation of Original Publication

Antari, Ahmad, Yazan Abo-Aisheh, Jehad Shamasneh, and Huthaifa I. Ashqar. “Network Traffic Classification Using Machine Learning, Transformer, and Large Language Models.” 2025 IEEE 4th International Conference on Computing and Machine Intelligence (ICMI), April 2025, 1–5. https://doi.org/10.1109/ICMI65310.2025.11141207.

Rights

© 2025 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Subjects

Computer Science - Cryptography and Security
Computer Science - Machine Learning
Computer Science - Computation and Language

Abstract

This study uses various models to address network traffic classification, categorizing traffic into web, browsing, IPSec, backup, and email. We collected a comprehensive dataset from Arbor Edge Defender (AED) devices, comprising of 30,959 observations and 19 features. Multiple models were evaluated, including Naive Bayes, Decision Tree, Random Forest, Gradient Boosting, XGBoost, Deep Neural Networks (DNN), Transformer, and two Large Language Models (LLMs) including GPT-4o and Gemini with zero- and few-shot learning. Transformer and XGBoost showed the best performance, achieving the highest accuracy of 98.95 and 97.56%, respectively. GPT-4o and Gemini showed promising results with few-shot learning, improving accuracy significantly from initial zero-shot performance. While Gemini Few-Shot and GPT-4o Few-Shot performed well in categories like Web and Email, misclassifications occurred in more complex categories like IPSec and Backup. The study highlights the importance of model selection, fine-tuning, and the balance between training data size and model complexity for achieving reliable classification results.