---
license: apache-2.0
library_name: transformers
tags:
- network-security
- traffic-analysis
- traffic-generation
- npre
- linear-attention
- arxiv:2403.05822
datasets:
- ISCX-Tor2016
- USTCTFC2016
- ISCXVPN2016
- DoHBrw2020
- CICIoT2022
metrics:
- f1
- jensen-shannon divergence (jsd)
pipeline_tag: text-generation
extra_gated_prompt: This model is released as part of an SoK experiment. Please cite the original TrafficGPT paper and the experimenter's repository.
model-index:
- name: TrafficGPT(3k)
  results:
  - task:
      type: text-classification
      name: Flow Classification
    dataset:
      name: ISCX-VPN-App
      type: ISCXVPN2016
    metrics:
    - name: Macro F1
      type: f1
      value: 1
  - task:
      type: text-classification
      name: Flow Classification
    dataset:
      name: USTC-TFC
      type: USTCTFC2016
    metrics:
    - name: Macro F1
      type: f1
      value: 0.9877
language:
- hex
base_model:
- jianqu/TrafficGPT

---

# TrafficGPT: Breaking the Token Barrier for Efficient Long Traffic Analysis and Generation

TrafficGPT is a deep-learning foundation model designed to tackle complex challenges in network traffic analysis and generation. By leveraging **generative pre-training** with a **linear attention mechanism**, it expands the effective token window from the traditional 512-token limit to **12,032 tokens**.

## Model Details

- **Developed by:** Jian Qu, Xiaobo Ma, and Jianfeng Li (Xi'an Jiaotong University).
- **Model Type:** Generative Pre-trained Transformer with Linear Attention.
- **Architecture:** 24 layers, 12 attention heads, hidden dimension of 512.
- **Key Innovations:** - **Reversible Tokenization:** Bijective mapping between PCAP files and token lists for direct traffic reconstruction.
  - **Linear Complexity:** Reduces self-attention complexity from $O(N^2)$ to $O(N)$.
  - **Reversible Network:** Optimized memory usage based on the Reformer architecture.

## Intended Use

- **Traffic Classification:** High-accuracy identification of encrypted flows, VPN traffic, and IoT device communications.
- **Traffic Generation:** Creating realistic, protocol-compliant PCAP files for network simulation and security testing.
- **Protocol Reverse Engineering:** Learning robust representations of unknown or complex network protocols.

## Training Data
The model was pre-trained on **189 GB** of raw network traffic across five major datasets:
- **ISCX-Tor2016:** Tor network traffic characterization.
- **USTCTFC2016:** Malware and software identification traffic.
- **ISCXVPN2016:** Encrypted VPN vs. non-VPN flows.
- **DoHBrw2020:** DNS-over-HTTPS tunnel detection.
- **CICIoT2022:** Multidimensional IoT profiling data.

## Training Details & Hyperparameters
While the original TrafficGPT research utilized a 99:1 train-test split (99% for pre-training, 1% for testing), this open-source version employs a standard 80:20 split.

## Evaluation Results

### Classification Performance (Macro F1-Score)
TrafficGPT(12k) consistently outperforms existing state-of-the-art models[cite: 16, 281].

| Dataset | Metric | TrafficGPT (12k) |
| :--- | :--- | :--- |
| **ISCX-VPN-App** | Macro F1 | **1.0000** |
| **USTC-TFC** | Macro F1 | **0.9877** |
| **Cross-Platform (iOS)** | Macro F1 | **0.9863** |
| **Cross-Platform (Android)** | Macro F1 | **0.9498** |

### Generation Quality
Measured using Jensen-Shannon Divergence (JSD), where lower values indicate closer similarity to real traffic.
- **Packet Header JSD (Avg):** 0.1605.
- **Flow Feature JSD (Avg):** 0.2396.
- **Discriminator Realism:** F1-Score of 0.6683.

## Limitations
- **Networking Interpretation:** Because these fields and checksums have been removed, the model does not learn IP/Port associations. While this ensures the model learns protocol features rather than metadata, it limits the model's utility in scenarios where port-protocol mapping is vital for networking interpretation
- **Protocol Anomalies:** May occasionally generate malformed packets in complex encrypted protocols (e.g., TLS Client Hello).
- **Inter-flow Correlation:** Currently focuses on individual TCP/UDP flows and does not yet capture complex correlations between multiple distinct flows.
- **Computational Cost:** While linear in complexity, training on 3k tokens still requires significant memory and step-time optimization.

## Citation
If you use TrafficGPT in your research, please cite:
```bibtex
@article{qu2024trafficgpt,
  title={TrafficGPT: Breaking the Token Barrier for Efficient Long Traffic Analysis and Generation},
  author={Qu, Jian and Ma, Xiaobo and Li, Jianfeng},
  journal={arXiv preprint arXiv:2403.05822},
  year={2024}
}
```