LightGBM-Based Encrypted Traffic Classification: Interpretable Feature Fusion and Robust Evaluation for Modern Networks

Abstract

As services expand, encrypted network traffic and fine-grained classification become necessary to meet quality of service and security requirements. First, this paper will introduce the shortcomings of traditional classification methods. Then, a multi-class encrypted traffic processing framework based on LightGBM will be proposed. It aims to improve detection accuracy while maintaining the model's practicality and interpretability. The three directions of package-level, flow-level, and entropy-driven approaches have all undergone rigorous cross-validation and comparison with other ensemble and kernel methods. The overall accuracy and recall of the LightGBM model surpassed the baseline classifier, using a large real-world traffic dataset for experimentation. The performance on long-tail and minority traffic categories has also improved. Feature ablation analysis indicates that combining multiple features can improve performance; SHAP and LIME can provide clear and interpretable explanations for classification decisions. Experiments show that this is an excellent predictor that can be applied in real-world environments with hostile conditions and low latency. In order to meet the needs of the next generation of security infrastructure, this study will support the construction of a traffic analysis system that is scalable, interpretable, and stable.