Signal and Data Processing

With the growing usage of encryption protocols like VPN, and Tor in digital communication, identification and classification of encrypted traffic has been one of the core issues in network security and traffic management. It is a major contributor to quality of service (QoS) assurance, resource allocation, user identification, and anomaly detection. But the sophistication of encrypted traffic structure and the vagueness of behavioral patterns have drastically decreased the effectiveness of conventional approaches like deep packet inspection (DPI). In spite of the progress, typical deep learning models also encounter great difficulties in dealing with encrypted data; they typically need a huge amount of labeled data and lack the capacity to analyze unbalanced data.
To tackle these difficulties, this study proposes a novel hybrid architecture named seqKAN with enhanced interpretability and high accuracy. seqKAN integrates the temporal modeling capability of sequential networks like LSTM with the distinctive characteristics of Kolmogorov-Arnold networks (KAN), such as examining nonlinear relationships and intrinsic mathematical transparency. The framework also enjoys high flexibility and generalizability with the use of modules like Reproducible Hilbert Space Mapping (RKHS) and Neural Ordinary Differential Equations (ODE). Experiments are performed on benchmark datasets comprising Tor and VPN traffic (ISCXTor2016 and ISCXVPN2016). In this context, by meticulously filtering out the streams and addressing unbalanced data via class weighting, the model's stable performance is guaranteed. Ablation Study demonstrate that the inclusion of the RKHS layer significantly contributes to the improvement of the model's accuracy and robustness, particularly in encrypted settings. Among the models compared, the seqKAN approach delivered the best performance in F1 score and demonstrated clear superiority in the classification of encrypted traffic. In addition, the interpretability of the model was quantitatively and qualitatively demonstrated with standard feature importance analysis techniques (SHAP and LIME) and KAN's inherent visual analysis. seqKAN successfully automatically extracted key features and patterns in the flow packets and clearly explained each decision; this transparency evidently illustrates the model's superiority over typical methods.
Finally, this research shows that the seqKAN architecture provides a comprehensive, efficient, and reliable solution for intelligent traffic analysis in complex network environments by creating a smart balance between accuracy, computational efficiency, and interpretability. The findings of this research highlight the high potential of KAN-based hybrid models as the basis for the next generation of transparent and reliable network security tools