Modern Transformer-based traffic classifiers achieve over 99% accuracy and exhibit strong robustness against existing traffic obfuscation techniques, posing significant challenges to network privacy. Method: This paper proposes a novel adversarial traffic generation framework that—uniquely in the defense context—introduces adversarial perturbations into encrypted or obfuscated traffic. It designs a pre-pending packet modification strategy to enhance perturbation stealthiness and formulates the perturbation optimization as a sequential decision problem solved via a custom reinforcement learning framework. Contribution/Results: Evaluated on multiple real-world network traffic datasets, the method reduces the classification accuracy of state-of-the-art Transformer classifiers from >99% to as low as 25.68%, demonstrating both high attack efficacy and practical deployability. It establishes a new paradigm for traffic anonymization in privacy-sensitive applications, balancing effectiveness, stealth, and operational feasibility.

To date, traffic obfuscation techniques have been widely adopted to protect network data privacy and security by obscuring the true patterns of traffic. Nevertheless, as the pre-trained models emerge, especially transformer-based classifiers, existing traffic obfuscation methods become increasingly vulnerable, as witnessed by current studies reporting the traffic classification accuracy up to 99% or higher. To counter such high-performance transformer-based classification models, we in this paper propose a novel and effective underline{adv}ersarial underline{traffic}-generating approach (AdvTrafficfootnote{The code and data are available at: http://xxx}). Our approach has two key innovations: (i) a pre-padding strategy is proposed to modify packets, which effectively overcomes the limitations of existing research against transformer-based models for network traffic classification; and (ii) a reinforcement learning model is employed to optimize network traffic perturbations, aiming to maximize adversarial effectiveness against transformer-based classification models. To the best of our knowledge, this is the first attempt to apply adversarial perturbation techniques to defend against transformer-based traffic classifiers. Furthermore, our method can be easily deployed into practical network environments. Finally, multi-faceted experiments are conducted across several real-world datasets, and the experimental results demonstrate that our proposed method can effectively undermine transformer-based classifiers, significantly reducing classification accuracy from 99% to as low as 25.68%.