This paper reveals a severe evaluation bias in current encrypted traffic classification methods based on representation learning models (e.g., BERT): their reported up to 98% accuracy stems from spurious feature-label correlations introduced during data preparation—such as data leakage and protocol header redundancy—leading to poor generalization in real-world deployments. Method: To address this, the authors propose Pcap-Encoder, the first lightweight encoder explicitly designed for network protocol headers. It employs fine-grained protocol parsing and ablation studies to identify and block shortcut learning pathways. Contribution/Results: Experiments demonstrate that mainstream models suffer drastic performance degradation once spurious correlations are eliminated, whereas Pcap-Encoder achieves significantly improved robustness without increasing computational complexity. The work not only exposes critical flaws in existing benchmarking practices but also advocates for a de-biased evaluation paradigm and stricter, more realistic benchmark standards for encrypted traffic classification.

Recently we have witnessed the explosion of proposals that, inspired by Language Models like BERT, exploit Representation Learning models to create traffic representations. All of them promise astonishing performance in encrypted traffic classification (up to 98% accuracy). In this paper, with a networking expert mindset, we critically reassess their performance. Through extensive analysis, we demonstrate that the reported successes are heavily influenced by data preparation problems, which allow these models to find easy shortcuts - spurious correlation between features and labels - during fine-tuning that unrealistically boost their performance. When such shortcuts are not present - as in real scenarios - these models perform poorly. We also introduce Pcap-Encoder, an LM-based representation learning model that we specifically design to extract features from protocol headers. Pcap-Encoder appears to be the only model that provides an instrumental representation for traffic classification. Yet, its complexity questions its applicability in practical settings. Our findings reveal flaws in dataset preparation and model training, calling for a better and more conscious test design. We propose a correct evaluation methodology and stress the need for rigorous benchmarking.