Existing traffic detection methods suffer from limitations including single-view modeling, neglect of higher-order inter-flow dependencies, and poor generalization—hindering effective identification of malicious traffic in complex network environments. To address these challenges, this paper proposes FlowID, a multi-view correlation-aware framework. FlowID introduces the first hypergraph-based traffic modeling approach to explicitly capture higher-order flow dependencies; designs dual contrastive proxy tasks—operating at both flow-level and group-level—to jointly optimize representation robustness and discriminability; and integrates temporal dynamics with interaction topology features. Evaluated on five real-world datasets, FlowID achieves significant improvements in malicious traffic detection accuracy, robustness under label scarcity, and cross-scenario generalization, consistently outperforming state-of-the-art methods.

As the Internet rapidly expands, the increasing complexity and diversity of network activities pose significant challenges to effective network governance and security regulation. Network traffic, which serves as a crucial data carrier of network activities, has become indispensable in this process. Network traffic detection aims to monitor, analyze, and evaluate the data flows transmitted across the network to ensure network security and optimize performance. However, existing network traffic detection methods generally suffer from several limitations: 1) a narrow focus on characterizing traffic features from a single perspective; 2) insufficient exploration of discriminative features for different traffic; 3) poor generalization to different traffic scenarios. To address these issues, we propose a multi-view correlation-aware framework named FlowID for network traffic detection. FlowID captures multi-view traffic features via temporal and interaction awareness, while a hypergraph encoder further explores higher-order relationships between flows. To overcome the challenges of data imbalance and label scarcity, we design a dual-contrastive proxy task, enhancing the framework's ability to differentiate between various traffic flows through traffic-to-traffic and group-to-group contrast. Extensive experiments on five real-world datasets demonstrate that FlowID significantly outperforms existing methods in accuracy, robustness, and generalization across diverse network scenarios, particularly in detecting malicious traffic.