Existing network traffic modeling relies predominantly on single-granularity representations (packet- or flow-level), lacks contextual awareness, and employs task-specific architectures that generalize poorly across learning paradigms and security tasks. To address these limitations, we propose UniNet: (1) a multi-granularity traffic representation, T-Matrix, unifying session-, flow-, and packet-level features; (2) a lightweight attention-based model, T-Attent, the first architecture supporting supervised, semi-supervised, and unsupervised security tasks within a unified framework; and (3) a joint optimization strategy integrating multi-granularity fusion, unified embedding learning, and cross-task representation transfer to enhance generalization. Evaluated on four diverse security tasks—network anomaly detection, attack classification, IoT device identification, and encrypted website fingerprinting—UniNet consistently outperforms state-of-the-art methods, achieving 5.2–12.7% higher accuracy and 38% lower false positive rate, while enabling real-time gigabit-scale analysis.

As modern networks grow increasingly complex--driven by diverse devices, encrypted protocols, and evolving threats--network traffic analysis has become critically important. Existing machine learning models often rely only on a single representation of packets or flows, limiting their ability to capture the contextual relationships essential for robust analysis. Furthermore, task-specific architectures for supervised, semi-supervised, and unsupervised learning lead to inefficiencies in adapting to varying data formats and security tasks. To address these gaps, we propose UniNet, a unified framework that introduces a novel multi-granular traffic representation (T-Matrix), integrating session, flow, and packet-level features to provide comprehensive contextual information. Combined with T-Attent, a lightweight attention-based model, UniNet efficiently learns latent embeddings for diverse security tasks. Extensive evaluations across four key network security and privacy problems--anomaly detection, attack classification, IoT device identification, and encrypted website fingerprinting--demonstrate UniNet's significant performance gain over state-of-the-art methods, achieving higher accuracy, lower false positive rates, and improved scalability. By addressing the limitations of single-level models and unifying traffic analysis paradigms, UniNet sets a new benchmark for modern network security.