Method based on contrastive learning for fine-grained unknown malicious traffic classification

被引:0
作者
Wang Y. [1 ]
Guo Y. [1 ]
Chen Q. [1 ]
Fang C. [1 ]
Lin R. [2 ]
机构
[1] Department of Cryptogram Engineering, Information Engineering University, Zhengzhou
[2] School of Computer and Artifical Intelligence, Zhengzhou University, Zhengzhou
来源
Tongxin Xuebao/Journal on Communications | 2022年 / 43卷 / 10期
基金
中国国家自然科学基金;
关键词
contrastive learning; intrusion detection; network traffic classification; variational auto-encoder;
D O I
10.11959/j.issn.1000-436x.2022180
中图分类号
学科分类号
摘要
In order to protect against unknown threats and evasion attacks, a new method based on contrastive learning for fine-grained unknown malicious traffic classification was proposed. Specifically, based on variational auto-encoder (CVAE), it included two classification stages, and cross entropy and reconstruction errors were used for known and unknown traffic classification respectively. Different form other methods, contrastive learning was adopted in different classification stages, which significantly improved the classification performance of the few-shot and unknown (zero-shot) classes. Moreover, some techniques (e.g., re-training and re-sample) combined with contrastive learning further improved the classification performance of the few-shot classes and the generalization ability of model. Experimental results indicate that the proposed method has increased the macro recall of few-shot classes by 20.3% and the recall of unknown attacks by 9.1% respectively, and it also has protected against evasion attacks on partial classes to some extent. © 2022 Editorial Board of Journal on Communications. All rights reserved.
引用
收藏
页码:12 / 25
页数:13
相关论文
共 54 条
[1]  
SOYSAL M, SCHMIDT E G., Machine learning algorithms for accurate flow-based network traffic classification: evaluation and comparison, Performance Evaluation, 67, 6, pp. 451-467, (2010)
[2]  
DUSI M, GRINGOLI F, SALGARELLI L., Quantifying the accuracy of the ground truth associated with Internet traffic traces, Computer Networks, 55, 5, pp. 1158-1167, (2011)
[3]  
CHEN M H, ZHU Y F, LU B, Et al., Classification of application type of encrypted traffic based on attention-CNN, Computer Science, 48, 4, pp. 325-332, (2021)
[4]  
CAMPFIELD M., The practical difference between known and unknown threats, Computer Fraud & Security, 5, pp. 6-9, (2021)
[5]  
FRANK J., Artificial intelligence and intrusion detection: current and future directions, Computers & Security, 14, 1, (1995)
[6]  
TING C, FIELD R, FISHER A, Et al., Compression analytics for classification and anomaly detection within network communication, IEEE Transactions on Information Forensics and Security, 14, 5, pp. 1366-1376, (2019)
[7]  
ZENG Y, WU Z Y, DONG L H, Et al., Research on malicious traffic identification technology in encrypted traffic, Journal of Xidian University, 48, 3, pp. 170-187, (2021)
[8]  
YANG J, CHEN X, CHEN S W, Et al., Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection, IEEE Transactions on Information Forensics and Security, 16, pp. 3538-3553, (2021)
[9]  
AKHTAR N, MIAN A., Threat of adversarial attacks on deep learning in computer vision: a survey, IEEE Access, 6, pp. 14410-14430, (2018)
[10]  
HAN Y, FANG B X, CUI X, Et al., StealthyFlow: a framework for malware dynamic traffic camouflaging in adversarial environment, Chinese Journal of Computers, 44, 5, pp. 948-962, (2021)
123456