SPN: A Method of Few-Shot Traffic Classification With Out-of-Distribution Detection Based on Siamese Prototypical Network

Traffic classification has always been one of the important research directions in the field of cyber security. Achieving rapid traffic classification and detecting unknown traffic are critical for preventing network attacks, malicious software, transaction fraud, and other types of cyber security threats. However, most existing models are based on large-scale data and are unable to quickly learn and recognize unknown traffic. Some methods based on few-shot learning solve the problem of rapidly learning new types of traffic, but they cannot detect out-of-distribution samples. Based on this, this paper proposes a few-shot traffic multi-classification method that supports out-of-distribution detection, named SPN. It improves the performance by integrating twin networks into the meta-learning framework based on the idea of metric learning, and introduces margin loss to ensure detection performance. We conduct two types of experiments, and compare them with the relevant baseline methods. The results show that SPN has excellent performance in implementing few-shot multi-classification and out-of-distribution detection, and performs well in intrusion detection.