Feature Transfer Based Network Anomaly Detection

Network anomaly detection techniques can identify potential attacks from network traffic. However, they have been less than ideal in terms of detection accuracy. One important reason is that, for real network traffic data, different kinds of data have highly similar characteristics, thus leading to the situation that models misclassify the data with very similar characteristics. This situation accounts for the majority of misclassified samples. Accordingly, this paper proposes a feature transfer based neural network anomaly detection algorithm, which achieves complete detection of anomalous data, both known and unknown attacks (theoretically), by transferring the range of features common to highly similar normal and abnormal data to the range of anomalous data features. Since the algorithm's effectiveness depends on the feature variability of the normal data samples, and it isn't easy to obtain a pair of normal data samples with completely different features, this paper uses only one kind of normal data sample with good consistency. This paper uses the Transformer model to build the experimental framework and conduct 50 iterations of the experiment. The Corrected validation set from the KDD99 dataset is used to validate the model training effect. The experiments show that, relative to the original model, the error rate decreases by 1.38% on average after using this algorithm, the specificity of unknown attacks increases by 27.9% on average, and the number of attack categories with more than 90% specificity of unknown attacks increases from one to six.