摘要
针对目前已有文献中深度网络无法依据流量样本自适应选择网络层的问题,提出一种基于自蒸馏的自适应恶意流量分类算法。该方法首先将原始流量预处理后作为主干网络的输入,经自注意力网络层构建流量的权重分布,然后利用一维卷积神经网络提取流量分布中的显著特征作为后续网络输入。分支网络计算流量样本的熵值自适应选择网络层,若小于设定阈值则提前返回,否则由主干网络继续进行推理。经实验验证,该方法对于正常流量的平均检测率为99.9%,恶意流量的平均检测率为99.96%。恶意流量检测率较现有深度学习典型算法的检测率提升了2%,难样本检测率提升5%,且分支网络具有自适应功能,可避免后续的网络推理。
To address the problem that deep networks in the existing literature cannot adaptively select network layers based on traffic samples,a self-distillation-based adaptive malicious traffic classification algorithm is proposed.The method first pre-processes the original traffic as the input of the backbone network,constructs the weight distribution of the traffic by the self-attentive network layer,and then uses a one dimensional convolutional neural network to extract the significant features in the traffic distribution as the input of the subsequent network.The branch network adaptively selects the network layer according to the entropy of the traffic samples,and returns early if it is less than the set threshold,otherwise the backbone network continues the inference.Experimentally verified,the method has an average detection rate of 99.9%for normal traffic and 99.96%for malicious traffic.The detection rate of malicious traffic is 2%higher than that of existing deep learning typical algorithms,and the detection rate of difficult samples is 5%higher,and the branching network has an adaptive function to avoid subsequent network inference.
作者
潘嘉
翟江涛
PAN Jia;ZHAI Jiang-tao(School of Electronic Information,Jiangsu University of Science and Technology,Zhenjiang 212003,China;School of Computer and Software,Nanjing University of Information Engineering,Nanjing 210044,China)
出处
《软件导刊》
2022年第5期61-66,共6页
Software Guide
基金
国家自然科学基金项目(61702235)。
关键词
恶意流量
自蒸馏
自注意力机制
自适应
malicious traffic
self-distillation
self-attentive mechanism
self-adaptive
