摘要
为了应对层出不穷的未知网络威胁和日益先进的逃逸攻击,针对恶意流量分类问题,提出了一种基于对比学习的细粒度未知恶意网络流量分类方法。所提方法基于变分自编码器,分为已知和未知流量分类2个阶段,分别基于交叉熵和重构误差对已知和未知恶意流量分类。与常规方法不同,该方法在各训练阶段中加入了对比学习方法,提高对小样本和未知类恶意流量的分类性能。同时,融合了再训练和重采样等方法,进一步提高对小样本类的分类精度和泛化性能。实验结果表明,所提方法分别提高了对小样本类20.3%和对未知类恶意类9.1%的细粒度分类宏平均召回率,并且极大地缓解了部分类上的逃逸攻击。
In order to protect against unknown threats and evasion attacks,a new method based on contrastive learning for fine-grained unknown malicious traffic classification was proposed.Specifically,based on variational auto-encoder(CVAE),it included two classification stages,and cross entropy and reconstruction errors were used for known and unknown traffic classification respectively.Different form other methods,contrastive learning was adopted in different classification stages,which significantly improved the classification performance of the few-shot and unknown(zero-shot)classes.Moreover,some techniques(e.g.,re-training and re-sample)combined with contrastive learning further improved the classification performance of the few-shot classes and the generalization ability of model.Experimental results indicate that the proposed method has increased the macro recall of few-shot classes by 20.3%and the recall of unknown attacks by 9.1%respectively,and it also has protected against evasion attacks on partial classes to some extent.
作者
王一丰
郭渊博
陈庆礼
方晨
林韧昊
WANG Yifeng;GUO Yuanbo;CHEN Qingli;FANG Chen;LIN Renhao(Department of Cryptogram Engineering,Information Engineering University,Zhengzhou 450001,China;School of Computer and Artifical Intelligence,Zhengzhou University,Zhengzhou 450001,China)
出处
《通信学报》
EI
CSCD
北大核心
2022年第10期12-25,共14页
Journal on Communications
基金
国家自然科学基金资助项目(No.61501515,No.61601515)。
关键词
网络流量分类
对比学习
变分自编码器
入侵检测
network traffic classification
contrastive learning
variational auto-encoder
intrusion detection
