面向弱监督小样本的边缘网络安全防护方法研究

Research on Edge Network Security Protection Methods for Weak Supervised Small Samples

边缘计算模式下网络攻击手段复杂化和自动化对网络防护提出了更高的挑战,提出一种弱监督小样本的网络安全防护方法。首先,该方法利用EfficientNet-B0方法得到多尺度、细粒度的真实告警事件特征集;然后,引入域随机化方法生成大量虚拟告警事件语义特征并采用组合方式合成大量的虚拟告警事件语义特征集,在此基础上,采用余弦相似性来筛选满足条件的虚拟告警事件语义特征集从而解决传统入侵检测方法所需要大量训练样本的难题;最后,采用增量式学习的方法来校正模型参数以解决传统入侵检测模型不适用于动态多变未知攻击场景的安全防护问题。实验表明,面对未知攻击场景,所提出的安全防护方法相较于传统方法具有更强的泛化能力,具有一定的扩展性。

The complexity and automation of network attack methods in edge computing mode pose higher challenges to network protection.Therefore,a network security protection method is proposed with weak supervision and small samples.First,this method uses the EfficientNet-B0 method to obtain a multi-scale and fine-grained feature set of real alarm events.Then,the domain randomization method is introduced to generate massive virtual alarm event semantic features and a combination method is used to synthesize massive virtual alarm event semantic feature sets.On this basis,cosine similarity is used to select the virtual alarm event semantic feature sets that meet the conditions,thereby solving the problem that traditional intrusion detection methods require massive training samples.Finally,an incremental learning method is used to correct the model parameters to solve the security protection problem that the traditional intrusion detection model is not suitable for dynamic and changeable unknown attack scenarios.Experiments show that in the face of unknown attack scenarios,the security protection method in this paper has stronger generalization ability than traditional methods and exhibits a certain scalability.