通信学报 ›› 2022, Vol. 43 ›› Issue (10): 12-25.doi: 10.11959/j.issn.1000-436x.2022180

• 学术论文 • 上一篇    下一篇

基于对比学习的细粒度未知恶意流量分类方法

王一丰1, 郭渊博1, 陈庆礼1, 方晨1, 林韧昊2   

  1. 1 信息工程大学密码工程学院,河南 郑州 450001
    2 郑州大学计算机与人工智能学院,河南 郑州 450001
  • 修回日期:2022-08-29 出版日期:2022-10-25 发布日期:2022-10-01
  • 作者简介:王一丰(1994− ),男,江苏泰兴人,信息工程大学博士生,主要研究方向为零样本学习、网络安全和入侵检测等
    郭渊博(1975− ),男,陕西周至人,博士,信息工程大学教授、博士生导师,主要研究方向为大数据安全、态势感知等
    陈庆礼(1998− ),男,河南新乡人,信息工程大学硕士生,主要研究方向为人工智能安全等
    方晨(1993− ),男,安徽宿松人,博士,信息工程大学讲师,主要研究方向为机器学习、隐私安全等
    林韧昊(1993− ),男,河南郑州人,郑州大学博士生,主要研究方向为深度学习、鲁棒性验证和网络安全等
  • 基金资助:
    国家自然科学基金资助项目(61501515)

Method based on contrastive learning for fine-grained unknown malicious traffic classification

Yifeng WANG1, Yuanbo GUO1, Qingli CHEN1, Chen FANG1, Renhao LIN2   

  1. 1 Department of Cryptogram Engineering, Information Engineering University, Zhengzhou 450001, China
    2 School of Computer and Artifical Intelligence, Zhengzhou University, Zhengzhou 450001, China
  • Revised:2022-08-29 Online:2022-10-25 Published:2022-10-01
  • Supported by:
    The National Natural Science Foundation of China(61501515)

摘要:

摘 要:为了应对层出不穷的未知网络威胁和日益先进的逃逸攻击,针对恶意流量分类问题,提出了一种基于对比学习的细粒度未知恶意网络流量分类方法。所提方法基于变分自编码器,分为已知和未知流量分类2个阶段,分别基于交叉熵和重构误差对已知和未知恶意流量分类。与常规方法不同,该方法在各训练阶段中加入了对比学习方法,提高对小样本和未知类恶意流量的分类性能。同时,融合了再训练和重采样等方法,进一步提高对小样本类的分类精度和泛化性能。实验结果表明,所提方法分别提高了对小样本类20.3%和对未知类恶意类9.1%的细粒度分类宏平均召回率,并且极大地缓解了部分类上的逃逸攻击。

关键词: 网络流量分类, 对比学习, 变分自编码器, 入侵检测

Abstract:

In order to protect against unknown threats and evasion attacks, a new method based on contrastive learning for fine-grained unknown malicious traffic classification was proposed.Specifically, based on variational auto-encoder (CVAE), it included two classification stages, and cross entropy and reconstruction errors were used for known and unknown traffic classification respectively.Different form other methods, contrastive learning was adopted in different classification stages, which significantly improved the classification performance of the few-shot and unknown (zero-shot) classes.Moreover, some techniques (e.g., re-training and re-sample) combined with contrastive learning further improved the classification performance of the few-shot classes and the generalization ability of model.Experimental results indicate that the proposed method has increased the macro recall of few-shot classes by 20.3% and the recall of unknown attacks by 9.1% respectively, and it also has protected against evasion attacks on partial classes to some extent.

Key words: networA traffic classification, contrastive learning, variational auto-encoder, intrusion detection

中图分类号: 

No Suggested Reading articles found!