一种适用于小样本条件的网络入侵检测方法

doi:10.11959/j.issn.1000-0801.2023166

电信科学 ›› 2023, Vol. 39 ›› Issue (10): 85-100.doi: 10.11959/j.issn.1000-0801.2023166

• 研究与开发 • 上一篇

一种适用于小样本条件的网络入侵检测方法

胡炜晨, 许聪源, 詹勇, 陈广辉, 刘思情, 王志强, 王晓琳

嘉兴学院信息科学与工程学院，浙江嘉兴 314001

修回日期:2023-08-21 出版日期:2023-10-01 发布日期:2023-10-01
作者简介:胡炜晨（2000- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为网络安全和机器学习
许聪源（1990- ），男，博士，嘉兴学院信息科学与工程学院讲师，主要研究方向为网络空间安全和智能信息处理
詹勇（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为信息安全和深度学习
陈广辉（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为人工智能和信息安全
刘思情（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为人工智能和漏洞检测
王志强（2003- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为网络安全与人工智能
王晓琳（1989- ），女，博士，嘉兴学院信息科学与工程学院讲师，主要研究方向为智能回归测试和深度学习
基金资助:
浙江省自然科学基金资助项目(LQ23F020006);浙江省自然科学基金资助项目(LQ22F020004)

A network intrusion detection method designed for few-shot scenarios

Weichen HU, Congyuan XU, Yong ZHAN, Guanghui CHEN, Siqing LIU, Zhiqiang WANG, Xiaolin WANG

College of Information Science and Engineering, Jiaxing University, Jiaxing 314001, China

Revised:2023-08-21 Online:2023-10-01 Published:2023-10-01
Supported by:
The Natural Science Foundation of Zhejiang Province(LQ23F020006);The Natural Science Foundation of Zhejiang Province(LQ22F020004)

摘要/Abstract

摘要：

现有的网络入侵检测技术多数需要大量恶意样本用于模型训练，但在现网实战时，往往只能获取少量的入侵流量样本，属于小样本条件。对此，提出了一种适用于小样本条件的网络入侵检测方法。该方法由数据包采样模块和元学习模块两部分组成，数据包采样模块用于对网络原始数据进行筛选、剪切与重组，元学习模块则用于特征提取、结果分类。在基于真实网络流量数据源构建的 3 个小样本数据集上的实验结果表明，该方法适用性好、收敛快，能有效减少异常点的出现，在 10 个训练样本下的检测率最高可达 99.29%，准确率最高可达97.93%，相比目前已有的算法，分别提升了0.12%和0.37%。

关键词: 入侵检测, 小样本, 元学习, 网络安全, 深度学习

Abstract:

Existing intrusion detection techniques often require numerous malicious samples for model training.However, in real-world scenarios, only a small number of intrusion traffic samples can be obtained, which belong to few-shot scenarios.To address this challenge, a network intrusion detection method designed for few-shot scenarios was proposed.The method comprised two main parts: a packet sampling module and a meta-learning module.The packet sampling module was used for filtering, segmenting, and recombining raw network data, while the meta-learning module was used for feature extraction and result classification.Experimental results based on three few-shot datasets constructed from real network traffic data sources show that the method exhibits good applicability and fast convergence and effectively reduces the occurrence of outliers.In the case of 10 training samples, the maximum achievable detection rate is 99.29%, while the accuracy rate can reach a maximum of 97.93%.These findings demonstrate a noticeable improvement of 0.12% and 0.37% respectively, in comparison to existing algorithms.

Key words: intrusion detection, few-shot, meta-learning, network security, deep learning

中图分类号:

TP393

胡炜晨, 许聪源, 詹勇, 陈广辉, 刘思情, 王志强, 王晓琳. 一种适用于小样本条件的网络入侵检测方法[J]. 电信科学, 2023, 39(10): 85-100.

Weichen HU, Congyuan XU, Yong ZHAN, Guanghui CHEN, Siqing LIU, Zhiqiang WANG, Xiaolin WANG. A network intrusion detection method designed for few-shot scenarios[J]. Telecommunications Science, 2023, 39(10): 85-100.

图/表 16

图1

图2

表1

表2

图3

表3

表4

表5

表6

表7

图4

图5

表8

图6

图7

图8

参考文献 26

[1]	LEE S W , SIDQI H M , MOHAMMADI M ,et al. Towards secure intrusion detection systems using deep learning techniques:comprehensive analysis and review[J]. Journal of Network and Computer Applications, 2021(187): 103111.
[2]	ZHANG Y , LI G Q , DUAN Q Q ,et al. An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection[J]. Physical Communication, 2022(55): 101931.
[3]	LI W H , LIU X L , BILEN H . Cross-domain few-shot learning with task-specific adapters[C]// Proceedings of 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2022: 7151-7160.
[4]	ZHANG Z Z , LAN C L , ZENG W J ,et al. Uncertainty-aware few-shot image classification[C]// Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence. California:International Joint Conferences on Artificial Intelligence Organization, 2021: 3420-3426.
[5]	AFRASIYABI A , LALONDE J F , GAGNé C . Mixture-based feature space learning for few-shot image classification[C]// Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway:IEEE Press, 2022: 9021-9031.
[6]	KANG D , KWON H , MIN J H ,et al. Relational embedding for few-shot classification[C]// Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway:IEEE Press, 2022: 8802-8813.
[7]	ALDWAIRI T , PERERA D , NOVOTNY M . An evaluation of the performance of restricted Boltzmann machines as a model for anomaly network intrusion detection[J]. Computer Networks, 2018(144): 111-119.
[8]	ABDELMOUMIN G , RAWAT D B , RAHMAN A . On the performance of machine learning models for anomaly-based intelligent intrusion detection systems for the Internet of things[J]. IEEE Internet of Things Journal, 2022,9(6): 4280-4290.
[9]	HAGHIGHAT M H , LI J . Intrusion detection system using voting-based neural network[J]. Tsinghua Science and Technology, 2021,26(4): 484-495.
[10]	BASATI A , FAGHIH M M . DFE:efficient IoT network intrusion detection using deep feature extraction[J]. Neural Computing and Applications, 2022,34(18): 15175-15195.
[11]	SOLTANI M , SIAVOSHANI M J , JAHANGIR A H . A content-based deep intrusion detection system[J]. International Journal of Information Security, 2022,21(3): 547-562.
[12]	LIANG W , HU Y Y , ZHOU X K ,et al. Variational few-shot learning for microservice-oriented intrusion detection in distributed industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2021,18(8): 5087-5095.
[13]	XU C Y , SHEN J Z , DU X . A method of few-shot network intrusion detection based on meta-learning framework[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 3540-3552.
[14]	ILIYASU A S , ABDURRAHMAN U A , ZHENG L R . Few-shot network intrusion detection using discriminative representation learning with supervised autoencoder[J]. Applied Sciences, 2022,12(5): 2351.
[15]	YANG J C , LI H W , SHAO S ,et al. FS-IDS:a framework for intrusion detection based on few-shot learning[J]. Computers ＆Security, 2022,122:102899.
[16]	OUYANG Y K , LI B B , KONG Q L ,et al. FS-IDS:a novel few-shot learning based intrusion detection system for SCADA networks[C]// Proceedings of ICC 2021 - IEEE International Conference on Communications. Piscataway:IEEE Press, 2021: 1-6.
[17]	YU L , DONG J T , CHEN L H ,et al. PBCNN:packet bytes-based convolutional neural network for network intrusion detection[J]. Computer Networks, 2021(194): 108117.
[18]	WANG Z M , TIAN J Y , QIN J ,et al. A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data[J]. Computational Intelligence and Neuroscience, 2021: 1-17.
[19]	GAMAL M , ABBAS H M , MOUSTAFA N ,et al. Few-shot learning for discovering anomalous behaviors in edge networks[J]. Computers,Materials ＆ Continua, 2021,69(2): 1823-1837.
[20]	SHI Z X , XING M Y , ZHANG J ,et al. Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method[C]// Proceedings of 2023 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway:IEEE Press, 2023: 1-6.
[21]	YE T P , LI G L , AHMAD I ,et al. FLAG:few-shot latent Dirichlet generative learning for semantic-aware traffic detection[J]. IEEE Transactions on Network and Service Management, 2022,19(1): 73-88.
[22]	VERKERKEN M , D’HOOGE L , SUDYANA D ,et al. A novel multi-stage approach for hierarchical intrusion detection[J]. IEEE Transactions on Network and Service Management, 2023,PP(99): 1.
[23]	XU H , WANG Y J . A continual few-shot learning method via meta-learning for intrusion detection[C]// Proceedings of 2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT). Piscataway:IEEE Press, 2022: 1188-1194.
[24]	SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy. San Francisco:Science and Technology Publications, 2018: 108-116.
[25]	SHIRAVI A , SHIRAVI H , TAVALLAEE M ,et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers ＆ Security, 2012,31(3): 357-374.
[26]	MA W G , ZHANG Y D , GUO J ,et al. Few-shot abnormal network traffic detection based on multi-scale deep-CapsNet and adversarial reconstruction[J]. International Journal of Computational Intelligence Systems, 2021,14(1): 1-25.

名称	攻击类型
攻击-a	内部网络渗透
攻击-b	HTTP拒绝服务攻击
攻击-c	使用IRC僵尸网络的DDoS攻击
攻击-d	暴力破解SSH
正常	正常流量

名称	攻击类型
攻击-A	暴力破解FTP
攻击-B	暴力破解SSH
攻击-C	使用 Slowloris、Slowhttptest、Hulk、GoldenEye的DoS攻击
攻击-D	端口扫描攻击
攻击-E	使用LOIT的DDoS攻击
正常	正常流量

超参数	值
α	4×10^-2
β	2×10^-4
epoch	1 000
update	3
batch-size	8

名称	K=3		K=5		K=10
名称	ACC	DR	ACC	DR	ACC	DR
攻击-a	97.58%	97.99%	99.96%	99.92%	99.30%	98.81%
攻击-b	88.32%	88.74%	99.27%	98.93%	99.06%	98.13%
攻击-c	93.10%	94.73%	95.22%	94.80%	97.70%	97.83%
攻击-d	99.19%	99.21%	97.25%	97.49%	98.06%	96.03%
平均值	94.55%	95.17%	97.93%	97.79%	98.53%	97.70%

名称	K=3		K=5		K=10
名称	ACC	DR	ACC	DR	ACC	DR
攻击-A	94.14%	94.61%	98.60%	97.28%	99.60%	99.24%
攻击-B	98.54%	97.87%	99.17%	99.60%	99.66%	99.87%
攻击-C	80.60%	88.09%	84.23%	90.19%	92.14%	93.61%
攻击-D	97.40%	97.48%	97.50%	97.57%	99.99%	99.99%
攻击-E	96.20%	96.27%	97.75%	97.72%	98.24%	97.94%
平均值	93.38%	94.86%	95.45%	96.47%	97.93%	98.13%

一种适用于小样本条件的网络入侵检测方法

A network intrusion detection method designed for few-shot scenarios

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 16

参考文献 26

相关文章 15

Metrics

推荐阅读 0

训练集→测试集	K=3		K=5		K=10
训练集→测试集	ACC	DR	ACC	DR	ACC	DR
A,B,C,D,E→a	99.99%	99.99%	99.99%	99.99%	99.95%	99.99%
A,B,C,D,E→b	86.23%	84.41%	95.07%	95.56%	98.90%	99.27%
A,B,C,D,E→c	96.14%	95.82%	99.85%	99.79%	97.50%	99.99%
A,B,C,D,E→d	85.30%	81.80%	94.14%	93.34%	98.96%	97.90%
平均值	91.92%	90.51%	97.26%	97.17%	98.83%	99.29%

方法	数据集	样本数量/个	准确率	检测率
Deep-CapsNet与ARCN(2021年)^[26]	ISCX2012FS	5	N/A	78.35%
Deep-CapsNet与ARCN(2021年)^[26]	CICIDS2017FS	5	N/A	81.65%
FC-Net(2020年)^[13]	ISCX2012FS	5	97.56%	98.78%
FC-Net(2020年)^[13]	CICIDS2017FS	5	94.33%	99.17%
FS-IDS(2022年)^[15]	CICIDS2017	5	97.51%	99.00%
基于L2F和模型无关的入侵检测方法(2023年)^[20]	CICIDS2017	10	94.66%	96.68%
基于元学习的连续小样本入侵检测方法(2022年)^[23]	CICIDS2017+NDSec-1	10	97.56%	N/A
一种新型的多阶段层次入侵检测方法(2023年)^[22]	CICIDS2017	47（零日样本）	96.00%	95.75%
本文方法	ISCX2012AS	3	94.55%	95.17%
		5	97.93%	97.79%
		10	98.83%	99.29%
本文方法	CICIDS2017AS	3	93.38%	94.86%
		5	95.45%	96.47%
		10	97.93%	98.14%

[1]	张剑, 程俊华, 龚菡洁, 李红, 牛凯. 基于云边协同的高可用厨房卫生监控系统[J]. 电信科学, 2023, 39(Z1): 62-70.
[2]	祝谷乔, 姜超, 徐煜烨. 超分辨率重建技术及其在智能终端上的应用[J]. 电信科学, 2023, 39(7): 156-165.
[3]	叶振, 王国相, 宋俊锋, 刘昊坤, 黎天送. 一种基于深度可分离卷积的VVC帧内编码快速块划分算法[J]. 电信科学, 2023, 39(7): 99-108.
[4]	周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128.
[5]	卢敏, 胡娟, 张先超, 丁伟健, 乐光学. 基于用户多特征融合的个性化推荐模型[J]. 电信科学, 2023, 39(5): 101-115.
[6]	张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172.
[7]	马稼明, 潘路平, 张琰琳. 基于Transformer的互联网暗链检测方法[J]. 电信科学, 2022, 38(Z2): 241-247.
[8]	诸葛斌, 尹正虎, 斯文学, 颜蕾, 董黎刚, 蒋献. 基于学生知识追踪的多指标习题推荐算法[J]. 电信科学, 2022, 38(9): 129-143.
[9]	陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189.
[10]	周杰, Esono Mikue Bernardo Esono, 王学英, 周惠婷, 罗宏. 基于SLM-PTS算法融合的NC-OFDM峰均比优化[J]. 电信科学, 2022, 38(7): 63-74.
[11]	申情, 郭文宾, 楼俊钢, 余强国. 考虑多层次潜在特征的个性化推荐模型[J]. 电信科学, 2022, 38(2): 71-83.
[12]	李攀攀, 谢正霞, 乐光学, 刘鑫. 基于深度学习的无线通信接收方法研究进展与趋势[J]. 电信科学, 2022, 38(2): 1-17.
[13]	刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85.
[14]	陈志宏, 王明晓. 计算机视觉在智慧安防中的应用[J]. 电信科学, 2021, 37(8): 142-147.
[15]	孙姝君, 彭盛亮, 姚育东, 杨喜. 基于深度学习的调制识别综述[J]. 电信科学, 2021, 37(5): 82-90.

训练集→测试集	K=3		K=5		K=10
训练集→测试集	ACC	DR	ACC	DR	ACC	DR
a,b,c,d,→A	92.80%	92.69%	95.75%	98.17%	98.93%	98.81%
a,b,c,d,→B	92.14%	93.92%	95.10%	97.62%	97.00%	96.74%
a,b,c,d,→C	82.2%	91.04%	86.4%	88.19%	99.20%	99.75%
a,b,c,d,→D	96.34%	98.26%	97.30%	97.43%	97.56%	97.46%
a,b,c,d,→E	93.65%	92.52%	96.34%	96.23%	96.97%	97.96%
平均值	91.43%	93.60%	94.18%	95.53%	97.93%	98.14%