电信科学 ›› 2023, Vol. 39 ›› Issue (10): 85-100.doi: 10.11959/j.issn.1000-0801.2023166
• 研究与开发 • 上一篇
胡炜晨, 许聪源, 詹勇, 陈广辉, 刘思情, 王志强, 王晓琳
修回日期:
2023-08-21
出版日期:
2023-10-01
发布日期:
2023-10-01
作者简介:
胡炜晨(2000- ),男,嘉兴学院信息科学与工程学院在读,主要研究方向为网络安全和机器学习基金资助:
Weichen HU, Congyuan XU, Yong ZHAN, Guanghui CHEN, Siqing LIU, Zhiqiang WANG, Xiaolin WANG
Revised:
2023-08-21
Online:
2023-10-01
Published:
2023-10-01
Supported by:
摘要:
现有的网络入侵检测技术多数需要大量恶意样本用于模型训练,但在现网实战时,往往只能获取少量的入侵流量样本,属于小样本条件。对此,提出了一种适用于小样本条件的网络入侵检测方法。该方法由数据包采样模块和元学习模块两部分组成,数据包采样模块用于对网络原始数据进行筛选、剪切与重组,元学习模块则用于特征提取、结果分类。在基于真实网络流量数据源构建的 3 个小样本数据集上的实验结果表明,该方法适用性好、收敛快,能有效减少异常点的出现,在 10 个训练样本下的检测率最高可达 99.29%,准确率最高可达97.93%,相比目前已有的算法,分别提升了0.12%和0.37%。
中图分类号:
胡炜晨, 许聪源, 詹勇, 陈广辉, 刘思情, 王志强, 王晓琳. 一种适用于小样本条件的网络入侵检测方法[J]. 电信科学, 2023, 39(10): 85-100.
Weichen HU, Congyuan XU, Yong ZHAN, Guanghui CHEN, Siqing LIU, Zhiqiang WANG, Xiaolin WANG. A network intrusion detection method designed for few-shot scenarios[J]. Telecommunications Science, 2023, 39(10): 85-100.
表5
在CICIDS2017AS数据集上的检测结果"
名称 | K=3 | K=5 | K=10 | |||||
ACC | DR | ACC | DR | ACC | DR | |||
攻击-A | 94.14% | 94.61% | 98.60% | 97.28% | 99.60% | 99.24% | ||
攻击-B | 98.54% | 97.87% | 99.17% | 99.60% | 99.66% | 99.87% | ||
攻击-C | 80.60% | 88.09% | 84.23% | 90.19% | 92.14% | 93.61% | ||
攻击-D | 97.40% | 97.48% | 97.50% | 97.57% | 99.99% | 99.99% | ||
攻击-E | 96.20% | 96.27% | 97.75% | 97.72% | 98.24% | 97.94% | ||
平均值 | 93.38% | 94.86% | 95.45% | 96.47% | 97.93% | 98.13% |
表6
在ISCX2012AS上的跨网检测结果"
训练集→测试集 | K=3 | K=5 | K=10 | |||||
ACC | DR | ACC | DR | ACC | DR | |||
A,B,C,D,E→a | 99.99% | 99.99% | 99.99% | 99.99% | 99.95% | 99.99% | ||
A,B,C,D,E→b | 86.23% | 84.41% | 95.07% | 95.56% | 98.90% | 99.27% | ||
A,B,C,D,E→c | 96.14% | 95.82% | 99.85% | 99.79% | 97.50% | 99.99% | ||
A,B,C,D,E→d | 85.30% | 81.80% | 94.14% | 93.34% | 98.96% | 97.90% | ||
平均值 | 91.92% | 90.51% | 97.26% | 97.17% | 98.83% | 99.29% |
表7
在CICIDS2017AS上的跨网检测结果"
训练集→测试集 | K=3 | K=5 | K=10 | |||||
ACC | DR | ACC | DR | ACC | DR | |||
a,b,c,d,→A | 92.80% | 92.69% | 95.75% | 98.17% | 98.93% | 98.81% | ||
a,b,c,d,→B | 92.14% | 93.92% | 95.10% | 97.62% | 97.00% | 96.74% | ||
a,b,c,d,→C | 82.2% | 91.04% | 86.4% | 88.19% | 99.20% | 99.75% | ||
a,b,c,d,→D | 96.34% | 98.26% | 97.30% | 97.43% | 97.56% | 97.46% | ||
a,b,c,d,→E | 93.65% | 92.52% | 96.34% | 96.23% | 96.97% | 97.96% | ||
平均值 | 91.43% | 93.60% | 94.18% | 95.53% | 97.93% | 98.14% |
表8
本文方法和相关研究工作的检测结果和样本数量对比"
方法 | 数据集 | 样本数量/个 | 准确率 | 检测率 |
Deep-CapsNet与ARCN(2021年)[ | ISCX2012FS | 5 | N/A | 78.35% |
Deep-CapsNet与ARCN(2021年)[ | CICIDS2017FS | 5 | N/A | 81.65% |
FC-Net(2020年)[ | ISCX2012FS | 5 | 97.56% | 98.78% |
FC-Net(2020年)[ | CICIDS2017FS | 5 | 94.33% | 99.17% |
FS-IDS(2022年)[ | CICIDS2017 | 5 | 97.51% | 99.00% |
基于L2F和模型无关的入侵检测方法(2023年)[ | CICIDS2017 | 10 | 94.66% | 96.68% |
基于元学习的连续小样本入侵检测方法(2022年)[ | CICIDS2017+NDSec-1 | 10 | 97.56% | N/A |
一种新型的多阶段层次入侵检测方法(2023年)[ | CICIDS2017 | 47(零日样本) | 96.00% | 95.75% |
本文方法 | ISCX2012AS | 3 | 94.55% | 95.17% |
5 | 97.93% | 97.79% | ||
10 | 98.83% | 99.29% | ||
本文方法 | CICIDS2017AS | 3 | 93.38% | 94.86% |
5 | 95.45% | 96.47% | ||
10 | 97.93% | 98.14% |
[1] | LEE S W , SIDQI H M , MOHAMMADI M ,et al. Towards secure intrusion detection systems using deep learning techniques:comprehensive analysis and review[J]. Journal of Network and Computer Applications, 2021(187): 103111. |
[2] | ZHANG Y , LI G Q , DUAN Q Q ,et al. An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection[J]. Physical Communication, 2022(55): 101931. |
[3] | LI W H , LIU X L , BILEN H . Cross-domain few-shot learning with task-specific adapters[C]// Proceedings of 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2022: 7151-7160. |
[4] | ZHANG Z Z , LAN C L , ZENG W J ,et al. Uncertainty-aware few-shot image classification[C]// Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence. California:International Joint Conferences on Artificial Intelligence Organization, 2021: 3420-3426. |
[5] | AFRASIYABI A , LALONDE J F , GAGNé C . Mixture-based feature space learning for few-shot image classification[C]// Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway:IEEE Press, 2022: 9021-9031. |
[6] | KANG D , KWON H , MIN J H ,et al. Relational embedding for few-shot classification[C]// Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Piscataway:IEEE Press, 2022: 8802-8813. |
[7] | ALDWAIRI T , PERERA D , NOVOTNY M . An evaluation of the performance of restricted Boltzmann machines as a model for anomaly network intrusion detection[J]. Computer Networks, 2018(144): 111-119. |
[8] | ABDELMOUMIN G , RAWAT D B , RAHMAN A . On the performance of machine learning models for anomaly-based intelligent intrusion detection systems for the Internet of things[J]. IEEE Internet of Things Journal, 2022,9(6): 4280-4290. |
[9] | HAGHIGHAT M H , LI J . Intrusion detection system using voting-based neural network[J]. Tsinghua Science and Technology, 2021,26(4): 484-495. |
[10] | BASATI A , FAGHIH M M . DFE:efficient IoT network intrusion detection using deep feature extraction[J]. Neural Computing and Applications, 2022,34(18): 15175-15195. |
[11] | SOLTANI M , SIAVOSHANI M J , JAHANGIR A H . A content-based deep intrusion detection system[J]. International Journal of Information Security, 2022,21(3): 547-562. |
[12] | LIANG W , HU Y Y , ZHOU X K ,et al. Variational few-shot learning for microservice-oriented intrusion detection in distributed industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2021,18(8): 5087-5095. |
[13] | XU C Y , SHEN J Z , DU X . A method of few-shot network intrusion detection based on meta-learning framework[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 3540-3552. |
[14] | ILIYASU A S , ABDURRAHMAN U A , ZHENG L R . Few-shot network intrusion detection using discriminative representation learning with supervised autoencoder[J]. Applied Sciences, 2022,12(5): 2351. |
[15] | YANG J C , LI H W , SHAO S ,et al. FS-IDS:a framework for intrusion detection based on few-shot learning[J]. Computers &Security, 2022,122:102899. |
[16] | OUYANG Y K , LI B B , KONG Q L ,et al. FS-IDS:a novel few-shot learning based intrusion detection system for SCADA networks[C]// Proceedings of ICC 2021 - IEEE International Conference on Communications. Piscataway:IEEE Press, 2021: 1-6. |
[17] | YU L , DONG J T , CHEN L H ,et al. PBCNN:packet bytes-based convolutional neural network for network intrusion detection[J]. Computer Networks, 2021(194): 108117. |
[18] | WANG Z M , TIAN J Y , QIN J ,et al. A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data[J]. Computational Intelligence and Neuroscience, 2021: 1-17. |
[19] | GAMAL M , ABBAS H M , MOUSTAFA N ,et al. Few-shot learning for discovering anomalous behaviors in edge networks[J]. Computers,Materials & Continua, 2021,69(2): 1823-1837. |
[20] | SHI Z X , XING M Y , ZHANG J ,et al. Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method[C]// Proceedings of 2023 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway:IEEE Press, 2023: 1-6. |
[21] | YE T P , LI G L , AHMAD I ,et al. FLAG:few-shot latent Dirichlet generative learning for semantic-aware traffic detection[J]. IEEE Transactions on Network and Service Management, 2022,19(1): 73-88. |
[22] | VERKERKEN M , D’HOOGE L , SUDYANA D ,et al. A novel multi-stage approach for hierarchical intrusion detection[J]. IEEE Transactions on Network and Service Management, 2023,PP(99): 1. |
[23] | XU H , WANG Y J . A continual few-shot learning method via meta-learning for intrusion detection[C]// Proceedings of 2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT). Piscataway:IEEE Press, 2022: 1188-1194. |
[24] | SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization[C]// Proceedings of the 4th International Conference on Information Systems Security and Privacy. San Francisco:Science and Technology Publications, 2018: 108-116. |
[25] | SHIRAVI A , SHIRAVI H , TAVALLAEE M ,et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers & Security, 2012,31(3): 357-374. |
[26] | MA W G , ZHANG Y D , GUO J ,et al. Few-shot abnormal network traffic detection based on multi-scale deep-CapsNet and adversarial reconstruction[J]. International Journal of Computational Intelligence Systems, 2021,14(1): 1-25. |
[1] | 张剑, 程俊华, 龚菡洁, 李红, 牛凯. 基于云边协同的高可用厨房卫生监控系统[J]. 电信科学, 2023, 39(Z1): 62-70. |
[2] | 祝谷乔, 姜超, 徐煜烨. 超分辨率重建技术及其在智能终端上的应用[J]. 电信科学, 2023, 39(7): 156-165. |
[3] | 叶振, 王国相, 宋俊锋, 刘昊坤, 黎天送. 一种基于深度可分离卷积的VVC帧内编码快速块划分算法[J]. 电信科学, 2023, 39(7): 99-108. |
[4] | 周胜利, 蒋可怡, 徐博, 徐睿, 张熙康, 赵泉喆, 徐阳东. 面向电信网络诈骗治理的网络安全课程构建效能评估研究[J]. 电信科学, 2023, 39(6): 122-128. |
[5] | 卢敏, 胡娟, 张先超, 丁伟健, 乐光学. 基于用户多特征融合的个性化推荐模型[J]. 电信科学, 2023, 39(5): 101-115. |
[6] | 张乐, 马洪源. 运营商网络边缘云安全实践[J]. 电信科学, 2023, 39(4): 165-172. |
[7] | 马稼明, 潘路平, 张琰琳. 基于Transformer的互联网暗链检测方法[J]. 电信科学, 2022, 38(Z2): 241-247. |
[8] | 诸葛斌, 尹正虎, 斯文学, 颜蕾, 董黎刚, 蒋献. 基于学生知识追踪的多指标习题推荐算法[J]. 电信科学, 2022, 38(9): 129-143. |
[9] | 陈伟雄, 杨晓晨, 春增军, 李若兰, 张华. 电力企业网络安全威胁情报管理体系的研究与实践[J]. 电信科学, 2022, 38(7): 184-189. |
[10] | 周杰, Esono Mikue Bernardo Esono, 王学英, 周惠婷, 罗宏. 基于SLM-PTS算法融合的NC-OFDM峰均比优化[J]. 电信科学, 2022, 38(7): 63-74. |
[11] | 申情, 郭文宾, 楼俊钢, 余强国. 考虑多层次潜在特征的个性化推荐模型[J]. 电信科学, 2022, 38(2): 71-83. |
[12] | 李攀攀, 谢正霞, 乐光学, 刘鑫. 基于深度学习的无线通信接收方法研究进展与趋势[J]. 电信科学, 2022, 38(2): 1-17. |
[13] | 刘亚天, 呼博文, 陈茂飞, 刘东鑫. 5GC安全态势感知系统研究[J]. 电信科学, 2022, 38(11): 73-85. |
[14] | 陈志宏, 王明晓. 计算机视觉在智慧安防中的应用[J]. 电信科学, 2021, 37(8): 142-147. |
[15] | 孙姝君, 彭盛亮, 姚育东, 杨喜. 基于深度学习的调制识别综述[J]. 电信科学, 2021, 37(5): 82-90. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|