一种适用于小样本条件的网络入侵检测方法

胡炜晨; 许聪源; 詹勇; 陈广辉; 刘思情; 王志强; 王晓琳

doi:10.11959/j.issn.1000-0801.2023166

您当前的位置：

首页 >

文章列表页 >

一种适用于小样本条件的网络入侵检测方法

研究与开发 | 更新时间：2024-06-05

- 一种适用于小样本条件的网络入侵检测方法
- A network intrusion detection method designed for few-shot scenarios
- 电信科学 2023年39卷第10期页码：85-100
- 作者机构：
- 作者简介：
  
  [ "胡炜晨（2000- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为网络安全和机器学习" ]
  [ "许聪源（1990- ），男，博士，嘉兴学院信息科学与工程学院讲师，主要研究方向为网络空间安全和智能信息处理" ]
  [ "詹勇（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为信息安全和深度学习" ]
  [ "陈广辉（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为人工智能和信息安全" ]
  [ "刘思情（2002- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为人工智能和漏洞检测" ]
  [ "王志强（2003- ），男，嘉兴学院信息科学与工程学院在读，主要研究方向为网络安全与人工智能" ]
  [ "王晓琳（1989- ），女，博士，嘉兴学院信息科学与工程学院讲师，主要研究方向为智能回归测试和深度学习" ]
- 基金信息：
  
  浙江省自然科学基金资助项目;The Natural Science Foundation of Zhejiang Province(LQ23F020006);浙江省自然科学基金资助项目;The Natural Science Foundation of Zhejiang Province(LQ22F020004)
- DOI：10.11959/j.issn.1000-0801.2023166
  中图分类号： TP393
- 网络出版日期：2023-10，
  
  纸质出版日期：2023-10-20
- 稿件说明：
移动端阅览
胡炜晨, 许聪源, 詹勇, 等. 一种适用于小样本条件的网络入侵检测方法[J]. 电信科学, 2023,39(10):85-100.

Weichen HU, Congyuan XU, Yong ZHAN, et al. A network intrusion detection method designed for few-shot scenarios[J]. Telecommunications science, 2023, 39(10): 85-100.
胡炜晨, 许聪源, 詹勇, 等. 一种适用于小样本条件的网络入侵检测方法[J]. 电信科学, 2023,39(10):85-100. DOI： 10.11959/j.issn.1000-0801.2023166.

Weichen HU, Congyuan XU, Yong ZHAN, et al. A network intrusion detection method designed for few-shot scenarios[J]. Telecommunications science, 2023, 39(10): 85-100. DOI： 10.11959/j.issn.1000-0801.2023166.

摘要

现有的网络入侵检测技术多数需要大量恶意样本用于模型训练，但在现网实战时，往往只能获取少量的入侵流量样本，属于小样本条件。对此，提出了一种适用于小样本条件的网络入侵检测方法。该方法由数据包采样模块和元学习模块两部分组成，数据包采样模块用于对网络原始数据进行筛选、剪切与重组，元学习模块则用于特征提取、结果分类。在基于真实网络流量数据源构建的 3 个小样本数据集上的实验结果表明，该方法适用性好、收敛快，能有效减少异常点的出现，在 10 个训练样本下的检测率最高可达 99.29%，准确率最高可达97.93%，相比目前已有的算法，分别提升了0.12%和0.37%。

Abstract

Existing intrusion detection techniques often require numerous malicious samples for model training.However

in real-world scenarios

only a small number of intrusion traffic samples can be obtained

which belong to few-shot scenarios.To address this challenge

a network intrusion detection method designed for few-shot scenarios was proposed.The method comprised two main parts: a packet sampling module and a meta-learning module.The packet sampling module was used for filtering

segmenting

and recombining raw network data

while the meta-learning module was used for feature extraction and result classification.Experimental results based on three few-shot datasets constructed from real network traffic data sources show that the method exhibits good applicability and fast convergence and effectively reduces the occurrence of outliers.In the case of 10 training samples

the maximum achievable detection rate is 99.29%

while the accuracy rate can reach a maximum of 97.93%.These findings demonstrate a noticeable improvement of 0.12% and 0.37% respectively

in comparison to existing algorithms.

关键词

Keywords

references

LEE S W , SIDQI H M , MOHAMMADI M , et al . Towards secure intrusion detection systems using deep learning techniques:comprehensive analysis and review [J ] . Journal of Network and Computer Applications , 2021 ( 187 ): 103111 .

ZHANG Y , LI G Q , DUAN Q Q , et al . An interpretable intrusion detection method based on few-shot learning in cloud-ground interconnection [J ] . Physical Communication , 2022 ( 55 ): 101931 .

LI W H , LIU X L , BILEN H . Cross-domain few-shot learning with task-specific adapters [C ] // Proceedings of 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) . Piscataway:IEEE Press , 2022 : 7151 - 7160 .

ZHANG Z Z , LAN C L , ZENG W J , et al . Uncertainty-aware few-shot image classification [C ] // Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence . California:International Joint Conferences on Artificial Intelligence Organization , 2021 : 3420 - 3426 .

AFRASIYABI A , LALONDE J F , GAGNÉ C . Mixture-based feature space learning for few-shot image classification [C ] // Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV) . Piscataway:IEEE Press , 2022 : 9021 - 9031 .

KANG D , KWON H , MIN J H , et al . Relational embedding for few-shot classification [C ] // Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV) . Piscataway:IEEE Press , 2022 : 8802 - 8813 .

ALDWAIRI T , PERERA D , NOVOTNY M . An evaluation of the performance of restricted Boltzmann machines as a model for anomaly network intrusion detection [J ] . Computer Networks , 2018 ( 144 ): 111 - 119 .

ABDELMOUMIN G , RAWAT D B , RAHMAN A . On the performance of machine learning models for anomaly-based intelligent intrusion detection systems for the Internet of things [J ] . IEEE Internet of Things Journal , 2022 , 9 ( 6 ): 4280 - 4290 .

HAGHIGHAT M H , LI J . Intrusion detection system using voting-based neural network [J ] . Tsinghua Science and Technology , 2021 , 26 ( 4 ): 484 - 495 .

BASATI A , FAGHIH M M . DFE:efficient IoT network intrusion detection using deep feature extraction [J ] . Neural Computing and Applications , 2022 , 34 ( 18 ): 15175 - 15195 .

SOLTANI M , SIAVOSHANI M J , JAHANGIR A H . A content-based deep intrusion detection system [J ] . International Journal of Information Security , 2022 , 21 ( 3 ): 547 - 562 .

LIANG W , HU Y Y , ZHOU X K , et al . Variational few-shot learning for microservice-oriented intrusion detection in distributed industrial IoT [J ] . IEEE Transactions on Industrial Informatics , 2021 , 18 ( 8 ): 5087 - 5095 .

XU C Y , SHEN J Z , DU X . A method of few-shot network intrusion detection based on meta-learning framework [J ] . IEEE Transactions on Information Forensics and Security , 2020 , 15 : 3540 - 3552 .

ILIYASU A S , ABDURRAHMAN U A , ZHENG L R . Few-shot network intrusion detection using discriminative representation learning with supervised autoencoder [J ] . Applied Sciences , 2022 , 12 ( 5 ): 2351 .

YANG J C , LI H W , SHAO S , et al . FS-IDS:a framework for intrusion detection based on few-shot learning [J ] . Computers ＆Security , 2022 ,122:102899.

OUYANG Y K , LI B B , KONG Q L , et al . FS-IDS:a novel few-shot learning based intrusion detection system for SCADA networks [C ] // Proceedings of ICC 2021 - IEEE International Conference on Communications . Piscataway:IEEE Press , 2021 : 1 - 6 .

YU L , DONG J T , CHEN L H , et al . PBCNN:packet bytes-based convolutional neural network for network intrusion detection [J ] . Computer Networks , 2021 ( 194 ): 108117 .

WANG Z M , TIAN J Y , QIN J , et al . A few-shot learning-based Siamese capsule network for intrusion detection with imbalanced training data [J ] . Computational Intelligence and Neuroscience , 2021 : 1 - 17 .

GAMAL M , ABBAS H M , MOUSTAFA N , et al . Few-shot learning for discovering anomalous behaviors in edge networks [J ] . Computers,Materials ＆ Continua , 2021 , 69 ( 2 ): 1823 - 1837 .

SHI Z X , XING M Y , ZHANG J , et al . Few-shot network intrusion detection based on model-agnostic meta-learning with L2F method [C ] // Proceedings of 2023 IEEE Wireless Communications and Networking Conference (WCNC) . Piscataway:IEEE Press , 2023 : 1 - 6 .

YE T P , LI G L , AHMAD I , et al . FLAG:few-shot latent Dirichlet generative learning for semantic-aware traffic detection [J ] . IEEE Transactions on Network and Service Management , 2022 , 19 ( 1 ): 73 - 88 .

VERKERKEN M , D’HOOGE L , SUDYANA D , et al . A novel multi-stage approach for hierarchical intrusion detection [J ] . IEEE Transactions on Network and Service Management , 2023 , PP ( 99 ): 1 .

XU H , WANG Y J . A continual few-shot learning method via meta-learning for intrusion detection [C ] // Proceedings of 2022 IEEE 4th International Conference on Civil Aviation Safety and Information Technology (ICCASIT) . Piscataway:IEEE Press , 2022 : 1188 - 1194 .

SHARAFALDIN I , HABIBI LASHKARI A , GHORBANI A A . Toward generating a new intrusion detection dataset and intrusion traffic characterization [C ] // Proceedings of the 4th International Conference on Information Systems Security and Privacy . San Francisco:Science and Technology Publications , 2018 : 108 - 116 .

SHIRAVI A , SHIRAVI H , TAVALLAEE M , et al . Toward developing a systematic approach to generate benchmark datasets for intrusion detection [J ] . Computers ＆ Security , 2012 , 31 ( 3 ): 357 - 374 .

MA W G , ZHANG Y D , GUO J , et al . Few-shot abnormal network traffic detection based on multi-scale deep-CapsNet and adversarial reconstruction [J ] . International Journal of Computational Intelligence Systems , 2021 , 14 ( 1 ): 1 - 25 .

浏览量

311

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

模式匹配在网络安全中的研究

车联网中基于stacking集成学习的攻击检测模型

GMTBLC：基于深度学习的双模态网络流量分类

面向车联网的基于卷积神经网络的入侵检测模型

5G网络量子安全算法应用研究