一种基于少样本且不均衡的网络攻击流量检测系统

为解决网络攻击流量检测中使用的有监督学习方法严重依赖标签数据规模的问题,针对一种少样本且不均衡的攻击流量检测场景,即训练数据仅包含少量蜜罐捕获的攻击流量且无正常流量,设计了一个攻击流量检测系统,并构建了基于孪生网络和深度学习卷积神经网络(CNN)的网络攻击流量检测模型(CNN-Siamese),以实现少样本且不均衡的攻...

A Network Attack Traffic Detection System Based on a Small Sample and Imbalanced Data

In order to solve the problem that the supervised learning method used in network attack traffic detection relies heavily on the scale of label data, an attack traffic detection system is designed and a network attack traffic detection model (CNN-Siamese) based on siamese network and deep learning convolutional neural network (CNN) is built to achieve the purpose of few-shot and uneven attack traffic detection. Subsequently, a pre-trained detection model AE-CNN-Siamese was constructed, adopting the idea of migration learning, to solve the problem of unstable prediction caused by CNN-Simaese on obtaining training samples. In addition, the contrastive loss function commonly used in a siamese network is improved. The experimental results show that CNN-Siamese can accurately detect attack traffic. Compared with CNN and CNN-SVM, it can correct the error when there is no significant gap in the false negative rate. The reporting rate is reduced from 30% to 2%; the prediction result of AE-CNN-Sia-mese is more stable than that of CNN-Siamese; the improved loss function improves the convergence speed of the model and accelerates model training.