摘要
为应对层出不穷的新型网络威胁,提出了一种基于对比增量学习的细粒度恶意流量识别方法。所提方法基于变分自编码器和极值理论,在对已知类、小样本类和未知类流量实现高性能检测的同时,还可以在不采用大量原任务样本的条件下快速实现对新增恶意类的识别,以满足增量学习场景下对存储成本和训练时间的要求。具体来说,模型将对比学习融入变分自编码器的编码阶段,并采用A-Softmax实现对已知类和小样本类的识别;将变分自编码器重构与极值理论结合,采用重构误差实现对未知类的识别;利用变分自编码器存储原有类知识,采用样本重构和知识蒸馏方法,在不采用大量原有类样本的条件下实现对所有类样本的识别。实验结果表明,所提方法不仅实现了对已知类、小样本类和未知类流量高性能检测,并且所设计的样本重构和知识蒸馏模块均可有效降低增量学习场景下对原有类知识的遗忘速度。
In order to protect against continuously emerging unknown threats,a new method based on contrastive incremental learning for fine-grained malicious traffic classification was proposed.The proposed method was based on variational auto-encoder(VAE)and extreme value theory(EVT),and the high accuracy could be achieved in known,few-shot and unknown malicious classes and new classes were also identified without using a large number of old task samples,which met the demand of storage and time cost in incremental learning scenarios.Specifically,the contrastive learning was integrated into the encoder of VAE,and the A-Softmax was used for known and few-shot malicious traffic classification,EVT and the decoder of VAE were used for unknown malicious traffic recognition,all classes could be recognized without a lot of old samples when learning new tasks by using VAE reconstruction and knowledge distillation methods.Experimental results indicate that the proposed method is efficient in known,few-shot and unknown malicious classes,and has greatly reduced the forgetting speed of old knowledge in incremental learning scenarios.
作者
王一丰
郭渊博
陈庆礼
方晨
林韧昊
周永良
马佳利
WANG Yifeng;GUO Yuanbo;CHEN Qingli;FANG Chen;LIN Renhao;ZHOU Yongliang;MA Jiali(Cryptography Engineering Institute,Information Engineering University,Zhengzhou 450001,China;College of Computer and Artificial Intelligence,Zhengzhou University,Zhengzhou 450001,China)
出处
《通信学报》
EI
CSCD
北大核心
2023年第3期1-11,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.62276091)
河南省重大公益专项基金资助项目(No.201300311200)。
关键词
网络流量分类
变分自编码器
增量学习
对比学习
network traffic classification
variational auto-encoder
incremental learning
contrastive learning
