基于对齐原型网络的小样本异常流量分类OA北大核心CSTPCD

Anomaly traffic classification is a prerequisite for responding to cyber attacks and developing net-work defenses.The large amount of network traffic data leads to high analysis costs,and the small number of new anomaly traffic labeled samples makes classification difficult.Few-shot learning can effectively address this problem.However,few-shot learning based methods still face the problems of low efficiency caused by complex models or computational processes,as well as supervised collapse caused by training and testing sample distribution biases.This paper proposes an Aligned Prototype Network(APN)that includes internal and external alignment modules.This method first generates a category prototype based on a prototype net-work in a meta learning framework.The internal alignment module corrects the deviation of the prototype in the sample distribution space through the prediction loss of the support set.The external alignment module embeds the prototype into the distribution space of the query set by comparing the similarity between the pro-totype and the query set samples,generating a dynamically corrected category prototype and enhancing the dynamic adaptability of the prototype under different distributions.APN improves the training process of the model without adding additional parameters and network structure,maintaining fast detection while improv-ing classification performance.The experimental results on the CIC-FS-IDS-2017 and CSE-FS-IDS-2018 da-tasets show that method in this paper achieves an F1 value of 98%,demonstrating a performance improve-ment of 3.37%～4.85%compared to other models,with a reduction of 89.12%～93.14%in running time.Additionally,this method exhibits stronger robustness,maintaining good performance even with more anomaly categories and fewer supporting samples.