四川大学学报(自然科学版)2024,Vol.61Issue(3):3-14,12.DOI:10.19907/j.0490-6756.2024.030001
基于对齐原型网络的小样本异常流量分类
Aligned prototype network for few-shot anomaly traffic classification
摘要
Abstract
Anomaly traffic classification is a prerequisite for responding to cyber attacks and developing net-work defenses.The large amount of network traffic data leads to high analysis costs,and the small number of new anomaly traffic labeled samples makes classification difficult.Few-shot learning can effectively address this problem.However,few-shot learning based methods still face the problems of low efficiency caused by complex models or computational processes,as well as supervised collapse caused by training and testing sample distribution biases.This paper proposes an Aligned Prototype Network(APN)that includes internal and external alignment modules.This method first generates a category prototype based on a prototype net-work in a meta learning framework.The internal alignment module corrects the deviation of the prototype in the sample distribution space through the prediction loss of the support set.The external alignment module embeds the prototype into the distribution space of the query set by comparing the similarity between the pro-totype and the query set samples,generating a dynamically corrected category prototype and enhancing the dynamic adaptability of the prototype under different distributions.APN improves the training process of the model without adding additional parameters and network structure,maintaining fast detection while improv-ing classification performance.The experimental results on the CIC-FS-IDS-2017 and CSE-FS-IDS-2018 da-tasets show that method in this paper achieves an F1 value of 98%,demonstrating a performance improve-ment of 3.37%~4.85%compared to other models,with a reduction of 89.12%~93.14%in running time.Additionally,this method exhibits stronger robustness,maintaining good performance even with more anomaly categories and fewer supporting samples.关键词
异常流量/入侵检测/小样本学习Key words
Anomaly traffic/Intrusion detection/Few-shot learning分类
信息技术与安全科学引用本文复制引用
林同灿,葛文翰,王俊峰..基于对齐原型网络的小样本异常流量分类[J].四川大学学报(自然科学版),2024,61(3):3-14,12.基金项目
国家重点研发计划(2022YFB3305200) (2022YFB3305200)
国家自然科学基金(U2133208) (U2133208)
四川省青年科技创新研究团队(2022JDTD0014) (2022JDTD0014)
四川省科技计划项目(2022YFG0168) (2022YFG0168)
