机构地区:[1]School of Cyber Science and Engineering,Sichuan University,Chengdu,610065,China [2]CyberScience Research Institute,Sichuan University,Chengdu,610065,China [3]Chengdu Fengwei Technology Co.,Ltd.,Chengdu,610041,China
出 处:《Computer Modeling in Engineering & Sciences》2024年第7期929-955,共27页工程与科学中的计算机建模(英文)
基 金:supported by the National Natural Science Foundation of China(Nos.U19A2081;62202320);the Fundamental Research Funds for the Central Universities(No.SCU2023D008);the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129);the Key Laboratory of Data Protection and Intelligent Management(Sichuan University),Ministry of Education.
摘 要:Due to the rapid evolution of Advanced Persistent Threats(APTs)attacks,the emergence of new and rare attack samples,and even those never seen before,make it challenging for traditional rule-based detection methods to extract universal rules for effective detection.With the progress in techniques such as transfer learning and meta-learning,few-shot network attack detection has progressed.However,challenges in few-shot network attack detection arise from the inability of time sequence flow features to adapt to the fixed length input requirement of deep learning,difficulties in capturing rich information from original flow in the case of insufficient samples,and the challenge of high-level abstract representation.To address these challenges,a few-shot network attack detection based on NFHP(Network Flow Holographic Picture)-RN(ResNet)is proposed.Specifically,leveraging inherent properties of images such as translation invariance,rotation invariance,scale invariance,and illumination invariance,network attack traffic features and contextual relationships are intuitively represented in NFHP.In addition,an improved RN network model is employed for high-level abstract feature extraction,ensuring that the extracted high-level abstract features maintain the detailed characteristics of the original traffic behavior,regardless of changes in background traffic.Finally,a meta-learning model based on the self-attention mechanism is constructed,achieving the detection of novel APT few-shot network attacks through the empirical generalization of high-level abstract feature representations of known-class network attack behaviors.Experimental results demonstrate that the proposed method can learn high-level abstract features of network attacks across different traffic detail granularities.Comparedwith state-of-the-artmethods,it achieves favorable accuracy,precision,recall,and F1 scores for the identification of unknown-class network attacks through cross-validation onmultiple datasets.
关 键 词:APT attacks spatial pyramid pooling NFHP(network flow holo-graphic picture) ResNet self-attention mechanism META-LEARNING
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
