CN116070137A - Open set identification device and method for malicious traffic detection - Google Patents
Open set identification device and method for malicious traffic detection Download PDFInfo
- Publication number
- CN116070137A CN116070137A CN202310102130.5A CN202310102130A CN116070137A CN 116070137 A CN116070137 A CN 116070137A CN 202310102130 A CN202310102130 A CN 202310102130A CN 116070137 A CN116070137 A CN 116070137A
- Authority
- CN
- China
- Prior art keywords
- data
- generator
- generated
- discriminator
- close
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Abstract
The invention discloses an open set identification device and method for malicious traffic detection, belongs to the technical field of malicious traffic detection, and aims to solve the problem that detection performance of a malicious traffic detection system is reduced when a new type of attack occurs. The main scheme comprises the following steps: generating an image which is more similar to a real sample by using a generator model with a label; the structure of the discriminator is improved to have two outputs: the discrimination score layer and the classification layer input the real image and the expansion image generated by the generator into the discriminator for countermeasure training; based on the score of the discriminant, the generator and the discriminant are mutually opposed, and based on the result of the classification layer, an open set recognition model is obtained through training. The implementation of the application introduces open set identification, which aims at correctly classifying known attack categories, and at the same time, can identify unknown categories.
Description
Technical Field
The invention relates to the technical field of malicious traffic detection, and provides an open set identification detection device and method for malicious traffic detection.
Background
With the rise and development of the internet of things technology, more and more devices realize network access, however, most of the internet of things devices adopt weak security measures, and great potential safety hazards exist. Network traffic is the primary carrier for information interaction and transfer in network space, and related studies indicate that the number of network devices will reach 754.8 billion in 2025 and that after 2022, a huge number of network devices will produce 4.8ZB of traffic each year. Therefore, the network traffic-based anomaly detection technology is used as an effective active defense technology in the field of malicious traffic detection, and by identifying the network traffic pattern, the anomaly traffic pattern and the attack behavior in the network traffic are discovered in time, so that the network traffic-based anomaly detection technology has important significance for maintaining the safety of the network space.
However, in the current research of the malicious flow detection system, the model is often performed under the assumption of a closed set, and it is difficult to adapt to the actual situation. In the process of training the model, no space is reserved for the unknown class, the model can wrongly divide the unknown class into one of the known classes, so that the classification accuracy of the known class is reduced, and meanwhile, the model also lacks the capability of coping with the new class, and omission is caused to the new attack class.
How to have higher recognition performance in an open-set environment, researchers have proposed some methods.
In document Towards open set deep networks, an OpenMax model is proposed, a Softmax layer is used to train a network by minimizing cross entropy loss, then the distances of the features of the training sample to the average feature vectors of their corresponding classes are calculated and used to fit individual weibull distributions for each known class, the feature vectors are redistributed according to the weibull distribution fit scores, and finally the Softmax layer is used to calculate the probabilities of the known and unknown classes.
In the document Generative OpenMax for multi-class open set classification, a conditional generation network is adopted to generate samples of unknown classes, and in combination with OpenMax, a G-OpenMax algorithm is provided, so that probability estimation can be performed on the generated samples of unknown classes.
The document Open-category classification by adversarial sample generation proposes an antagonistic sample generation framework (river-sarial sample generation framework) with which unknown class samples can be generated close to known class samples, and if necessary also known class samples can be generated to augment the known class data set.
But the above methods all use multiple models to implement open set identification and known class classification, which greatly increases performance consumption.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide an open set identification detection device for malicious traffic detection, which can solve the problem that a trained model is difficult to detect unknown attacks under the open set condition to cause performance degradation. Initializing a generator structure to have two inputs: the random noise and the random label are spliced together to be used as the input of the generator, so that the generator generates the generation data of the specified category; initializing a discriminator structure, and adding a classification branch with k+1 dimensions for the last layer of the discriminator to output the results of discrimination of unknown classes and classification of known classes, wherein k represents the number of attack classes in a training set; based on the discriminant score, the discriminant score of the generated data is closer to 0, and the discriminant score of the real data is closer to 1; for the generator, the generated data discrimination score is more approximate to 1, namely the generated data is approximate to the sample distribution of the real data; the data generated by the generator is used as the expansion of the open set data, and the classification layer can identify unknown data and classify known attacks according to the loss function.
In order to achieve the above purpose, the invention adopts the following technical scheme:
the invention provides an open set identification detection device for malicious traffic, which comprises the following modules:
a tagged generator module: the method comprises the steps of splicing randomly generated noise and randomly generated category labels to be used as input of a generator, so that the generator can generate the generated data of a specified category, inputting the generated data into the discriminator to obtain a discrimination score, wherein the discrimination score represents evaluation of the discriminator on real data and the generated data, and the discrimination score of the generated data is close to the discrimination score of the real data, so that the generated data generated by the generator is optimized, and the generated data is close to the distribution of real data samples;
a arbiter module with an auxiliary classifier: adding a classification branch with k+1 dimension at the last layer of the discriminator, so that the discriminator has two output layers: the device comprises a discrimination score layer and a classification layer, wherein the discrimination score layer generates true and false discrimination scores for input data, the classification layer classifies multi-category data and outputs unknown category discrimination and known category classification results, and k represents the number of attack categories in a training set;
generating an antagonism and opening set identification module: and judging the generated data and the real data generated by the generator according to the judgment score output by the judgment score layer of the judging device module, so that the generator and the judging device module are mutually opposed, and training together, wherein the pseudo data generated by the generator, namely the generated data, is used as the expansion of the open set data, so that the classification layer can identify and classify the unknown data and also can classify the known attack, and the open set identification monitoring model is obtained.
In the above technical solution, the specific implementation steps of the generator module with the tag are as follows:
s1: initializing a model structure of a generator, the generator having two inputs: random noise and random labels are used for generating various types of generated data, and model parameters of a generator are initialized through Gaussian distribution before training starts;
s2: and splicing randomly generated noise and category labels, inputting the noise and category labels into a generator together, enabling the generator to generate generation data of a specified category, optimizing the generation data generated by the generator according to the discrimination score of the discriminator, enabling the discrimination score of the generation data to be close to 1, namely close to the distribution of real data samples, and finally inputting the generation data and the real sample data into a discriminator module together.
In the above technical solution, the specific implementation steps of the discriminator module with the auxiliary classifier are as follows:
s1: defining a model structure of a discriminator, wherein the discriminator is provided with one input and two outputs, the generated data and the real data are input into the discriminator, and a classification branch with k+1 dimension is added to the last layer of the discriminator, wherein k represents the number of attack categories in a training set, so that the discriminator is provided with two output layers: discriminating a fractional layer and a classification layer;
s2: initializing a discrimination score layer of the discriminator to enable the discrimination score of the discrimination layer to be close to 0 for the generated data generated by the generator and close to 1 for the discrimination score of the real data sample;
s3: the classification layer of the discriminator is initialized to classify the generated data generated by the generator into the k+1st class, so as to realize the discrimination of the unknown class and the classification of the known class.
In the above technical solution, the specific implementation steps of the generating countermeasure and opening set identification module are as follows:
s1: based on the discriminator score of the discriminator module, the generator and the discriminator module are mutually opposed to each other for training together, specifically:
training the discriminant to make the discriminant score of the generated data close to 0 and the discriminant score of the real data close to 1 as much as possible,
training the generator to enable the generated data discrimination score generated by the generator to be close to 1, namely close to the real data distribution, so that the generator learns the real data distribution and the discriminator module has the capability of judging the true sample;
s2: the generated data generated by the generator is close to the data distribution of the real sample, the characteristic space is close to the real sample but different from the real sample, the generated data is regarded as expansion of open set data, a loss function is adjusted, the prediction of the open set data by the classification layer is k+1, and the prediction of the closed set data is k types, so that the classification layer can identify unknown data and classify known attacks.
The invention also provides an open set identification detection method aiming at malicious traffic, which comprises the following steps:
s1: initializing a generator structure to have two inputs: the random noise and the random class label are spliced together to be used as the input of the generator, so that the generator generates the generation data of the specified class;
s2: initializing a discriminator structure, adding a classification branch with k+1 dimensions for the last layer of the discriminator to obtain a discriminator module, and outputting the results of discrimination of unknown classes and classification of known classes, wherein k represents the number of attack classes in a training set;
s3: training the discriminant module so that the discriminant score of the discriminant is close to 0 for the generated data and close to 1 for the real data;
training the generator to enable the discrimination score of the generated data to be closer to 1, namely enabling the generated data to be close to the sample distribution of the real data; the data generated by the generator is used as the expansion of the open set data, and the classification layer can identify unknown data and classify known attacks according to the loss function.
In the above method, step 1 specifically includes the following steps:
s1.1: initializing a generator model structure, the generator having two inputs: random noise and random labels are used for generating various types of generated data, and model parameters are initialized through Gaussian distribution before training begins;
s1.2: and splicing randomly generated noise and category labels, inputting the noise and category labels into a generator together, enabling the generator to generate generation data of a specified category, optimizing the data generated by the generator according to the score of the discriminator, enabling the discrimination score of the generated data to be close to 1, namely close to the distribution of real data samples, and finally inputting the generated data and the real sample data into a discriminator module together.
In the above method, step 2 specifically includes the following steps:
s2.1: defining a module structure of the discriminator, adding a classification branch with k+1 dimensions for the last layer of the discriminator, wherein k represents the number of attack categories in the training set, so that the classifier has two output layers: discriminating a fractional layer and a classification layer;
s2.2: initializing a discrimination score layer of a discriminator module to enable the discrimination score layer to approach 0 to the discrimination score of the generated data of pseudo data generated by a generator and approach 1 to the discrimination score of a real data sample;
s2.3: the classification layer of the discriminator module is initialized to classify the data generated by the generator into the k+1st class, so that the discrimination of the unknown class and the classification of the known class are realized.
In the above method, step 3 specifically includes the following steps:
s3.1: based on the discrimination score of the discriminator module, the generator and the discriminator module are mutually opposed to each other for training together, specifically:
training the discriminant to make the discriminant score of the generated data close to 0 and the discriminant score of the real data close to 1 as much as possible,
training the generator to enable the generated data discrimination score generated by the generator to be close to 1, namely close to the real data distribution, so that the generator learns the real data distribution and the discriminator module has the capability of judging the true sample;
s3.2: the data generated by the generator is close to the data distribution of the real sample, the characteristic space is close to the real sample but different from the real sample, the data is regarded as expansion of the open set data, the loss function is adjusted, the prediction of the open set data by the classification layer is k+1, the prediction of the closed set data is k types, and therefore the classification layer can identify unknown data and classify known attacks.
Compared with the prior art, the invention has the beneficial effects that:
1. when generating data, the generator model commonly used at present often generates generated data similar to the distribution of various types of data, which can lead to larger input and output of the generated data and real data. According to the invention, by improving the structure of the generator, the splicing of random noise and random labels is used as input, so that the authenticity of the generated data is effectively improved; a common generator has only one input: random noise. The actual data has a variety of categories and, the data distribution of the different categories is different. Such generators and discriminators combat the generated data, which distribution may be both like this and like that. The random noise and the random label are spliced and input into a generator, and the discriminator is also provided with a classification layer. In the process of generating the countermeasure, the result predicted by the classifier is not only based on the discrimination score but also based on the value of the random label as close as possible, so that after the countermeasure training, the generated data is data like the random label.
2. The invention utilizes the generated countermeasure model, and the generated data can simulate the sample distribution of unknown class, can expand the characteristic space of known class, and is beneficial to the model to learn the sample distribution better;
3. according to the invention, through improving the discriminator network and adding branches in the last layer, the discriminator is provided with a discrimination score layer and a classification layer, the refusal of unknown classes and the classification of known classes are realized through the classification layer, the generation of countermeasures is realized through the discrimination score layer, and the performance consumption is greatly reduced.
Drawings
Fig. 1 is a general architecture diagram of the present invention.
Detailed Description
The invention will be further described with reference to the drawings and detailed description.
An open set identification detection device for malicious traffic detection, comprising:
a tagged generator module: GAN is generally composed of two parts: the generator and the discriminator are combined, and the generator continuously improves the quality of generated data through playing games between the generator and the discriminator, and the discriminator gradually enhances the capability of identifying that the sample belongs to authenticity. To further improve the quality of the data generated by the generator, noise and class labels are spliced together as inputs to the generator, thereby enabling the generator to generate the data of the specified class.
A arbiter module with an auxiliary classifier: adding a classification branch with k+1 dimensions at the last layer of the discriminator, wherein k represents the number of attack categories in the training set, so that the classifier has two output layers: and distinguishing a score layer and a classification layer. The discrimination score layer generates true and false discrimination scores for the input data, the classification layer classifies the multi-class data, and the unknown class discrimination and known class classification result is output.
Generating an antagonism and opening set identification module: and judging the data generated by the generator and the real data according to the output score of the judging score layer of the judging device module, so that the generator and the judging device module are mutually opposed and trained together. The pseudo data generated by the generator is used as the expansion of the open set data, so that the classification layer can identify unknown data and classify known attacks to obtain an open set identification model.
In the above technical solution, the specific implementation steps of the generator module with the tag are as follows:
s1: initializing a model structure, and improving the model based on a common generator model to enable the model to have two inputs: random noise and random tags, making it possible to generate various categories of generated data. Initializing model parameters through Gaussian distribution before training starts;
s2: and splicing the randomly generated noise and the class labels, and inputting the randomly generated noise and the class labels into a generator together, so that the generator generates the generation data of the specified class. And optimizing the data generated by the generator according to the discriminant score, so that the discriminant score of the generated data is as close to 1 as possible, namely as close to the distribution of the real data samples as possible. And finally, inputting the generated data and the real sample data into a discriminator model.
In the above technical solution, the specific implementation steps of the discriminator module with the auxiliary classifier are as follows:
s1: defining a model structure, improving a common discriminator network, adding a classification branch with k+1 dimensions for the last layer of the discriminator, wherein k represents the number of attack categories in a training set, and enabling the attack categories to have two output layers: discriminating a fractional layer and a classification layer;
s2: initializing a discrimination score layer of a discriminator to enable the discrimination score of the discriminator to be as close to 0 as possible to the pseudo data generated by a generator and to be as close to 1 as possible to the discrimination score of a real data sample;
s3: the classification layer of the discriminator is initialized to classify the data generated by the generator into the k+1st class, thereby realizing the discrimination of the unknown class and the classification of the known class.
In the above technical solution, the specific implementation steps of the generating countermeasure and opening set identification module are as follows:
s1: based on the discriminant score, the generator and discriminant are made to counter each other and trained together. When the generator generates data, the generated data discrimination score is as close to 1 as possible, namely close to the real data distribution; the discrimination score of the data generated by the generator is as close to 0 as possible, and the discrimination score of the real data is as close to 1 as possible and mutually counteracted, so that the generator learns the distribution of the real data and the discriminator has the capability of judging the true sample;
s2: the data generated by the generator is close to the data distribution of the real sample, and the characteristic space is close to the real sample but different from the real sample, so that the data can be regarded as expansion of the open set data. The loss function is adjusted so that the classification layer predicts k+1 for the open set data and k classes for the closed set data, thereby enabling the classification layer to identify unknown data and also to classify known attacks.
The invention also provides an open set identification detection method aiming at malicious traffic detection, which is divided into three parts of a generator module with labels, a discriminator module with an auxiliary classifier and a generation countermeasure and open set identification module, and mainly comprises the following steps:
s1: initializing a generator structure to have two inputs: the random noise and the random label are spliced together to be used as the input of the generator, so that the generator generates the generation data of the specified category;
s2: initializing a discriminator structure, and adding a classification branch with k+1 dimensions for the last layer of the discriminator to output the results of discrimination of unknown classes and classification of known classes, wherein k represents the number of attack classes in a training set;
s3: based on the discriminant score, the discriminant score of the generated data is closer to 0, and the discriminant score of the real data is closer to 1; for the generator, the generated data discrimination score is more approximate to 1, namely the generated data is approximate to the sample distribution of the real data; the data generated by the generator is used as the expansion of the open set data, and the classification layer can identify unknown data and classify known attacks according to the loss function.
Claims (8)
1. An open set identification detection device for malicious traffic is characterized by comprising the following modules:
a tagged generator module: the method comprises the steps of splicing randomly generated noise and randomly generated category labels to be used as input of a generator, so that the generator can generate the generated data of a specified category, inputting the generated data into the discriminator to obtain a discrimination score, wherein the discrimination score represents evaluation of the discriminator on real data and the generated data, and the discrimination score of the generated data is close to the discrimination score of the real data, so that the generated data generated by the generator is optimized, and the generated data is close to the distribution of real data samples;
a arbiter module with an auxiliary classifier: adding a classification branch with k+1 dimension at the last layer of the discriminator, so that the discriminator has two output layers: the device comprises a discrimination score layer and a classification layer, wherein the discrimination score layer generates true and false discrimination scores for input data, the classification layer classifies multi-category data and outputs unknown category discrimination and known category classification results, and k represents the number of attack categories in a training set;
generating an antagonism and opening set identification module: and judging the generated data and the real data generated by the generator according to the judgment score output by the judgment score layer of the judging device module, so that the generator and the judging device module are mutually opposed, and training together, wherein the pseudo data generated by the generator, namely the generated data, is used as the expansion of the open set data, so that the classification layer can identify and classify the unknown data and also can classify the known attack, and the open set identification monitoring model is obtained.
2. The open set identification detection device for malicious traffic according to claim 1, wherein the tagged generator module specifically implements the steps of:
s1: initializing a model structure of a generator, the generator having two inputs: random noise and random labels are used for generating various types of generated data, and model parameters of a generator are initialized through Gaussian distribution before training starts;
s2: and splicing randomly generated noise and category labels, inputting the noise and category labels into a generator together, enabling the generator to generate generation data of a specified category, optimizing the generation data generated by the generator according to the discrimination score of the discriminator, enabling the discrimination score of the generation data to be close to 1, namely close to the distribution of real data samples, and finally inputting the generation data and the real sample data into a discriminator module together.
3. The open set identification detection device for malicious traffic according to claim 1, wherein the discriminator module with the auxiliary classifier comprises the following specific implementation steps:
s1: defining a model structure of a discriminator, wherein the discriminator is provided with one input and two outputs, the generated data and the real data are input into the discriminator, and a classification branch with k+1 dimension is added to the last layer of the discriminator, wherein k represents the number of attack categories in a training set, so that the discriminator is provided with two output layers: discriminating a fractional layer and a classification layer;
s2: initializing a discrimination score layer of the discriminator to enable the discrimination score of the discrimination layer to be close to 0 for the generated data generated by the generator and close to 1 for the discrimination score of the real data sample;
s3: the classification layer of the discriminator is initialized to classify the generated data generated by the generator into the k+1st class, so as to realize the discrimination of the unknown class and the classification of the known class.
4. The open set identification detection device for malicious traffic according to claim 1, wherein the generating countermeasure and open set identification module specifically comprises the following steps:
s1: based on the discriminator score of the discriminator module, the generator and the discriminator module are mutually opposed to each other for training together, specifically:
training the discriminant to make the discriminant score of the generated data close to 0 and the discriminant score of the real data close to 1 as much as possible,
training the generator to enable the generated data discrimination score generated by the generator to be close to 1, namely close to the real data distribution, so that the generator learns the real data distribution and the discriminator module has the capability of judging the true sample;
s2: the generated data generated by the generator is close to the data distribution of the real sample, the characteristic space is close to the real sample but different from the real sample, the generated data is regarded as expansion of open set data, a loss function is adjusted, the prediction of the open set data by the classification layer is k+1, and the prediction of the closed set data is k types, so that the classification layer can identify unknown data and classify known attacks.
5. The open set identification detection method for malicious traffic is characterized by comprising the following steps:
s1: initializing a generator structure to have two inputs: the random noise and the random class label are spliced together to be used as the input of the generator, so that the generator generates the generation data of the specified class;
s2: initializing a discriminator structure, adding a classification branch with k+1 dimensions for the last layer of the discriminator to obtain a discriminator module, and outputting the results of discrimination of unknown classes and classification of known classes, wherein k represents the number of attack classes in a training set;
s3: training the discriminant module so that the discriminant score of the discriminant is close to 0 for the generated data and close to 1 for the real data;
training the generator to enable the discrimination score of the generated data to be closer to 1, namely enabling the generated data to be close to the sample distribution of the real data; the data generated by the generator is used as the expansion of the open set data, and the classification layer can identify unknown data and classify known attacks according to the loss function.
6. The method for detecting and identifying the open set for malicious traffic according to claim 5, wherein the step 1 specifically comprises the following steps:
s1.1: initializing a generator model structure, the generator having two inputs: random noise and random labels are used for generating various types of generated data, and model parameters are initialized through Gaussian distribution before training begins;
s1.2: and splicing randomly generated noise and category labels, inputting the noise and category labels into a generator together, enabling the generator to generate generation data of a specified category, optimizing the data generated by the generator according to the score of the discriminator, enabling the discrimination score of the generated data to be close to 1, namely close to the distribution of real data samples, and finally inputting the generated data and the real sample data into a discriminator module together.
7. The method for detecting and identifying the open set for malicious traffic according to claim 5, wherein the step 2 specifically comprises the following steps:
s2.1: defining a module structure of the discriminator, adding a classification branch with k+1 dimensions for the last layer of the discriminator, wherein k represents the number of attack categories in the training set, so that the classifier has two output layers: discriminating a fractional layer and a classification layer;
s2.2: initializing a discrimination score layer of a discriminator module to enable the discrimination score layer to approach 0 to the discrimination score of the generated data of pseudo data generated by a generator and approach 1 to the discrimination score of a real data sample;
s2.3: the classification layer of the discriminator module is initialized to classify the data generated by the generator into the k+1st class, so that the discrimination of the unknown class and the classification of the known class are realized.
8. The method for detecting and identifying the open set for malicious traffic according to claim 5, wherein the step 3 specifically comprises the following steps:
s3.1: based on the discrimination scores of the discriminator modules, the generator and the discriminator module are mutually opposed and trained together, specifically:
training the discriminant to make the discriminant score of the generated data close to 0 and the discriminant score of the real data close to 1 as much as possible,
training the generator to enable the generated data discrimination score generated by the generator to be close to 1, namely close to the real data distribution, so that the generator learns the real data distribution and the discriminator module has the capability of judging the true sample;
s3.2: the data generated by the generator is close to the data distribution of the real sample, the characteristic space is close to the real sample but different from the real sample, the data is regarded as expansion of the open set data, the loss function is adjusted, the prediction of the open set data by the classification layer is k+1, the prediction of the closed set data is k types, and therefore the classification layer can identify unknown data and classify known attacks.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310102130.5A CN116070137A (en) | 2023-02-08 | 2023-02-08 | Open set identification device and method for malicious traffic detection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310102130.5A CN116070137A (en) | 2023-02-08 | 2023-02-08 | Open set identification device and method for malicious traffic detection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116070137A true CN116070137A (en) | 2023-05-05 |
Family
ID=86178319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310102130.5A Pending CN116070137A (en) | 2023-02-08 | 2023-02-08 | Open set identification device and method for malicious traffic detection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116070137A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117034124A (en) * | 2023-10-07 | 2023-11-10 | 中孚信息股份有限公司 | Malicious traffic classification method, system, equipment and medium based on small sample learning |
-
2023
- 2023-02-08 CN CN202310102130.5A patent/CN116070137A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117034124A (en) * | 2023-10-07 | 2023-11-10 | 中孚信息股份有限公司 | Malicious traffic classification method, system, equipment and medium based on small sample learning |
| CN117034124B (en) * | 2023-10-07 | 2024-02-23 | 中孚信息股份有限公司 | Malicious traffic classification method, system, equipment and medium based on small sample learning |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wei et al. | Heuristic black-box adversarial attacks on video recognition models | |
| CN113283476B (en) | Internet of things network intrusion detection method | |
| Chang et al. | Intrusion detection by backpropagation neural networks with sample-query and attribute-query | |
| Vu et al. | Learning latent distribution for distinguishing network traffic in intrusion detection system | |
| CN112560596B (en) | Radar interference category identification method and system | |
| CN111652290A (en) | Detection method and device for confrontation sample | |
| CN111901340A (en) | Intrusion detection system and method for energy Internet | |
| CN111783853B (en) | Interpretability-based method for detecting and recovering neural network confrontation sample | |
| CN113269228B (en) | Method, device and system for training graph network classification model and electronic equipment | |
| CN113127857B (en) | Deep learning model defense method aiming at adversarial attack and deep learning model | |
| CN115811440B (en) | Real-time flow detection method based on network situation awareness | |
| Jiang et al. | Interpretability-guided defense against backdoor attacks to deep neural networks | |
| CN116070137A (en) | Open set identification device and method for malicious traffic detection | |
| CN116633601A (en) | Detection method based on network traffic situation awareness | |
| CN113361474B (en) | Double-current network image counterfeiting detection method and system based on image block feature extraction | |
| CN113822377A (en) | Fake face detection method based on contrast self-learning | |
| Wang et al. | New adversarial image detection based on sentiment analysis | |
| Fatemifar et al. | Particle swarm and pattern search optimisation of an ensemble of face anomaly detectors | |
| He et al. | Adversarial attacks for intrusion detection based on bus traffic | |
| CN116260565A (en) | Chip electromagnetic side channel analysis method, system and storage medium | |
| CN115622806A (en) | Network intrusion detection method based on BERT-CGAN | |
| Amjad et al. | A novel deep learning framework for intrusion detection system | |
| CN114372529A (en) | Data middling station intrusion classification detection method based on improved XGboost algorithm | |
| CN113901810A (en) | Cross-domain false news detection method based on multi-representation learning | |
| CN112948578A (en) | DGA domain name open set classification method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |