Abstract
Detecting various attacks and abnormal traffic in the network is extremely important to network security. Existing detection models used massive amounts of data to complete abnormal traffic detection. However, few-shot attack samples can only be intercepted in certain special scenarios. In addition, the discrimination of traffic attributes will also be affected by the change of feature attitude. But the traditional neural network model cannot detect this kind of attitude change. Therefore, the accuracy and efficiency of few-shot sample abnormal traffic detection are very low. In this paper, we proposed a few-shot abnormal network traffic detection method. It was composed of the multi-scale Deep-CapsNet and adversarial reconstruction. First, we designed an improved EM vector clustering of the Deep-CapsNet. The attitude transformation matrix was used to complete the prediction from low-level to high-level features. Second, a multi-scale convolutional capsule was designed to optimize the Deep-CapsNet. Third, an adversarial reconstruction classification network (ARCN) was proposed. The supervised source data classification and the unsupervised target data reconstruction were achieved. Moreover, we proposed an adversarial training strategy, which alleviated the noise interference during reconstruction. Fourth, the few-shot sample classification were obtained by combining multi-scale Deep-CapsNet and adversarial reconstruction. The ICSX2012 and CICIDS2017 datasets were used to verify the performance. The experimental results show that our method has better training performance. Moreover, it has the highest accuracy in two-classification and multi-classification. Especially it has good anti-noise performance and short running time, which can be used for real-time few-shot abnormal network traffic detection.
Highlights
The problem of network security has become increasingly prominent as the network brings us a richer and faster life
A new classification network is designed based on the deep reconstruction classification network (DRCN) [12] network. It is called multi-scale Deep-CapsNet and adversarial reconstruction, which is used for few-shot sample attack detection
Section 2.1: abnormal traffic detection, Sect. 2.2: feature extraction based on capsule network, Sect. 2.3: few-shot sample classification based on sample augmentation
Summary
The problem of network security has become increasingly prominent as the network brings us a richer and faster life. When dealing with the problem of attack detection, the capsule structure increases the capacity of feature representation. It can more accurately deal with the complicated spatial position relationship. A new classification network is designed based on the DRCN [12] network It is called multi-scale Deep-CapsNet and adversarial reconstruction, which is used for few-shot sample attack detection. A three-dimensional multi-scale convolutional capsule is designed to optimize the Deep-CapsNet. In the end, the multi-level features of the few-shot abnormal traffic are effectively extracted. 1. The abnormal traffic detection, CapsNet network, and the few-shot sample classification method are introduced in Sect.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
